That's why you put velocity controls in place, so that if things go south you can limit losses. Coupled with alerting/reporting on transaction volumes and you should be able to get ahead of someone that bypassed your front end before they make off with all of your cash.

That said, if the backend is also vulnerable to the same or another exploit, that's not going to buy you much.