RAID only protects against drive failure, if the database was deleted from the server then it would have been deleted from all drives at the same time. If this was a dedicated server (rather than a virtual server) then the correct course would have been to switch the server off immediately upon discovering the deletion so that there was a chance of data recovery, but then switching off the server would also be the correct way forward upon detecting the hack as well.

From reading the various things said by the team I think these were a set of virtual servers probably on a shared provider (a mistake), what backups they might have had were minimal (a mistake), credentials seem to have been managed poorly (a mistake) the hack wasn't dealt with very well (a mistake).

Whilst I don't see enough evidence to call it an exit scam, there seems to be plenty of evidence of incompetence in how things were run and have been handled (why no announcement on twitter).

If things were setup correctly the hackers would have been unable to delete the backups and there would be a full audit trail on a separate server that couldn't have been altered, both simple things to achieve, both things that seem to be lacking.