[Natanael_L]

But who's the responsible party? If the developers did their due diligence and everything that could be expected of them, who other than the thief could be sued?

And under what circumstances can you even declare that person to actually be a thief in the sense of the law? Everybody's assumed to have studied the thing they're paying for - whose perception of what the system allows and is meant to do goes, legally?

That of the person with the best understanding of the code (would mean the thief can't be legally wrong), or of the majority (would mean that highly technical niche contracts could be completely derailed legally by "noobs" flooding the market), or case-by-case?

Setting the standard as "what the code appears to do when reviewed by average developers" would be very legally unpredictable. It would also illegalize a lot of useful and beneficial benign "hacks".

[Alexx]

Well how things would go if they went to court I have no idea. That's anyones guess really. But that's a different tangent.

All the questions you're asking are, essentially, what would be argued on.

But my point was that none of the involved parties can just indemnify themselves against any consequences. With sums of money like that, any of those parties could well be sued, and end up in court. You can't EULA yourself out of that.