I'm sure the insurance doesn't cover user error or negligence.

Most exchanges use 2 factor authentication, and it's very unlikely that someone using 2 factor authentication would get "hacked".

If you have a poor password, don't use 2 factor authentication, and get "hacked", I think the exchange would tell you to go pound sand.

Also, if the hacked amount is substantial, I'm sure the exchange would have a fraud department look into it. They can check into ip addresses and things like that.