Another case of an attack on a third party wallet provider?
Up to when will these exchanges learn a big lesson or is it just now a common excuse lately used to cover up their negligence?

I always thought exchanges try as much as possible to used noncustodial wallet services for their cold and hot wallets and not some third party. I think these attacks are mostly orchestrated by insiders.