RE: Exchange hack of EOS is IMPOSSIBLE!! | Yes Impossible
A clever hacker knowing this limitation would lie in wait until exactly the 72 hours have expired and would not expose the fact that the account has been compromised. Then you unstake and that fact is broadcast to the blockchain where that public info is seen. Then if you are just one minute too late, you'd have to file a request to EOS911. I'd prefer that this info was hidden as it would give much greater security.
Another approach would be to change the private / public keypair just before the 72 hours are up on the unstaking. That would most likely thwart any attempts at theft.
PS - It just occurred to me that if the owner can change the keypair associated with an account, that a hacker could do the same thing with a compromised account thereby stealing the account. Then it's up to the original owner to realize the hack within 72 hours and do something similar to the account recovery process on Steemit.
I heard that Dan Larimer suggested throwing out the original constitution which has the provision that "intent is law". If "code is law" replaces it, then account recovery may be done for.
I believe you can view any coins that are in the process of unstaking. For example in my wallet, I'm in the process of unstaking and because of that I cannot use the CPU and RAM of coins that are being unstaked. I think that an exchange would notice any hacker trying to unstake a coin and would then go onto re-stake it. They could then change the private key or also ask BPs for assistance.
I don't hold crypto on exchanges, so the only recourse for someone like me would be to try EOS911. I also keep my EOS main key offline and used an airgapped machine with the Greymass tool for voting for block producers. This is probably the safest way to use your keys now. Signing transactions offline then taking the json file and copying it to the watch wallet connected to the internet avoids exposure of the private key. If you want to be extra careful, wipe your USB drive each time you do this before attaching it back to the internet connected machine. There is still a small risk that malware can ghost write to the USB, so you should check disk usage after wiping.
Not really sure how exchanges handle EOS - but I'd also imagine them doing something similar.