As a former security consultant, I can't understand why these exchanges don't use cold storage for private keys (i.e. stored on an external hardware device or paper wallets).
If they did that no number of hacks (online) would be successful.
It does seem like they are paying customers back the majority of the money lost. Hard to see the business survive this though... I probably wouldn't use Coincheck now... :)