they are actually selling a security advising/consulting with their product as well it seems -- at least that is what their website seems to glean to me
Odd, I'm not seeing anything regarding security advising/consulting on their website.
You can only idiot proof something so much. If BFX systems/networks/people are security riddled like swiss cheese, I don't see how BitGo could have stopped anything. If any company goes out of their way to put a gun to their head and pull the trigger, it doesn't seem there's much anyone can do. BGX has a horrible past with security issues. They have no company HQ and all of their people roam the world on privately owned laptops, configured with all the malware you can muster. They have zero opsec. They're a ticking time bomb.
Some can say that it should have been obvious when 120k coin goes out the door. Perhaps, but do you know what BFX daily volume was? How can 120k coin legitimately moved on Friday become 120k coin illegitimately moved on Sunday? Especially when all authentication, 2FA, IP filtering checks out?