in this case, Binance detected that this ip is allowed in the account but they didn't know that yes ip is allowed but the request is not allowed,I think they could implement kind of account tracking in their system so based on your account history they could find that this request with this amount is not usual so lets al least get an email confirmation for the account owner.
I don't think they will implement such thing, as API is usually made for automatic stuff and won't request any confirmation. They could also argue that your own server and API is the one that is buggy and instead you have to fix them. On top of that, they already warn people that enabling withdrawal is risky.
At least you can inform them the hacker address so they could block it. For the future, I guess you should avoid withdrawal from your Binance wallet directly and instead make your own server/wallet to process withdrawal.