Never attribute to malice that which can be explained by incompetence. A small-ish exchange, run by a small number of developer-employees, with limited computing assets. I can easily see someone making the argument that moving cold wallets to an encrypted, offline company machine would (1) free up resources that could be used elsewhere and (2) would make a less obvious target for hackers. Follow that up with no backups -- because let's face it, most individuals and probably a lot of small businesses have no backups -- and voila: you get a bus factor of 1.
jobigoud|7 years ago