Yes, the situation with the return of stolen funds in cryptocurrency is very strange. It is clearly not the case here that the hacker was afraid to be caught. He has already completed a number of transactions, including partially stolen cryptocurrency transferred to ethereum. Therefore, about ten million dollars returned to ethereum. The cryptocurrency transferred to ethereum is already very difficult to track and at the same time it is already easy to cash out.
At first I thought that the hacker decided to show the security vulnerability of this campaign, but in this case he would not convert the stolen cryptocurrency to ethereum. In any case, it can be seen from his inconsistent actions that his initial plans were changed.