M of N requires multiple private keys in order to withdraw. The script that handles the automated payouts would have access to a wallet that has a relatively small amount of money. When that wallet gets too low or too high, the security and finance team can go to the HSM with their keys, and perform an agreed upon transfer of funds from the vault wallet to the online wallet, or vice versa.
I won't say it's impossible for the vault to get robbed, but with a proper security setup, such a heist would be unprecedented. It could even garner some respect on this forum (toward both the attacker and the victim), rather than shame. The online wallet could get hacked, but it would be a smaller fraction of the funds lost, rather than the entire farm. Of course, if you have a decent security team, they'll also be taking other measures to lower the likelihood of that happening. And unless you pissed the wrong people off, you'd be very unlikely to be sunk due to a random hacking. You would be too difficult of a target for it to be worth even trying.
Disclaimer: I'm not a security specialist, so don't take this as real security advice. However, was technical lead for payments system of a non-crypto fintech company (this doesn't imply that that company's security is or isn't set up in this way).
I won't say it's impossible for the vault to get robbed, but with a proper security setup, such a heist would be unprecedented. It could even garner some respect on this forum (toward both the attacker and the victim), rather than shame. The online wallet could get hacked, but it would be a smaller fraction of the funds lost, rather than the entire farm. Of course, if you have a decent security team, they'll also be taking other measures to lower the likelihood of that happening. And unless you pissed the wrong people off, you'd be very unlikely to be sunk due to a random hacking. You would be too difficult of a target for it to be worth even trying.
Disclaimer: I'm not a security specialist, so don't take this as real security advice. However, was technical lead for payments system of a non-crypto fintech company (this doesn't imply that that company's security is or isn't set up in this way).