-Are there any backups left?: Is the database intact?
This is the key question.
The following is pure speculation.
I'm speculating that there were and are no offsite backups of the database. This would make the claim process nearly impossible (or maybe there is one but it is old, and the older it is the more difficult the claims process). (the hacker is probably submitting claims for each account from various IP addresses, just for lulz). If there were a backup of the database, users could claim their funds simply and quickly using their passwords, which were securely encrypted in the database. (there is of course the possibility of complications making this more difficult, eg if the hacker captured some passwords in plaintext before deleting the database).
If there is no recent offsite database backup is zhou's fault and he knows it, but he is doing damnedest to throw mud at Bitcoin Consultancy and save his ego. If he made no offsite backup could be blamed on his plain-as-day arrogance (why boast that he made the site in four days?) combined with lack of experience (after all, the Linode theft wasn't his fault but at the same could have been prevented had he done sufficient contingency planning).
Of course, Bitcoin Consultancy shares equal blame and the mud sticks. I've had my doubts about them ever since I first heard them claiming to be "core bitcoin developers" (I found precisely one commit by genjix to the satoshi client code, and it was a bash script). Refactoring the satoshi client into libbitcoin wouldn't exactly be easy, but a more productive (and difficult) project would've been bitcoinjs. Patrick may be able to find some vulnerabilities, but he didn't secure his own mail server. Also funky that he would offer a
bounty to fix a bug in 80 lines of javascript because he is "not interested in chasing bugs in something I'm not familiar with". Aside from creating and operating Intersango (which by itself is commendable, obviously), they haven't done much to inspire confidence that they can handle running bitcoinica (quite the opposite recently).
One optimistic possibility is that Zhou did make an offsite backup, but he is not sharing it with Bitcoin Consultancy out of pure anger and spite at their fuck-up (Patrick not securing his own e-mail). If he has one, that would make it easy to for him to process claims (they probably do have plenty of coin in cold storage).
If he already shared it with Bitcoin Consultancy, god knows why they are dragging their feet in such an incredibly lame way instead of just processing the claims. (maybe they thought they could buy time so they can re-launch the site before users withdraw their claims and deposit them with competitors supposedly launching soon).