What you can do is blacklist the address of the hacker and hope the rest of the ecosystem follows that, but even this measure hasn't always been effective looking back at how hackers have successfully spent or sold their coins.
blacklisting outputs has worked before for tether because it's so centralized. most outstanding USDT is held by a handful of exchanges, so its relatively easy to achieve consensus change, at least if done quickly.
in november 2017 an attacker managed to steal $31 million in USDT from the tether treasury. tether successfully hard forked to blacklist the outputs: https://www.trustnodes.com/2017/11/21/tether-allegedly-hacked-30-million-hardforks-blacklist
the whole debacle shined light on how much control tether has over the ledger. they could easily reverse transactions involving third parties if they wanted to.