If there is a line in the smart contract that allows you to freeze funds, you will be able to do it even if the funds are in wallets. Otherwise, you will need to completely change the smart contract.

Generally, finding a vulnerability in a smart contract is not an easy so either your technical team has low technical knowledge or there is a possibility of an internal hack, in any case you need to study how the hack occurred to ensure that it does not happen again.