I just reread all the facts, yes it was Bitgos responsibility to avoid to sign such a transactions. First I thought they used the backup keys to sign the transactions. So the insurance should cover it. After that I just didn't understand how Bitgo could allow those transactions.
I really want to know more about the whole story, because there are a lot of open questions.