Comment by w_TF

Have to wait for a post-mortem, but there was some speculation from Ben earlier in his spaces.

They used a gnosis safe which is a smart contract multi-sig wallet that is pretty much the gold standard for Ethereum.

They believed that all of the signers' pcs were hacked and that the UI for signing was staged with a fake element to make it appear like a normal transfer.

They were signing with hardware wallets, but it's hard to verify what you're signing from a ledger typically.

What they ended up signing instead was an upgrade to the smart contract giving control of the gnosis safe to the hacker who then drained it.