I see they rejected the checkpoint someone did a pull request on earlier. The "current chain" the exchanges are relying on are, I assume, the one full of the blocks from the attacker...
So the devs are active but either not aware of the problem or actively working against a fix? Not making me feel any better...