A post mortem on this exploit if you're curious. The attacker paid a hold invoice as expected, but force-closed the channel immediately on first confirmation of the funding transaction, which is very much not expected. That basically broke the signalling chain such that publsp expected an 'OPEN' status but it never got it since the default number of confirmations for the LN implementation to send the 'OPEN' is 3. So the preimage needed to settle the invoice was never released. That's the second problem. The preimage needs to be released in order to actually claim the attacker's payment, but persistence was in memory only, and after the dust settled on what happened, the preimage was effectively gone, thus dashing any hope of claiming the lost funds. The HTLC will have expired and the attacker will have walked away with the pushed funds.