A lot of smaller exchanges have been hacked in last few years. A new trend in hacking has been to target machines used to maintain exchanges instead of trying to hack the exchange itself... A lot of exchange owners keep passwords for VPS servers in their work PCs and some popular software have known vulnerabilities that haven't yet been patched. For example, a known vulnerability had existed in Ubuntu packages of OpenSSH for at least 15 years. It was only recently fixed after a lot of Ubuntu-based VPS servers got hacked and used for sending unsolicited e-mail through SSH tunnels.
One of the methods that hackers have been using lately is fake chat clients that harvest credentials from gullible user who installs the chat client. One such chat client is Junnix.