adding mail confirmations for withdraw will be solution
If the 'hacker' has access to the account, this means your email address could got compromised as well if he knows what your email address which is linked to the PD account is. The simplest solution to this is to force a 2FA for every account , this is the simplest yet the toughest thing to break for the hacker