You're operating in an unregulated market. Your legal protections for when someone outright steals your money are much weaker. You might be able to sue them... if you could get to Poland. Not only is your market unregulated, you don't share a jurisdiction with the "bank" unless you live in Poland.
So it's not the only way of profiting legally as much as it's the only way of profiting ethically.
I don't think this particular case was malicious, but I think people are vastly underestimating their risk exposure to a malicious exchange. Thankfully, the bad guys seem as incompetent as the people running bitomat.
If it's a scam, lying about losing the file is useless, since all the BTC transactions are publicly logged. You can just input their address(es) on the Bitcoin Block Explorer and see if any of them are being used.
Of course, that doesn't mean you'll have any legal recourse against them.
The addresses being used don't necessarily indicate the exchange owner was lying. An enterprising AWS engineer might have been able to recover the wallet somehow. At a value of $200,000+ USD it'd be worth looking for.
You're operating in an unregulated market. Your legal protections for when someone outright steals your money are much weaker. You might be able to sue them... if you could get to Poland. Not only is your market unregulated, you don't share a jurisdiction with the "bank" unless you live in Poland.
So it's not the only way of profiting legally as much as it's the only way of profiting ethically.
I don't think this particular case was malicious, but I think people are vastly underestimating their risk exposure to a malicious exchange. Thankfully, the bad guys seem as incompetent as the people running bitomat.