They return their loot because there is a big chance that they can be traced because of the mistakes they did, depositing some of it on a centralized exchange in which they can be identified through their ip address or even with their personal information. So that is their biggest mistakes and the only way to somewhat lessen the burden is to give back the money they stole and hide.
Even if they returned the funds they are already marked on the exchange where they sent the funds, and we all know Crypto companies have interaction with each other, I'm hoping they will still continue the pursue, trace these people and charge for hacking even if they returned the funds, they already committed the crime let the court decides their fate.
So Code is not Law? A Smart Contract which is hacked can be seen as a Smart Contract with rules validating and allowing some operations, don't you think?