The group behind this hack, called “Gonjeshke Darande", threatened to release Nobitex's full source code after they hacked and stole > $80m from the exchange. So apparently it seems like they have actually done that and made good on their earlier threat, as they have published the exchange's full source code, creating further risks for users of the exchange who still have funds in there.
https://cointelegraph.com/news/nobitex-hackers-reveal-source-code-after-100m-hackI wonder how many times source code of cryptocurrency exchange have been hacked. From quick search, it seems to be very rare occurrence since i only found news which state portion of Binance source code got hacked.
I'm still struggling to believe that that address is a burner address because to generate a wallet, a private key is needed as part of the process. Therefore I have the strong feeling that the sender have access to the wallet, unless I'm wrong, which I'm allowed to.
To generate legacy address, you just 20 bytes of arbitrary data. In normal case, it's hash of your public key. But to create burner address, the 20 bytes can be anything you want.
For curious reader, you can read more about it on
https://learnmeabitcoin.com/technical/script/p2pkh/#address.