See now that's the interesting question.
Did the HF23 team get betrayed by an insider?
Were they hacked?
All that is known is that whoever transferred those coins had access to the private active key and they used it to sign a transaction to Bittrex.

There could easily very well be an exploit on one of the frontends that was used during this process. In the transaction comments to Hive account@community321 it says Hive account@anonsteem was used to create the account. A hacker could have also traced the IP address of the specific computer that created the account and tried to hack that computer directly.