That is a pretty poor response, the IOTA team doesn't seem to know how cryptoanalysis works. Theoretical attacks usually are found first, then specialized attacks like the chosen message one shown here, then more general ones. Cryptoanalysis takes time, and it is best to fix your system when you still have time and not wait until a full, generic, attack is known.
The first rule of hash functions is "Don't write your own hash function" writing cryptographically secure hash functions is hard, and even expert researchers get it wrong as often as they get it right. Better to use one that has been analysed already than coming up with your own.
[+] [-] lorax|8 years ago|reply
The first rule of hash functions is "Don't write your own hash function" writing cryptographically secure hash functions is hard, and even expert researchers get it wrong as often as they get it right. Better to use one that has been analysed already than coming up with your own.