timbowhiteThe Resolv hack: How one compromised key printed $23M
https://www.chainalysis.com/blog/lessons-from-the-resolv-hack/
You shouldn't have a key that controls millions/billions of dollars on a cloud service. It should be on an airgapped laptop that was purchased anonymously, has never been connected to the Internet, and only runs software that has been vetted and loaded onto it via a CD-ROM or some other comparable method.
If their coin requires a web service to process each transaction, then an offline key isn't very useful.
You can criticize their design, but you can't have a dude burning a CD-ROM every time someone wants some coins.