This is actually brilliant and is almost a no lose situation.
* Outcome 1: ETH is forked -> ETH value goes to 0, the shorted currency is pure profit minus interest
* Outcome 2: ETH is not forked -> Hacker gets $50 million
These are only the technical outcomes but the only social outcome I can see is a lot of suing going on. My suspicion is that it is unlikely that anyone will succeed in a legal challenge, but I'm not a lawyer.
Of course legal challenge won't be fruitful. In the eyes of the law using an exploit on an vulnerability found in a contract will still be interpreted as malicious or even criminal and thus illegal,
I don't understand your certainty - the point about law is that there is an exception to every rule.
Courts enforce contracts that contain unfavorable terms all the time. And malciousness is not a part of contract law. It's true that contracts can be set-aside (though not always) when they have a criminal basis, but it's not at all clear that this is the case here.
There was an unequivocal and unilateral offer made to the world in the text - that will be hard to read down as anything other than an intention to contract.
You're right but you can't sign a message from a contract, only from an external account. The ECDSA at the bottom is not valid. Valid ECDSA signatures are 65 bytes ending with 0x00 or 0x01. This one ends with 0x20.
The real "hacker" made millions shorting ETH before the attack.