Sounds like not so sophisticated hacking, just got admin/hosting access。
I wonder how much liability DigitalOcean shares, if truth has been told.
Edit: To send BTCs from wallet, as claimed by OP, admin/hosting account is not enough without knowing wallet password. Who on the earth is so sophisticated to do both?