Hacks on exchanges are complicated. A hack on Bitstamp, which takes security seriously, it's extremely complicated.

So, if this happened, I would assume the hacker would have acquired access at least few days earlier. I would also assume code has been tampered with someway, and some audit has to be made. Even if they use strict change management policies, a full code audit is a must.