Sentinel said that the coins were stolen because of a vulnerability in HitBTC’s mnemonic phrase.
Two Canadian nationals posed as HitBTC customer service representatives in order to steal a user's login credentials.
A pair recently-published bugs allow an attacker to create an inordinate number of ERC-20 tokens