Engineer who works on the hub firmware/software here. We haven’t seen any evidence of SmartThings hubs being compromised in this or other attacks and it would surprise me if SmartThings were in the first wave of devices being targeted by hackers for this initial wave since we follow basic security best practices.
From what I have read, most of the attacked devices in this and other recent attacks have been ones attached to the public internet where the system have either had known, unpatched vulnerabilities or default passwords that were never changed (like most defaults).
With that being said, we understand that SmartThings as a system and user’s hubs in particular represent a target for attackers as hubs have access to other devices in a user’s home in addition to being general purpose computing devices connected to the internet. Unlike some of the compromised system’s in the field today, the SmartThings hub is designed to receive (cryptographically signed) updates. This allows us to both deliver new functionality and also to patch security vulnerabilities that we or others discover that affect the SmartThings hub firmware.