I'm not entirely sure about this, but "the word on the street is" the forum was using an older version of OpenSSL which did not have the heartbeat extension so we were not vulnerable.

The SSL certificate has not been updated either, which would also point to this being the case as theymos would have certainly replaced it should the forum been vulnerable to heartbleed.

Also, just to correct your post, while LastPass was vulnerable to heartbleed the attack was useless as all LastPass data is client-side encrypted, meaning an attacker still could not read your data.