Engineering is not watching the crystal ball. There are no 'hard things to do', but rather things that are either working or not.
51% is detected by software modules, monitors (and not by visually examining blocks in the chain), and they can trigger alerts.
Most coins are BTC forks so the way you set alert for one coin, you can set to all other coins.
If for whatever reason you can not set alert for specific coin, you do no list that coin, as security monitoring is essential and very basic responsibility for any exchange.
If there is no security there is no exchange.
I think you missed the point. I totally agree that coins that are unable to secure their blockchain have no place on an exchange and need to be delisted / not listed.
While it is important for exchanges to monitor blockchain operation and developments - ultimately the security of the blockchain is the responsibility of the developers of that blockchain.
Saying the exchange is responsible is like saying a reseller of software is responsible for the software itself. Ultimately the responsibility of the reliability of the operation of the software lies with the software developers.
If I sell something and the bank (blockchain) confirms the deposit and then I send the goods based on that advise - and later the bank reverses the transaction (after I sent the goods) then the problem has occurred at the bank (blockchain). Whether it is "open source", "decentralized" or whatever - it is irrelevant. The initial failing is at blockchain level.
There are certain things that an exchange can monitor. Ultimately if a blockchain gets attacked then the blockchain needs to fix the problem or get delisted.
Some blockchains have realized that and solved the issue while other conveniently shift the blame.
You will find that there are always those that disagree in opinion over this but by nature of a 51% attack - it cannot be detected until after it has occurred. Therefore if it can occur easily - the blockchain no longer has a valid commercial use.
Lets not forget, you do not have to list all those coins. It is a choice, not must!
As I said, if you do not have monitoring system for specific type of coins you do not list them.
Don't forget that
coins pay to be listed and part of that they agree to the conditions of listing. It is a binding contract.
Some of the coins were listed well before 51% attacks became a valid security issue.
Blaming coin devs is not the way to go.
When a coin is exploited and fail to meet the conditions of listing (breach of contract) then they are to blame.
Legit coins take their responsibilities seriously:
https://medium.com/floblockchain/flo-team-response-to-51-attack-8c9ef683d7bahttps://blog.zencash.com/zencash-statement-on-double-spend-attack/Vertcoin (VTC), a peer to peer crypto software blockchain, recently experienced a 51% attack where the blockchain experienced four successful reorganizations.
The interesting thing about the attack is that Coinbase was commenting live about the event which gave the exchange a competitive advantage over Binance and Bittrex.
Coinbase went ahead to claim that all exchanges offering fiat based trading pairs and a wide range of assets could continue to fall victim to such attacks.
https://www.cryptodigest.com/exchanges/vertcoin-experiences-a-51-attack-coinbase-takes-advantage/This verticoin block 1044331
Had a re-org depth of 310 blocks and two double spends targeting exchanges.http://explorer.vertcoin.info/block/5313791a34a89e55c41b1522f6b5b607dad88b839e05432cbe9620e2f5e46bf1
