Some of those money heists are orchestrated by insiders, and then they blame it on the hackers. I refuse to believe that the most of the time, some lucky hacker just lands on some vulnerability and drains Millions worth of crypto. Lets been honest, How can over $100M get drained from an exchange without immediately raising flags or internal controls.
If any other ordinary user like me, or you even tried to withdraw $1M, I am p[pretty sure they would carry out an immediate manual verification before sending the fund to the external address.