You guys are funny.
Polo clearly isnt safe for accounts without 2fa.
Polo knows its site continually gets hacked by this type of attack.
Polo is guilty by allowing this to continue. Easy lawsuit win.
Edit. Polo also made and kept money from the fraud, ie transaction fees. Sounds guilty by association to me.
What you don't seem to understand is that it isn't Poloniex that gets hacked, it is the computers and/or emails of the account holders that get compromised, allowing the hackers to get their Poloniex password and compromise their accounts.
You are the one enabling yourself to get hacked when you don't use 2fa, Poloniex isn't there to protect your computer/email from hackers.