The problem with a "warm wallet" is that the hot wallet of 100Btc might need refilling every hour and so if the attacker just sits draining the hot wallet, the admins might keep authorising refills letting the attackers take large amounts before the hole is discovered. If it must be done that frequently then admins won't bother to audit the hot wallet every time they refill it from the warm wallet, which makes the warm wallet a hot wallet.
If hot wallet refills are rare, the hot wallet must be sizable, but then the refills will be sizable too, so an attacker could steal hot wallet (sizable) and a refill (sizable) at least before discovery.
Each step adds an effective rate limiting step and a chance to catch the hole, but requiring manual intervention too often and the required auditing and manual checking will not be done. But any automation just pushes something from warm to hot.
Even with automatic transfers, I think there's a difference between wallets that are queued up and actively sending money out of the system, and wallets that are queued up to do so (or to refill that wallet). The difference lies in the fact that they do serve as an automated rate limiting point, and have different methods for the hackers to extract out funds from them.
An example: if you have one hot wallet with the keys loaded in to the system, and a secondary warm wallet (basically, a wallet that will be swapped in as the hot wallet when the other runs out), you can secure the details of the warm wallet better, meaning that certain read access vulnerabilities will only be able to target the hot wallet. Of course, an attacker can empty the hot wallet, and then the details of the warm wallet will be exposed when it is loaded because of the same vulnerability, but this forces the system to have a chance to validate the current state of the world before the second wallet becomes vulnerable, which is not the case if both were being used as loaded hot wallets.
There are meaningful automated sanity checks and rate limiting tactics that can be used with automated warm/hot wallets.
Of course, if you have a $5mil hot wallet, you should probably hire a "bitcoin banker" or "bitcoin teller" to sit at a workstation and manually deal with some of these kinds of swaps and oversee the audits. Even if you don't immediately patch all security holes, you'll have a much better idea of where you're leaking.
The hot wallet can be refilled every hour. If you are trying to withdraw <1 BTC but hot wallet is empty it goes to warm wallet to be accepted manually.
Yes it's inconvenient. But between inconvenience and losing $5,000,000
If attacker steals X from hot wallet the admins may detect suspicious activity (when hot wallet is drained entirely they must reaudit everything). Even if they don't notice anything the attacker gets 2X. While warm wallet is something like 100X
If hot wallet refills are rare, the hot wallet must be sizable, but then the refills will be sizable too, so an attacker could steal hot wallet (sizable) and a refill (sizable) at least before discovery.
Each step adds an effective rate limiting step and a chance to catch the hole, but requiring manual intervention too often and the required auditing and manual checking will not be done. But any automation just pushes something from warm to hot.