Some of those money heists are orchestrated by insiders, and then they blame it on the hackers. I refuse to believe that the most of the time, some lucky hacker just lands on some vulnerability and drains Millions worth of crypto. Lets been honest, How can over $100M get drained from an exchange without immediately raising flags or internal controls.
If any other ordinary user like me, or you even tried to withdraw $1M, I am p[pretty sure they would carry out an immediate manual verification before sending the fund to the external address.
I agree cos we have a few exchange almost of the same age of those who had experienced security breach and haven't been hacked since inception. If it's not the inside job as you assumed, it could be poor investment in their security architecture.
The following CEXes seems to be free from hack incidence since inception;
Bitget
Bybit
MEXC
phamex
Don't know what they have been doing to make their platform a fortress but I feel learning from their success story would be helpful and particularly from those very few exchanges that had past experience and have fortified their security.