The hackers did not compromise the one-time password system itself, but instead did remote control on machine that is already logged in. Also this article demonstrates the one vulnerability of two-factor authentication. The system needs to be completely locked down or you can run any malicious software after legitimately authenticating into the online bank like happened here. Doing this in WoW is whole lot harder since it's hard to remotely access somebody's game without them noticing it, and do it in a way which by-passes Blizzard's Warden. I'm not saying it's impossible, but it is much harder.Originally Posted by Deng
If the online bank in question would've used bit stronger security (asking for the 6-digit code for each transaction separately) this wouldn't have succeeded. And no, it's not a problem for even big corporations who could just do a batch transaction and authenticate whole batch at once, as long as they have enough security in place to verify the integrity of the whole batch.