Maybe. That actually raises some interesting questions, come to think.

A key factor in an offence is the location of the offence, which usually determines jurisdiction and the relevant laws.

In the classic example of hacking an American bank from Canada, the offence occurs on the American bank's servers in the United States. That's relatively clean and simple, legally.

With an Ethereum smart contract ... I'm not even sure where to begin. Where does the offence even occur, legally speaking? What aspect of fraud by a non-American, against an American resident by executing an adverse smart contract, occurs under the jurisdiction of the United States, if any?

I'd argue the offense occurs in every country where a miner is located.

The USA is pretty good at extraditing people who committed crimes outside its borders when it serves their national interests.