i believe it could be large blockchain data directories (if running full or archive nodes) such as deleted files, system files, application data and so on...
An Ethereum node alone is about 2 TB.
Even if there were wallets with all the coins on those servers, what is the probability that they were so unprotected and that some forensic expert managed to move them immediately?
Also, what is the probability that the eXch team did not have backups offline at another location?
in my opinion, exch could have done offline backups at a separate locations as part of standard opsec procedures. Because from all the projects that currently active or exist on Bitcointalk I can surely say that
eXch is the only one that has decent opsec.as im not mistaking they were using remote encrypted HDD unlock via SSH (all disks are encrypted), they can easily determine if some fed is trying to get their encryption key given it's only possible with a reboot or shutdown of server when its on a dedicated server.
with this setup, unless the encryption key is already compromised or someone has SSH access, a forensic expert cannot managed to access and move the coins immediately.