I do not think that maybe something from a weak defense can work out well. There are some very unpleasant situations, so you should pay attention to modern protection systems.
The best simple protection method is two-factor authorization with Google or etc.
This method of protection can only help against loss of data from users. But the exchange itself will still be able to steal money, often by breaking it exchange, and not a separate account. It is in this direction and we need to develop a defense.