The fraud, in order to be committed, required someone to FALSELY claim to GOX (or another exchange) that their coins were never sent, when they actually were. They would need GOX to MANUALLY re-send those coins, in the hopes of receiving them twice.
Now we are getting somewhere.
Let's say person X (attacker) claimed BTC 666.696969 from Gox. The same person X needed to claim exactly the same amount (BTC 666.696969) from Gox a week or two weeks later, right?
Is it really so hard to run a query on blockchain data to identify such transaction pairs, initiated from addresses that once had a fairly high value of ''total received'' (indicating they were exchange address) and sent the same amount twice within a certain period of time?
-------------------------------------------------------------
If someone identifies such pairs, then we might at least get the idea of the maximum possible theft / fraud / scam threshold.