Coinflow What do you think about?
At least that's a long story, and it sounds not impossible. The most important statement in that text is this:
My point? Even the most secure systems can be circumvented with enough time and ingenuity.
That's what I say, too. Just think of all the hacks of BTC-exchanges in the not so far past (e.g. BTC-e). We don't have detailed information about all those, like we have here. And even if, for many it is simply an inside-job and they are done with it and move on.
But: may BTC and all its derivates be insecure somehow, but no one really wants to talk about this eventuality, even if it is only because they can't imagine this? Or because they all are too much involved and/or invested into cryptocurrency, so that it simply "must" be ignored, in order to avoid high personal losses? Can SHA256- and scrypt-encrypted private keys (and others like X11 etc.) easily be decrypted by someone who REALLY knows? What about governmental forces/resources (see: time and ingenuity above; add money to that equation) that are being utilized to protect conventional currencies? Sounds unbelievable, but many things sound unbelievable - until they happen or become true. All hypothetical, true, but never say never.
Hackers have always found a way to breach even the most secure systems. And someone who has the knowledge to break the security of cryptos (only think of possible poor randomness-problems when creating a private key) would be a very rich man or woman, so why would he/she share how to do that (if not a
white hat)? He could steal thousands of BTC (or LTC, DOGE etc.) only by grabbing some here and a few days or weeks later some there, all without really scaring the cryptoworld too much. The personal losses of the single individuals (and exchanges, too) would be pitied and bemoaned, but life moves on and some weeks later it is already forgotten - only the victims are left with their loss and the exchanges want to carry on with their business (if even possible after a theft), so don't want to talk about that further anyway.
Back to Allcrypt:
They have not mentioned the possibility of a man-in-the-middle-attack. Maybe someone at the email-provider had prying eyes? Maybe he connected in an internet-café via his laptop/cellphone and even if using SSL/TLS, there was a redirection via an unsafe proxy or such and the one running the hotspot or someone else in the chain was grabbing information ...? Maybe someone at the hoster where Allcrypt.com had all its infrastructure was not reliable? All possible.