pull down to refresh

There was the November attack on his server at his hosting facility. That's what the article is describing.
Then there was the December 31st/Jan 1st discovery that funds had just moved. These two events are likely related, but the funds stolen were not kept on that exploited server.
It is still unclear how the attackers jumped from Luke server [at hosting facility], to Luke Workstation [at his home] (or vice versa).
Luke confirmed that his Workstation [at his home] was likely compromised,
This article only addresses the server compromise, not how the funds kept on his workstation/device(s) [at his home] were accessed.