2FA seems like a pretty logical fit here especially as long-time users become vested. 2FA however, wouldn't stop what happened to bitfinex from happening here as it happened at the wallet level of the organization but I see the motivation :) . Good post!
I would also maybe add that when you use 2FA you should always have it on a separate device that doesn't have access to your accounts that utilize 2FA (e.g. no stored passwords in the web browser). Also when you setup your 2FA don't have it send a copy to your email - if your computer is compromised its a good chance your email is too and 2FA becomes a non-factor at that point.