So there were "crypto and blockchain" organizations whose Digital Ocean accounts had been successfully taken over by the hacker/attacker.

I would bet the attacker would have gone after any larger / well-known ones first.

Another reason to get your coins off any exchanges.

If I remember correctly it was access to emails in MailChimp accounts of crypto companies. Their Digital Ocean accounts were not taken over.

Hacker gets emails from Mailchimp.

Hacker finds which emails are for "crypto and blockchain" companies and does password reset requests at Digital Ocean. Some of those attempts are successful. (Digital Ocean doesn't say how that was successful)

Hacker then has admin/root access to the "crypto and blockchain" hosts running at Digital Ocean.

At least that's how I interpret what I read.