If it was an RNG attack - then it could be used on their cold storage as well as on their hot wallet. If the attacker can predict the private keys - then the fact that these keys are stored on something detached from the internet does not make any difference.
I think the same , it was not an attack to their how wallet but a problem with the generation of the various addresses.
On their homepage :
https://www.bitstamp.net/