Back when I was mining for a bit, the pool apparently let itself get SQL injected. WTF, SQL injection in 2011, seriously? I don't remember them admitting or denying it, but the passwords or their hashes were leaked in one way or another, which is a massive blunder either way. Then again, Gox also let that happen, so I guess Bitcoiners just didn't care about security then. That, or the pool just took the BTC themselves, I can never tell the difference.
www.bitcoinpool.com <-- debtor of ~2.8 BTC who never intends to pay. It didn't take long until I noticed, so the losses are on a level I can live with.
Destroyed BTC... I think someone locked 0.1 BTC into one of those crazily unstable Schildbach Wallets on one of these vendor-controlled phones without backup capability. I've been able to restore them when I made the same mistake with around 100 BTC. I had properly made a backup after generating the private key for Bitcoin. Yay for discipline, and yay for Nexus One vs the TPM-legacy crapware that are >90% of mobile phones.
Bottom line: Stolen < 3 BTC, endangered but recovered ~= 100 BTC, destroyed by people I know = 0.1 BTC. I think that's an acceptable record so far.
