It's (like everything) about trying to earn the most with the less effort... There's no use to hack a person's account (secured with 2FA, scrambled password, etc...) because they put a lot of effort into it, and they can just steal on person's bitcoins (or alts). When it's about an exchange, the situation is similar, they need to find something that's vulnerable, but this time they will have the all of the coins (all the users's coins). It's much better for the hackers, so it's understandable that they're trying to hack exchanges instead of everyday people. For the average joe's, there are the phishing attachs, where the people are sending their login details to the hackers...