The announcement said that these two machines had been taken offline for analysis; a major proportion of the remaining infrastructure machines was also taken offline as a precautionary measure.
FreeBSD is one of three open-source operating systems that are based on BSD, a version of UNIX, that was developed at the University of California, Berkeley, mainly by Bill Joy, in the 1980s.
The project said the compromise was believed to have taken place through a leaked SSH key from a developer who had legitimate access to the two hacked machines.
"However the FreeBSD Project is taking an extremely conservative view on this and is working on the assumption that third-party packages generated and distributed within a specific window could theoretically have been modified," the announcement said.
A system running no third-party packages that had been updated between September 19 and November 11 was safe, the project said. But the integrity of any third-party packages installed between these dates could not be guaranteed.
Detailed instructions for developers have also been released.