https://twitter.com/pacpoker/status/1094814265981190145?s=19
This was 3 months ago. And he didn't make the glitch public, which said he will do.
Furthermore the 2FA is checked server-side. So technically it is not possible to bypass 2FA by manipulating the client (in this case: the iOS app).
IMO this was just a bad joke. And far away from being a 'source' to the statement that binance had a security breach.
I agree, as per Binance they said the hackers was able to obtain 2FA and Google authentication through phishing attack. So there's no way that Binance itself can see if indeed it was from the hacker because they were able to get entry through right channels.