How is this a security vulnerability that has been known for weeks? This seems more like a code issue and race conditions rather than something that has only been around for weeks. The solution is to push all withdrawals to a pendingwithdrawals table that the engine then hits and deducts balance, this way even if the user tries to game the system and has say 5 withdrawals entered at the same time, those withdrawals are in a "pending" table, when the engine grabs them it then checks balances again sequentially on those rows and any withdrawal that the user does not have enough funds for is set to canceled. This is the type of thing that should be done with ALL user input, orders, cancel orders, etc.
Someone detailed how it could be done on Reddit a few weeks ago, that's how. Bitcoin devs seem to know about it. It is up to exchanges if they want to fortify themselves against such attacks. Apparently, the OP missed the memo.
But I don't want to miss the forest for the trees.