Some victims of the attack admit to using weak passwords or forgetting to remove access tokens from old applications. Some believe (so far this is only speculation and the hypothesis has not yet been confirmed) that the reason for the leak of credentials was the compromise of the application
To restore the repository after the attack, it is enough to execute "git checkout origin / master", after which
find out via "git reflog" the SHA hash of your last commit and reset the attackers' changes with the command "git reset {SHA}". If you have a local copy, the problem is solved by running "git push origin HEAD:master --force".
Source: opennet.ru