This will be a tough "prove" but only a select few have been hit, which lends itself to poor OPSec on the users' end. As one example within that article there was a user with >200 BTC sitting on an online exchange. Really, who does that anymore with hardware wallets being so cheap and secure? Next why don't these exchanges offer true U2F two factor and not simple little 2FA?