Fully agree with you, this "MetaMask hack" looks super weird. In their statements, EasyFi devs were indicating it was a target attack, but who knew they had such vulnerability? I may have miss the info, but it seems like an insider job.

I am glad I didn't invest anything in EasyFi (I was considering to do).