Recently, a sudden incident on X showed that a user's funds on OKX were stolen despite having various verifications enabled. How did they manage to obtain the user's SMS verification code?
It is a horrible decision to store your funds in an exchange, i don't know exactly how this person lost their coins, but if an attacker compromises your device and your exchange account, they can steal your funds. Crazy thing is that is not the only way you can lose your coins if it is on an exchange, the exchange itself can be hacked, or they can confiscate your funds for any reason.
To be safe, store your coins in cold storage, either a hardware or airgapped wallet, and you can add an extra layer of security like extending your seed phrase with a passphrase or you just create a multisig wallet, if you know exactly what you are doing.