Too early to be happy, seems like the attacker found their way in and is still around on Matrix's infrastructure.
The attack has proven themselves to have shell access on their synapse instance, which is definitely bad. It means that all user accounts are compromised and have to be reset.
There will go a lot of efforts into figuring out the details and fixing the vulnerability.
Meanwhile, send some love to the people behind matrix!