CertiK has issued a statement about the incident, saying their investigation indicates that the breach is a large scale ongoing attack that deploys social engineering through Calendly, a scheduling app.