Centralized Exchanges are a wonderful playground for hackers :-)
Centralized exchanges are the most successful business case in the block-chain ecosystem.
They are also a Billion Dollar Problem.
They give anyone the ability to invest, cash out or change cryptocurrencies to another form.
The nature of the blockchain is running on a distributed ledger and using a decentralized consensus protocol to resolve blocks and transactions.
That means that if I own a Bitcoin, everyone can go and check that this Bitcoin is mine (Suppose they know my wallet address), on the Ledger.
No one should be able to take it away from me unless the miners reach a decentralized consensus that I transferred this Bitcoin (Aka transaction) to someone else, or if someone has access to my private-key.
When we talk about exchanges, there are several different kinds of exchanges:
Fiat-Crypto exchanges allow you to buy cryptocurrencies (Bitcoin, Ethereum and others) with Fiat (USD, EURO, GBP and more).
Crypto-Crypto exchanges that allow you to change from one Cryptocurrency to another, these also hold some of the most significant risks in this eco-system and also suffer most attacks, some recent examples and good coverage:
Crypto-Crypto exchanges fall under two categories: centralized (most of the exchanges, fast, good user experience, and have seen rather good revenue in recent years) and decentralized (small percentage, slow, not really usable, bad user experience).
When you open an account on a centralized exchange, and would like to start transacting, the exchange will ask you to transfer the initial funds (whether these are in Bitcoin - BTC or Ethereum - ETH or another cryptocurrency).
Once you transfer these to the exchange account, it means they are no longer yours, they are on the exchange, the private key is kept on the exchange (probably with other accounts). Hence rendering the whole experience of distributed ledger and decentralized consensus irrelevant to the security of your funds.
In this point in time all your funds are assigned to the exchange’s account, and they may be keeping them really safe, offline deep in the swiss mountains, but again, they are not accessible to you anymore.
Once your cryptocurrencies are on the exchange, the game is different, and a lot more similar to current day banks, only exchanges do not have the security teams, experience, budget, resources and ability large banks have for cyber security.
So here starts the game for hackers, though I didn't explain it earlier, cryptocurrency is a form of digital currency, that you hold for yourself. Think of it as a digital safe with digital gold or digital silver.
Thing is, digital assets such as cryptocurrencies, can be liquid e.g. used rather quickly. So for example if I steal your bitcoin and move it to an exchange and then to another exchange, it will be very hard to track these funds. This is very different from stealing data such as credit cards, where the hacker needs to sell these credit cards to someone else who can or cannot use the funds if they are still active.
A good solution to centralized exchanges will be a semi-decentralized architecture that will give users the fast and reliable experience they are used to, while providing the exchange with an ability to maintain custody only on part of the funds.