I'm going to list everything I know as of right now and what to do from here.
Last contact with myself from Admins was Sunday 26th November. It was stated that they were aware of some withdrawals failing to process and it will be looked into and staff were given limited access to an old version of the help desk, just so tickets could be answered temporarily whilst new fixes were added.
Monday 27th November help desk went down as it seems it was only configured correctly on the aerogucked prefix url, so once the DDOS targetted that (which was being used as our new main URL) support tickets were then stuck once again so the queue was only marginaly cleared at that point.
Tuesday 28th November, the test environment for the market was updated with new fixes (no word from admins, devs had sent changes to them on Monday though and briefly spoke to them).
Thursday 30th November, I made 15 withdrawals (BTC) in total, 5 of which totalled $200, the other 10 were 1BTC each. All of the $200 transactions made it into the external wallet address. 4/10 of the 1 BTC withdrawals were received.
After speaking to devs regarding us being hacked, which I have been thinking of as a possibility, they said there is no chance after checking all the logs they have access to. The hot wallet for the market still stands at the correct total and any missing withdrawals were simply not processed, the bug cannot be identified which is causing it until the main Admin who has access returns.
Hacking claims are completely false considering a few points from what has been claimed:
If the so called hacker had root access to the server, good on them, that's more than the rest of the active staff, but false. You would not need to access any accounts to make individual withdrawals or "redirect" withdrawals in any way, so clearly they don't understand anything about how market systems work in general or Bitcoin for that matter. They also mentioned that the BTC is converted into XMR or something along them lines, they don't know the first thing about what they are talking about.
How anyone believed any of these claims is remarkable, none of the posts make logical sense in terms of how servers, bitcoin or websites work.
PGP 2-FA is hard coded into the system, it can't be disabled by anyone unless the actual code is disabled, which each listed vendor can confirm, that they haven't experienced their 2-FA being disabled at any point in time. Once again, if they had any sort of root access they wouldn't need to do this.
We have a log of failed withdrawals, so this can be immediately handed over to Admins to process if and when we get in contact with them.
You can assume all of the claims by the "hacker" that have been made are false. I will be updating with anything I can, I see one of three outcomes from this point:
Admins re-emerge within the next few days and withdrawals are all processed, the remaining bug fixes are pushed and support queue can be cleared, business as usual with a lack of trust from this point which they can see if it is viable to continue or shut down.
Admins don't return and the market continues to run as a ghost ship, withdraw as much as possible in small amounts and remaining staff can provide anything possible over the forums.
Admins shut down the market and take everything. I don't think they would do this based on their beliefs, but this has been seen elsewhere so many times.
I would advise to withdraw small amounts, as much as you can right now. Vendors go into vacation mode and I'll provide any new updates as soon as possible.
TL;DR I'm in the dark as much as you at this point, but the market wasn't hacked and no one is getting doxxed.
This is some wild stuff.