I understand that in the first place you can think about the vulnerability of the server, but besides bitcoin, there was still a lot of things that could be stolen, but nothing was stolen, moreover, not even all of the bitcoin was stolen, so this is anything but not a server vulnerability. Perhaps the problem is indeed in weak entropy, but what exactly in my case, I don’t understand.
If you generated keys online there is a chance some of them got leaked, but maybe you can tell us what did you use for generating entropy?
Being a little paranoid during this entropy generation is not a bad thing, and I am even starting to suspect in entropy generated by closed source hardware wallets like ledger.
I think you should always do this part offline, and I would never keep keys online or cloud, aka other people computers.
I am sure there is a way for exchange to use some kind of multisig setup to prevent hacks like this happening in future.