Really irresponsible of them to have run vulnerable.
Worth noting that despite their claim that it's a protocol flaw, it's actually not. They are deflecting blame just like mtgox
Everyone on reddit and r/bitcoin is claiming that this is a huge scam by the owners. I don't know enough about bitcoin and Sr2 to have an opinion one way or the other, but the entire situation seems a bit shady.