Okay, so I still don't have all the details, but I can still provide a bit more info.
Our digital ocean VPS that was hosting the wallets got deleted randomly, and the billing information was removed, etc.
Also, the BTC wallet transferred its contents out, but not from the application, seems that someone got access to the VM itself.
Access logs on the digitalocean account show that someone logged in from a Norway IP (that's not a TOR node), and a similar IP on the same subnet logged into the VM itself.
No idea who this was.
My 'partner' was the only person with the password to this DO account, so either it was him, or his personal computer had a targeted key logger of some sort?
It's all so odd - I've asked digital ocean for more info/logs, but they haven't gotten back yet.
Maybe it was a disgruntled DO employee that saw bitcoin related traffic coming from the VM?
The PTS wasn't touched, so I still have access to that, and will return it to its owners; I'm thinking most likely to make it most fair that I convert everyone's balances to PTS, and then reimburse everyone as best I can with what's left.
38 BTC were taken, I traced the payments, and they are now here: https://blockchain.info/address/1AKvP3NUmJQsfWXkTg6ZczURatKgAb2Cua
The address that they went through is this one: https://blockchain.info/address/14wQsMaKWAmTHrEMKamnzCJxaewnFWP7Tg
which also made a small payment (.01) the same day to this address: https://blockchain.info/address/15MJUSKnkbX3cprXfjNwAWsssTG59SXnvd
which looks like someone's personal address, as it's been receiving and sending payments since February. If anyone can shed any light on that, please be my guest.
The IPs that logged into the server were: 18.104.22.168, and .205, maybe a VPN, maybe someone's actual IP? I looked at the computer there, and apparently there is a Bitcoin node. If anyone feels like playing detective/hacker, please be my guest.
I'm of course incredibly sorry that this happened, and not that it does much good at this point, but it was clearly signposted that this was a beta.
If I learn more from DigitalOcean (which I should, because they are at the center of this problem) then I'll post back here.