That's a good question, I've asked myself the same thing. I don't think that info's been made public, so it's all just speculation right now.

I watched a video yesterday by an Brazilian YouTuber who's into info security and he's a Bitcoiner. He was saying it might have been an exploit using an old, known vulnerability in the primary key generation where the entropy was low, apparently only like 32 bits.

I can't explain it properly either, but it seems like they managed to figure out what software was used to generate that wallet's private key, and then they just did a brute force to find the actual key.