🧵 2/4: Internal investigation reveals a customer support staff member as the point of access. Hackers used fraudulent Google sign-in page to execute password reset. Only cryptocurrency-related accounts were targeted.