Years ago some exchanges published their cold wallet address as part of proof of funds. No idea if any still do that.
But having those addresses it was simple to see where the funds were coming from.
Some people had privacy concerns about it, others liked the proof of them having the BTC.
In the end it still did not matter as you could run with a cold wallet just as easy as the hot one.
Binance did publish their cold storage address (both on Bitcoin and Ethereum) and are still actively using it. It is just too easy to deduce which addresses belongs to which exchange; create a few accounts and send a few deposits. Check the transaction paths of each deposit and watch for intersections, and those are the main addresses being used by the exchange. No difference if they declare it or not. Services can still directly send user's deposit for another user's withdrawals which can be slightly more complicated.
Using the 'we got hacked' excuse just was not as simple.
It's a proof of solvency, which is just avoiding another Mt Gox.
I forgot to mention, BitMex has a vanity multisig. Which gives you some indication that they're from Bitmex. Not 100% accurate as with any analysis out there.