It’s more than this no? I think the attacker substituted their own ECDSA verify function contract because the load call didn’t check it was the system verifier?

Seems like it accepted a point to the verification function from the thing it was supposed to be verifying?

Isn't it in line with what the parent comment said? (Though in a simpler manner)

That's simply wrong. Stop copying random stuff from Twitter.

Several others here have explained how the attack actually happened.