@Slow death. The solution is for the exchange to be smarter than the thieves. The thieves will never stop trying as long as there is something valuable in the vault.
You can only hire so many pen-testers. At best, you can outsmart most thieves, but never all of them. That's why there has been so much emphasis on reducing losses to limited hot wallets in these situations. All in all, this could have been a lot worse.
Agreed. However, if you cannot run a secure exchange that holds 100s of millions of people's money then you have no right to be running an exchange. There will always be thieves that will certainly never change.
Correct me if I'm wrong, but in 2018 there was a 'successful breach' in Binance. The hackers was able to get the users logins thorough phishing link, installing API access on the affected accounts. So in a sense, Binance by that time should have step up their security. But I guess the hackers was again, always one step of the game and this time they are very successful. I guess, no one is really safe, even though Binance, in my opinion, have implemented security features after that breached.