Maybe the agencies that he used were able to track down the scammer and force him to return the bitcoin back to the victim since you can't reverse an already confirmed bitcoin transaction. Bitcoin is not centralised like those shitcoins, which the developers can freeze and reverse transactions.
Exactly. Even if those recovery agencies manage to find out who the hacker is but he already sent the coins to his own wallet, then there is no way to get the coins back if je refuses to hand them the wallet’s seed/private keys.