As far as I know, this hasn't been tested in court. Even if true, this goes completely against the idea of "the code is law."

It probably depends on the jurisdiction, and if they interpret the smart contract as a computer program, and have hacking laws they can apply, or as an actual autonomous contract that is legally valid. Both seem like plausible interpretations, but I think the former is more natural/likely for the typical judge.