In the event of mass validator slashing

Allnodes currently has ~ 4029 validator nodes running, or close to 2% of all nodes.

In the event that a malicious actor accessed the validator keys to all these nodes and caused havoc, prior to withdrawals being enabled would there be any recourse (any way to stop this)? At what speed would they be able to deplete the funds of a validator?