If users withdraw = 1.5x or 1.25x normal volume stop all withdraws.
Will give them time to take a quick manual look at what is going on.
At least the hackers can`t steal massive amounts in seconds from many different accounts.
that is true if the hacker was actually withdrawing anything but they are not. they are "hacking" their system which means they have access to their wallets and the underlying system, for example have access to their wallets and private keys.
The recent Binance attack was a case where compromised accounts used the withdrawal system and Binance mistakenly authorized the withdrawal. I believe they mentioned plans to institute more comprehensive internal checks like TimeBits is talking about. They say their wallets weren't compromised, and I can see my deposit addresses haven't changed.
This appears to be the new frontier for exchange hackers: Compromise accounts, patiently wait, then try to slip through the withdrawal system unnoticed. Another similar attack on Gatehub just happened, where dozens of user accounts were compromised through API keys. The attack netted a $10 million reward for the hackers.