poor ccex. always a target for hackers. very unfortunate. hopefully trade will pick up so these balances can be paid. need more info on hack. only hot wallets empty? was any doge + ltc stored cold?
Not really. Every action from transfering funds to trashing balances is vulnerable to CSRF, even with 2FA enabled. This was something pending to happen, there are also many more unfixed server side issues waiting for getting user's funds robbed.
Even their scripts for transferrring funds from cold wallets are vulnerable (they are only triggered manually but the process is automatic). it's really impressing nobody logged-in remotely yet (though this part is unlikely thanks to cloudflare) or got access to private keys (also unlikely).
Outside vulnerabilities, there are risky but still secure practices like using MD5 for session cookies without regenerating or being able to confirm withdrawals links sent to emails from a different ɪᴘ. Or using a single hot wallet for some coins.
But getting those errors fixed will only lead to to get more money robbed by them, so I won't speak about those issues. The more this exchange get hacked, the less the peoples are likely to get robbed by the bigger robber: c-cex.com staff.
I also won't reaveal more publicly or it would be first-in best-dressed on everything listed!
But their level of security practices isn't comparable to anything I saw on other exchanges though.