In principle, the exchange must be audited and it is desirable that it be continuous.
The exchange must ensure the safety of users, at any time it must have sufficient liquidity to return user deposits.
Binance has managed to do this in the previous hack, but most of the exchange cannot able to do this because they are not serious about the business and it will help to attract more customers if they manage to refund to the user who has lost their money through exchange hack.