Maybe the hackers have made the false claim to attract people for buying Stake's Sendgrid email dump. Stake team has said that users funds weren't affected through this phishing attempt. We haven't seen any complaints in the forum about the fund loss after this phishing attempt. Now I have doubts about the hacker claim. Because, the hacker need login OTP code to access the account of a user, then they need the withdrawal OTP code to request for a withdrawal successfully. The hacker won't be able to withdraw user fund without having access to the user email.