The service was fine, it was the "official" hosted instance of the service which was compromised. IA appears to be running their own instance.

That was a DNS hack of polyfill.io though right? This looks like it was/is self hosted.

Yeah I'm getting this exact response from the above URL now:

https://sourcegraph.com/github.com/polyfillpolyfill/polyfill...

Seems like they self hosted that service