It has long been said that the so-called non-custodial wallets of various exchanges are not safe; it's not that the owners want to leave vulnerabilities, but rather that the developers or the libraries they introduce are not secure!