What is the typical nature of these hacks? Are they phishing type exploits or are hackers actually finding loopholes in the underlying code of the coins/tokens (e.g., solidity etc)?
I think it's a mix of phishing and market manipulation. Here's an example of drained funds without hacking. Another example of web3 speed-running lessons learned in traditional financial markets.
https://twitter.com/joshua_j_lim/status/1579987648546246658