I think you should try to understand the meaning of hacking itself first:
The activity of using a computer to access information stored on another computer system without permission, or to spread a computer virus:
This means, that while you're accessing someone's information you need to gain permission from the owner. Can they give the permission or not, the permission can be granted before or after (As long as for the good things of the owner itself, without taken advantage from your activity).
Back to the topic.
Why stealing btc from someone's private key is seen as malicious?
In this question, you question stealing right?
Based on your question, we already have get the answer. Since is stealing, meaning that the private key of that victim is not compromised to the public but compromised by one person or group while he got targeted accessing information to his device without his authorization. Before you get a suspect is also need several inspect first, how the hacking activity is leading to you.
If they cannot prove that and the court decides not to have enough proof, then you're free (Even though we all know you're the suspect hacking) to go unless you tell by yourself you're hacking them. But that's how the law work, everything is based on investigation and statement from both sides.
The smart-contract question is also the same, even if they paid the audit. All activity is based on the law & regulations of each country, every people have no right to accessing, modified someone's information, stuff, etc without permission from the onwer.