Because they are like sitting ducks.
Let me explain. The cryptocurrency remains a largely unregulated space and even better for hackers one that is generally online and deals in lots of money and EVEN better money that is really easy to make untraceable by various means that i wont go into just now. The exchanges that generally get hacked are the centralised ones because there is a centralised point for the hackers to focus on and the do focus on it. Hundreds of them, maybe thousands...nobody really knows and they are constantly pick pick picking away, trying to find weaknesses. All day, every day. Constantly working to find a way in and the security teams are constantly battling to keep them out, like a giant game of cat and mouse.
Most exchanges of this kind operate a hot and cold wallet system where funds are kept in the cold wallets, which means that effectively they are stored offline until the funds are needed for trading etc at which point they are transferred to the hot wallet. This is what the hackers are looking for. If they can access the private key for any of these hot wallets they can gain access, potentially to millions of pounds. In the case of the MTGOX hack they simply whipped all the funds out. Boom. $350 million. gone. In the case of the more recent hack of Binance it is believed that the hackers tried to be smarter and withdraw the funds slower so as not to attract attention before being discovered and shut down.
In the case of decentralised Wallets the hack is much more difficult as the exchanges are made by a series of autonomous intermediaries and the swap is done by establishing a final connection between only the two parties looking to make the exchange and so the only way, really, to hack these is to compromise one of the clients in the final exchange and even then the rewards would be less as you would only be able to take funds from that one party.
As with anything online the growing number of hackers and scammers in the world can create huge security problems but it's not just block chain projects that face this it's almost any money or information rich app, website, dapp or exchange out there