ERC20Permit & gnosis safe

Hi there,
This gnosis safe (0x4B64F382aa063C07F1C55Cf53c66ccE3b6fD0bb0 - 3/5 signatures required) just got emptied from its token treasury.
TX scan:

The token contract is using ERC20Permit from the OpenZeppelin library. Other than that, it is a standard ERC20, I believe all contracts are from OpenZeppelin.

I can think of 2 things so far, either:

  • 3 compromised keys;
  • a flow in the ERC20Permit, allowing to approve another contract to transfer the token through the permit function; Could that be possible?

It's late here so maybe I'm missing something entirely! Will greatly appreciate any help.
Thanks in advance.