Theif A - Takes everyone's money, is found out and returns it. Therefore both sides are back where they started.
Theif B - Takes everyone's money, is found out and returns it as well as receiving punishment (additional compensation, dispossession, rehab, restriction of freedom). Therefore the victims are where they started and the theif has at the very least been inconvenienced and at the most been reformed.
Which one do you think is more likely to steal again? Don't even think about straw-manning again or debating useless semantics, the fact is that there is no perfect solution to theft of BTC, but your proposed solution is more damaging if anything.
BB.
Bitcoin is a global currency, but there are many countries out there, where a Bitcoin theft is not even illegal.
When the trustee for the payback (consultancy) holds the funds in some unsecured account, whom to you blame more?
When the trustee (consultancy) was also the cause for the hack before (unsecured email), do you still blame the thief?
Make no mistake, the thief is guilty, but it almost borders to keep something that been lost and found.