Those are pretty big assumptions. You could also say that if law enforcement found Bitstamps server in the trunk of your car they could prosecute you for theft. Chances are, if Bitstamp was really hacked, the hacker would not have been stupid enough to use an IP from his living room computer or put Bitstamp's server in the trunk of his car.
You are right, they would probably use some kind of IP masking service (like, tor, VPN or hack their way into a SOCKS5 proxy, although the latter may allow you to be tracked to your "real" identity.
The hacker would obviously need to somehow have the private keys of bitstamp's hot wallet in their possession in order to sign and broadcast the transactions that sent their bitcoin to their bitcoin address. If those private keys are still somehow in the hackers possession then they would be implemented in the theft