I really doubt Stamp has to resort to market buys to get that BTC. They probably can buy it in bulk from one of their partners. 19K is a lot, but not a crazy amount either.
I really wonder why you would put 19k in a hot wallet. Even when you have to transfer them to clients.
19k live ammo is a bit high.
I would have kept much better safety with those coins.
Yeah, agreed - no idea why they kept 19K in a hot wallet.
What follows is a Bitstamp Hot Wallet from taint analysis
This is guesstimated, from blockchain analysis only, so take it with a shovel of salt and a critical eye.
It's at best an under-estimation, as the taint will naturally not affect all change addresses and other things, though from experience on altcoins, it's not usually complete bollocks either
Hot Wallet guesstimated Balance
day received spent balance
01/01/2015 1,657.5 934.9 1,842.3
02/01/2015 2,778.2 2,553.8 2,066.7
03/01/2015 9,592.7 9,033.8 2,625.7
04/01/2015 18,614.2 21,122.9 117.1
05/01/2015 1,223.1 1,338.7 1.5
So apparently something happened on the 4th, either big external deposit(s) followed by larger withdrawal(s), or something that triggered a refill from a cold storage.
The hot wallet was then promptly cleared, with the high fee transactions that have been reported, though it's anyone's guess at this point if it was Bitstamp clearing it in panic mode, or a thief.
And below is recent guesstimated hot wallet history, the big bumps are (AFAICT) deposits from the large cold storage they created during their audit, so they're very likely artifacts more than real deposits. Those deposits were eventually compensated by withdrawals to likely cold storage addresses.
It shows Bitstamp aimed to keep between 500 and 2000 BTC in their hot wallet, so the hack occurring just after or during a "bump" to 20k BTC is suspicious.