I have been following his thread on Twitter and it’s scary what he discovered. Apparently there were some people whose cold storage and hardware wallet funds were also drained. And he still can’t find the flaw.

Many ETH ICO tokens which were never moved were also stolen and these were OG unlike new retail users. Only thing I can think of is the last pass hack and they kept their seed hosted there. Since the hacks started around that time.