Source (in Ukrainian):
http://mvs.gov.ua/ua/news/18175_Kiberpoliciya_vikrila_cholovika_u_vikradenni_elektronnih_koshtiv_z_kriptogamanciv.htmMy short summary:
The suspect worked in some unnamed crypto exchange based in Britain as tech support worker. He was targeting accounts of inactive users without 2FA installed, he was changing or adding recovery emails to those accounts, which allowed him to reset passwords and steal all user balance. The police estimates that he stole 720,000 UAH this way (~26,000 USD). The suspect was spending stolen money on gambling.
This should be yet another reminder to never store coins online for long term, and always use strong 2FA on your account and your email.