If the attackers had full access, they probably broke into the financial systems, issued the bitcoin transactions and paid themselves directly. I mean, why bother going through the hassle of trying to teach people how to do all of that stuff?
There are other stakeholders involved in a transaction like this, most importantly banks. Payments, especially large ones, are heavily regulated. You cannot hack a finance department and issue a monero transaction of that size without triggering a lot of alarm bells.