Exchanges only process a deposit after a certain number of blocks have confirmed (been mined on top of) the block containing the transaction depositing coins to an exchange.
The more confirmations you wait for, the larger the number of blocks an attacker needs to rewrite. As the number of blocks requiring rewriting increases, so does the attacker’s required hashpower.
To rewrite a history of only 1 block, you need to mine 1 block. To rewrite 10 blocks, you need to rewrite 10 blocks in a row, faster than the rest of the miners can extend the existing 10 block chain further. The difficulty of pulling this off increases exponentially as the length that must be rewritten increases.
By increasing their confirmation requirements, exchanges can make it infeasible/too expensive for an attacker to complete a double spend attack.