[which]

The money was only stopped at the Federal Reserve because the address used in some of the wire transactions included the word Jupiter which was a sanctioned entity at the time and the matching was sufficiently fuzzy that this was caught. That was a complete accident. It just as easily could have gone the other way. I just read a case on the layoffs subreddit where a law firm was hacked and one of their clients was tricked into wiring millions of dollars to the wrong account, resulting in the client suing the law firm for negligence and the law firm having to fire a bunch of people. One Latvian guy tricked Google and other large tech companies into wiring him a hundred million dollars total which was only recovered because he was arrested and plead guilty. Business email compromise is a huge plague on society and in many cases the recovered amount is trivial.

The only way you are recovering the bulk of losses if you don't notice the theft very quickly is if the amount is high enough that a prosecutor is interested and it hasn't all been withdrawn as cash yet.