Exchanges hold a very less amount in cold storage. But trading depositing and withdrawing again and again is tedious.
I'm not sure about other exchanges but Poloniex clearly says in the homepage "Majority of customer funds kept in cold storage"
Even if exchanges would hold everything cold storage, it still wouldn't protect any funds if it's an inside job 
Maybe decentralized exchanges are the future...
Maybe decentralized exchanges are the future...
Why not ? I mean claiming that they got hacked is easy when It's an inside job , but when It's cold storage , It should be stored somewhere safe where only a few people has access to , so I don't see how someone could get away with it.
Besides , If the majority of funds are in cold storage + in the same address , that wouldn't make it hard to trace on the blockchain while If they are online and from different addresses , It's definitely something hard to track.