It is hard to believe that cryptopia would store coins in an insecure hot wallet. I think it was an inside job, done by technical staff that had access to certain passwords
Have they actually released any details about the hack, or made any statements about whether cold storage was compromised? I can't even find a statement from Cryptopia about whether they used cold storage at all. We take it for granted they did but who knows?
They release several informations to the public but I don't recall they give lots of details about the hack, how the hacker able to empty their wallets and so on. Maybe just a glimpse but not really deep.
I used to trade on Cryptopia from time to time and found the exchange interesting for smaller coins. Even if I didn't suffer any loss from the hack, I won't trade there anymore - even if the handling and communication with the event was exemplary from Cryptopia in my opinion. My trust was lost.
That's understandable. Considering how they lost the money and the 'customer balance' discount IIRC which can't cover all of the funds from user balance.