As sad as the theft was, the other investors get diluted against the agreed upon terms by doing this.
Apart from the obvious fact that the team's credibility just received a massive hit after ignoring all the well-intended advice regarding token sale best practices meaning the token will most likely lose a good chunk of its value right from the start, this compensation scheme is also wide open to game theoretic attacks.
If the above promise holds true, the attacker can simply send ETH to the fake address from another sufficiently uncorrelated and seemingly innocent address they own and mint "free" CDT, effectively emptying the pockets of the investor's base via downwards inflationary pressure on the price. This has zero cost on them. They just get more CDT, the more ETH they send to themselves.
Also, there is no way to disprove this was an inside job which means that you can't restrict the "compensation" to contributions made before the announcement because the insider(s) could have taken that into account.