For me, it's because the odds of this person showing up quickly approach 1 as time approaches infinity, and that person's effect would be nil if it weren't for necessary causes 1) through 19).
Blaming the person that hacked you is like blaming the individual rock that sinks your boat when you navigate too close to a rocky shore. The rock may have done 100% of the damage to your boat, but if it hadn't been that rock, it would have been another one.
I was hacked using what at the time was novel (but is now a known exploit): someone claiming to be me transferred my SIM card to a new phone, over the phone, which then enabled them to defeat my 2FA (which of course I've now removed ALL cellphone recovery from).
Are you saying that it's my fault for either picking an insecure provider (T-Mobile, who I absolutely bitched out and told them to put a note on my account to not permit any SIM transfer without me physically being in a store under a camera), or for not staying abreast of the very latest in social-engineering exploits that assholes were using to try to steal bitcoins, and manage my security accordingly?
Rocks don't have moral agency. And the comment they replied to I think was clearly about the blameworthiness of the bad actor.
So I guess problem I'm having is with the equivocation between cause-and-effect responsibility and moral responsibility, which I think was exploited here to indulge in a fun little switcheroo by talking about something they didn't mean.
Blaming the person that hacked you is like blaming the individual rock that sinks your boat when you navigate too close to a rocky shore. The rock may have done 100% of the damage to your boat, but if it hadn't been that rock, it would have been another one.