Instead of using passwords and seeds (which need to be stored centrally and can be stolen), Clef uses public-key crypto to log users in. That means that most hacks against a Clef-protected account are completely impossible (you can see more at getclef.com/security). If Clef is hacked, we only have the public keys and so there’s nothing for an attacker to steal or use against the user.
No need to grab public keys, this part is attack-resistant. But if Clef server is hacked and the OAuth code on Clef side is changed by attacker then the he would have a possibility to log into ALL of the integrated sites until the breach is closed. With a good planned and scripted attack 10 minutes would be enough to steal millions from those who rely solely on confirmation from Clef to find out user identity.