It is the exchanges fault. PERIOD.  They allowed the overflow with poor security... They should have used blue, or quanstamp, or something.  They should be held responsible.  I hope they get sued... Poor investing is one thing, but a blatant lack of any type of scan security of an ERC20 token is Negligence.  And provable by law in a court...