exchanges should simply use a chunk password ill give you a example on the trade
a seller as 2000 nrs for sell he set the sell for 0,0008000 the system send hes 2000 nsr to a cold wallet with chunk password the first pass is by the exchange to retrieve funds nsr the second pass is use when the sell is bought a message is sent to the seller asking him for the password to release the funds with time limit too entre the password or the sell it cancelled
same for the buyer orders once the sell is confirmed the system will ask the buyer for the chunk password to release the btc fund or what ever currency
this option can be added in the user option profile if the chose to use it or not with notice not to lose the chuck password warning etc once enable even if a hacker gets a copy of wallet.data or even the key they will needs keys from separate users to get encrypted unknown from the exchange it self