One simple thing could have prevented it that many other exchanges have already implemented.
Withdrawals only through email verification
Or 2FA. The problem is these people who use the same user/pass at every site typically don't care about enabling extra security features either.