I like to distinguish attacks where money was stolen using stolen credentials from those that occured simply by manipulating smart contracts. Some crypto enthusiasts would consider the second type of attack to be legitimate activity rather than theft, so long as the attacker stayed within the letter of the 'law' as expressed on chain.