It’s not necessarily impossible, it’s just very hard and not as simple as going “absolutely no hacking us you mean hackers”.

A sandbox is only as powerful as the tools it gives to programs running inside it. If your sandbox doesn’t allow programs running in it to manage memory, then it can’t benefit from a well-memory-managed program. If your sandbox doesn’t allow programs running in it to take I/O from users, it can’t benefit from that I/O. If your sandbox doesn’t allow programs running on it to know about the hardware they’re running on, it can’t benefit from programs written to take advantage of that hardware. And so on.

But each bit of power you give to programs inside the sandbox creates surface area for attack. If programs inside the sandbox have good control of memory, they can try to execute buffer overflows or other memory-management-based attacks. If programs inside the sandbox know about the hardware they’re running on, they can try to execute hardware-specific attacks (like the well-publicized Spectre and Meltdown attacks from ~five years ago).

On a more basic level: sandboxed code is still running on the same physical processors and physical memory as non-sandboxed code. In most cases, it’s also running on the same operating syste. And so any hardware exploit, or error in the relatively complex logic by which operating systems manage memory, presents a chance for escape. Making things more secure often involves tradeoffs, too – for example, Spectre and Meltdown arose from a feature processors used to improve performance in certain computations.