The fact that you are asking these questions is quite concerning for anyone who would want to use this exchange. My suggestion is to do a lot more reading to see how exchanges have been hacked, what others have tried and recommend and then think about the architecture you want to use based on that.
Most those so called "exchange hacks" are in fact exit scams committed by the exchanges themselves, with the crappy excuse of "being hacked".
Exchanges take away all the fund. So easy to make money.