Just an idea - why not contact the attacker (via a public message), and offer him or her a deal - they get to keep say 1% of the stolen amount, given that they upload a smart contract that guarantees the money is sent from the stolen account to a "trusted" address (from where it will go to DAO 2.0). That way everyone wins, hacker gets paid a fair amount for finding the security hole, no messy forks.