If their website was indeed using wordpress and it got modified via a wordpress exploit - then perhaps the dev team may consider using "Wordpress Revision History" Function to see "Which wordpress user modified it" along with the "Timestamp" (assuming it was done via wordpress admin) and post the result here as a result of their findings, and for the "Page to Change" immediately after it was launched again this seems very strange as it would seem if they claimed it was an outsider that did it, they must have been fully aware of the exploit and no doubt they must have Tested it beforehand knowing what to change, again this can all be found in the Revision history through wordpress....

Changing text on a wordpress page (in this case the ETH address), one would simply do it via Wordpress admin panel, doing it via scripts or exploits or modifying the database would take 10x longer!