Just wanted to add to Virwox's reputation. I woke up this morning, to see the BTC in that account not there. I messaged support and within 1 hour I was refunded. Here is the email:
Hello,
here is what has happened:
Similar to other exchanges, our servers are protected from DDOS-attacks by an external service provider. While our own servers themselves were not vulnerable to the "Heartbleed" attack, the proxy servers of the DDOS provider were. They have fixed the problem already and we have turned on the service again.
The good news is that our own server was NOT hacked, and none of our secrets or bitcoins were stolen. However, the attacker was able to get to the session cookies of in total 20 users who were logged in yesterday (between about 8am and 11am), and used this to try to withdraw the money they had in their account in the form of bitcoins.
The hacker was able to withdraw 0.8 BTC from your account (BTW, this would not have been possible if you had Multi-Factor-Authentication turned on).
However, we value your business, and also we have the reserves to cover your loss out of our pockets. I have therefore credited the 0.8 BTC back to your account.
Even though the hacker has not used your password, I suggest you change it (you never know). Also, we strongly recommend to turn on MFA to avoid similar problems in the future.
Greetings,
VirWoX Support
Virwox is great. It's a little pricier than most bitcoin exchanges (I probably pay total 8-9%) but I get coins within an hour, and it's reliable as hell.