That's why I suggested a paper wallet with offline-generated keypairs.

Bitcoin isn't ready for prime time, agreed. But it's still here.

What happened exactly?

How much did you lose (if you don't mind saying)?

How long was it before you noticed?

Do you think you were (a) individually targeted as a BTC holder, or (b) do you think someone was port scanning the Internet and stumbled onto you?

If (a), how did they know you might have BTC? If (b), is it actually commonplace for automated attacks to seek BTC wallets these days?

About 4 BTC in my case, but many people lost a lot more. I was definitely not individually targeted, and definitely did not make any of the usual novice mistakes. Since the Synology NAS systems are commonly used as backups for small and medium-level enterprises, they were (and are) exceptionally high value targets. In my case, I had a root exploit in the OS that allowed all kinds of malware to be installed by anyone who cared to scan the Internet at large for systems on port 5000.

Most of the publicity centered around trojan miner applications, but the same issue also exposed the entire file system. So, searching the exposed file systems for wallet.dat files was a trivial and obvious free lunch for the crackers, much more so than mining.

In retrospect, I think the biggest mistake was using the same port for things like the security camera server that is used for remote administration. Taking the time to learn how to use a nonstandard port would probably have kept this particular system safe. I can't blame Synology, really... just a bad threat assessment on my part. My thinking was that keeping the wallet.dat file off of any Internet-accessible Windows boxes would provide enough "security by obscurity," but we all know how that story usually ends.