Great, informative post.
Hacking isn't really as prevalent today, or as damaging as phishing does to crypto exchange users, due to the sheer amount of phishing scams out there in every shape or form possible trying to get your money.
The most common scam that I see people falling for is probably the good ol' google ads phishing site, which is also mentioned in your OP. Part of the problem is that google doesn't check the legitimacy of the URL before listing it on their ad platform. That's why you should always remember the official URL of your exchange, and try to type it in every time, or even bookmark it, instead of searching for it on google. Even if you do search for it, don't click on any ads.
Also, another phishing scam would be impersonators in twitter comments posing as exchange management giving away coins. They'll use a similar name in their profile as the official exchange twitter account. These are quite obvious, but some people still fall for it - just be aware.
It's your money on an exchange, you should take an active effort to protect it.
The reason phishing is more popular than hacking is because it is relatively unsophisticated compared to hacking. Exchanges have relatively secure websites that are hard to hack and often are independently penetration tested - users are the easiest target and can get fooled into giving away their login credentials.
I've added this image - while it isn't phishing people for their account access - it is a common scam involving exchanges.
Yeah the twitter scam is a common one. So much so that Vitalik Buterin renamed his twitter account:
Vitalik "Not giving away ETH" Buterin
