I think companies that distribute ICO tokens must spend a little more time thinking of all the ways to restrict a person from doing exactly what happened. I've had some ICOs that i participated in that were very easy (send ETH and tokens were automatically sent back) and others that it took days for me to figure out and resolve.
Lets be honest and say this sort of thing doesn't happen outside of crypto with banks. If you send money within the banking system it can't just vanish. There are trails.
I'm not saying that banking is better. I'm saying that companies need to make an effort in thinking of all the stupid things a person could do and them during the ico process and/or make their ICO website foolproof (as much as they can).
The main problem is that is alot of people interested in a ICO that is a rush to get the tokens, i think this was the better aproach because you have whitelisted accounts that get a max cap and they can send without any problems and doesn't flow the ethereum network. But not everyone use the full cap so they need to do a public sale for the rest of the tokens and this kind of things happen.
One of the worst ico token sales for me was Decentraland that got their full funding in 10 seconds or something like that and was only like 10 people that got it, this is bad because whales got all the tokens.
There is still alot of newbies in this market and some don't understand this kind of costs, but is kinda "stupid" seeing a person with more than half of million in ethereum and make mistakes/risks like that´
Thanks for your comment