Coin exchanges and their security

[ealfreds]

Hey all,

Just wondering about the security on most coin exchanges that are running today.
Over the last few weeks / months a lot of exchanges have been hacked and basically emptied.

The part about that someone either hacked in and directly emptied the wallets or had some of the users login information and emptied those users balances I understand.

But why are the hackers getting into the wallets in the first place?
The setup that the sites are using in regards to hot wallets and cold wallets must be either just wrong.. or non-existing.

I would imagine if I should set up a exchange that even the hot wallets would be nowhere near the server/servers that are running the front-end of the site.

Basically that setup is like:
 Front-end servers = online
 Hot wallet servers = semi-offline.. no incoming network access.. limited outgoing.
 Cold wallet servers = full-offline. no internet contact at all.

 The contact between front-end and hot wallet would be through some custom way of the hot wallet checking for what to do.

I guess that is not the setup that these sites are using?
Or am I wrong?
Are some of them running the hot wallets on the same server / server network that the front-end servers are on?

Maybe I'm over-simplifying how this could be set up.

( hope this is the right thread to put this in )

[Radar]

  Websites are getting hacked due to negligence and user fault.  Traders sometimes forget this is a decentralized system where we store our coins on our own system.  If you have a good encrypted wallet stored on your own network than you should be fine.

[roslinpl]

I can say there are people with huge brains working on it - working on making the best secure exchange.

But as far as I live - there was always a war between h@x0r5 and devs, so whatever security they will invite - hackers will try to crack it.
I think there is bigger problem not with hackers but with not loyal owners.