This is really ridiculous. I always had a doubt that they can get easily hacked as most of their balances lie on one account and now they have been hacked and I have some balance there. IT's been 10 hours and they have yet done nothing to stop it.
Targeting the DNS is a pretty interesting attack. More than anything, this shows the weakness of relying on centralized domain service. App developers are at the mercy of the ICANN domain cartel and Certificate Authorities.... at their own peril. Decentralized DNS will definitely be a game changer.
The reason this attack works on a decentralized exchange is because users import their private key directly into the interface. It wouldn't work on a centralized exchange because phished login credentials don't provide access to any valuable private keys. This attack is basically a variant of the "fake website" phishing attack that targets all the centralized exchanges.
I hope the solve this problem before all the accounts are affected. I won't try to withdraw my tokens and will wait till I get a confirmation from them.
Accounts/keys were not compromised by the DNS hijacking. What's happening is that people are landing on a phishing website and importing their private keys. The tutorial linked in the OP explains how to safely recover your tokens if you don't want to wait for an announcement from Etherdelta.