Why no motion of all coins from the hot wallets to cold, as a security precaution?
Has this been done?
This would be the first move to make if keys are compromised.
If we think about it, whichever wallet was compromised would be emptied; for example why would the hacker get 1000 ETH if the wallet had 2000 ETH?
So what's stolen is stolen. I don't think it's possible to hack a new wallet while the exchange is not operating.
Any wallet/coin could possibly be compromised.
The second (the very second) you know that unauthorized TX have been sent you immediately shift funds to new privkeys as fast as their block chains can move.
Next you inform and sign where/howmany COINS you still have in secured custody.
Dead simple.