It looks like in both these cases the contracts were upgraded / funds moved by the parties from whom the funds were originally stolen from. It was almost certainly Jump + Whitehats who actually did the thing This post by @smyyguy is fantastic