Your frustration is understandable, AAVE indeed didn’t take immediate action to prevent further lending after the exploit. There was a ARC that takes time to vote, thus the delay in the action.
In regards to your statement:
The withdrawal is not locked, there’s 0 liquidity for you to withdraw as it’s 100% borrowed.