This is not what happened with the DAO. This is well documented and I suggest you read up on. TLDR, the hacker tried to withdraw the funds and there was a 30 day lockup period so the contract was updated to stop this.
My understanding was that an illicit fund withdrawing was possible because of a bug in the contract code (more specifically a recursive call loophole), and the community executed a hard fork to return those funds to their original owners. I’m curious as to what I’m misunderstanding here.