Right, here is a VC backed company with Bitcoin developers and "with specialisation in information security" CTO on board who own and operate a service that got hacked. And you think that it is all fault of a 17 yo who they have hired and who was an employee and later got effectively fired.
Good luck convincing any judge or anyone with a modicum of common sense.
Your post is so hindsight is 20/20.
It is bad practice to make sudden disruptive changes overnight to a production system. Instead the theory was a very gradual replacing of the system while observing changes. Bitcoinica was already very fragile. I still think that was a good decision.
I think what people are having trouble with is the idea that you didn't expect another attack using a similar method to the one which was used the first time around and that no-one ensured that the new hosting service you chose had a way to lock an attacker out in the event of an intrusion. Those things seem like massive oversights for people whose reputation is one of being security specialists. It seems like changes to prevent further attacks are
not something which should have been implemented gradually - they're something which should have been a top priority given how often further attacks (whether by the same person or by others) occur following an initial successful intrusion .