If the hacker really thought he hadn't committed theft, he could have revealed his identity and sued the developers. My guess is he would have ended up in prison that way.
Since the hack, various small improvements have been made to Solidity, the Foundation hired someone to work full-time on formal verification, there's the new Viper language which is easier to verify, and the community has gotten a lot more serious about coding standards and security audits.
> he could have revealed his identity and sued the developers
TheDAO very explicitly states that you can't do this: "Your use of the Software does not, in and of itself, create a legally binding contract in any jurisdiction and does not establish a lawyer-client relationship. Your communication with a non-lawyer will not be subject to the attorney-client privilege and (depending on your jurisdiction) may not be entitled to protection as confidential communication."
Honestly, though, I have absolutely no idea what would happen in a legal case involving 'smart contracts', as I don't think there's any precedent involving treating computer programs as contracts.
> Honestly, though, I have absolutely no idea what would happen in a legal case involving 'smart contracts', as I don't think there's any precedent involving treating computer programs as contracts.
Smart contracts aren't legal contracts, though they may be evidence of the existence and content of one.
Of course, strictly speaking that's true of the written documentation of a contract, too.
That quote doesn't seem like good news for the hacker, since it seems to say the contract code is not a legally binding contract (and therefore doesn't govern legal ownership).
Since the hack, various small improvements have been made to Solidity, the Foundation hired someone to work full-time on formal verification, there's the new Viper language which is easier to verify, and the community has gotten a lot more serious about coding standards and security audits.