its a statement to focus on the system design of the organizations that got hacked instead of the asset/platform they happen to use, just like we do with non-crypto organizations
The platform that an organization uses is a critical piece of the design of an organization. If a bank gets hacked because they’re running Windows 95, would don’t turn around and absolve them of liability.
And if an organization uses an anonymous, immutable platform that makes it vulnerable to manipulation and theft, well then they deserve every bit of criticism.