I am rereading this post, and kind of more certain that you have no idea what you are talking about, lol. Also the fact that there is no blockchain tracker on etc almost guaranteed that the hacker will use etc and not eth, alos, the hacker did not have any of the eth that was stolen prior to the attack, meaning the hf cause him to only have etc in the amount that was stolen. The attacker is probably the only person that will have his eth in only one place, and have to mix/convert it to make it of any use to him.