I'm actually shocked by this. There is really no legal distinction between "white hats" and "black hats". Nobody gave "robinhood" permission to hack 500 Steemit accounts. "robinhood", in fact, did "take the money"... since only "robinhood" now has access to these funds.
RE: Offline Attack on Steem User Credentials