"A few more hours and we have a answer to everything in its entirety. But we also have very good news. We are deploying the new market where everything is fixed earlier then we wanted e.g not feature complete. But what can we do :( The IP leak is true. That was one of our test servers. But we killed everything already and besides some fresh loaded but now worthless virtual credit cards nothing is left :( Apparently we had a traitor in our midst. The person doing various tests for us after each new version. Looks like he sold this info to the highest bidder. But encryption worked. Manual as automatic. Our system does now allow for an code changes inside read-only containers besides a signed push from our servers.
But yeah, we fucked up here. Gotta admit that for sure. But we'll make very good on this within 24hours, I hope.
EDIT: Support will fix issues soon again. And we are waiting for a fresh btchost to complete syncing before we process payments again. But that should be only max 10-12 hours. Usually we have emergency machines around but we decided to burn everything for the redeployment." -DHL Admins.
//MY PERSONAL OPINION :
Seems like a fair explanation, they were building market 2.0 and had this second server for testing purposes, seems fair to me. DHL did nothing wrong there, they had a few XSS blatant issues but they never said "we have no problems" it was just WombatCombat being ridicolous and saying dumb crap not DHL; that's their statement for now. Will update later.
Thank you /tom and "thank you" pelichan. We could've just waited for DHL answer instead of all this drama.
Testing server should not have had any exposure to the clearnet. You don't need to run a market to know that.
Also in my opinion I don't know if I trust them. They could have given us some clarity so much earlier if this account was true.