|Time for a 101: the Bitcoin private key|
Bitcoin is called a "crypto currency" because it uses cryptographic methods. A key feature of them is asymmetry - certain calculations can be performed easily in one direction but not in the reverse direction. A well-known example: Rivest–Shamir–Adleman (RSA) which was introduced in 1977. The easy calculation is the multiplication of two big numbers, the nearly impossible one is to find the two factors of the product of such a multiplication.
An application is the encryption system "Pretty Good Privacy", PGP. Each participant has two keys, a public and a private one. If somebody wants to send a secret message to the receiver he asks for his public key and uses it to encrypt the message. Once encrypted the only person who can retrieve the original text is the person who has control over the private key.
Bitcoin uses Elliptic Curve Digital Signature Algorithm (ECDSA) for encryption which functions similarly. The bitcoins acquired by a participant are controlled/can only be spent by the person who controls the private key. Without its knowledge it is impossible to "steal" bitcoins. This has been true ever since the inception of the Bitcoin network.
What has happened in South Africa is that customers/investors using this exchange passed on the control of their private keys to the exchange operator. This approach is frequently used by exchanges to facilitate rapid trading. The problem: although Bitcoin itself can't be hacked it happens often that exchange operators have vulnerable systems or malicious actors which enable attackers to get hold of the private keys. This is not the fault of Bitcoin but of investors abdicating their responsibility for their funds.
The most famous raid on Bitcoin funds occurred at Mt. Gox. For some time it handled ~70% of all Bitcoin transactions. In 2014 Mt. Gox lost control of 850,000 bitcoins (which nowadays corresponds to ~$30 billion). The company went bankrupt, the BTC price collapsed. The obvious lesson: "not your keys, not your Bitcoin". If you don't control your own private Bitcoin key it is in somebody else's control and can be abused.
Safe storage of private Bitcoin keys can be achieved via a number of methods. There are several popular hardware wallets, a safe one is Coldcard. It costs around $100.
Home page Coldcard wallet: coldcardwallet.com
This is recommended for, let's say, sums beyond $1K. (For smaller sums a software wallet on a device like a cell phone is sufficient.) For bigger sums, let's say >$100K, more elaborate key control mechanisms are available, especially multi-signature approaches. This enables geographically separated storage of keys which is a safety feature against physical attacks.
For better human readability a private Bitcoin key can be represented as a list of 24 words taken from this list:
Many people have successfully used a "brain wallet" when they flee from their home country (think Venezuela). One memorizes one's key via its 24 words. At the destination the Bitcoin funds can be restored.