One of the biggest reasons so many projects still get hacked is that they hire audit teams that are not real audit teams. Most are not buying security. They are buying a stamp, and usually the cheapest one they can get. For small projects, that may be understandable since they have no money. But even 90%+ of protocols with billions in TVL do the same: compare all offers and choose strictly on price. That is not a security mindset. That is a checkbox mindset. Real security requires a serious audit and proper consultation on what it actually takes to design and write robust smart contract code. And the uncomfortable truth is simple: a large part of the market today is filled with providers that sell the label of an audit, not the quality of one. It takes a while to understand what „true security“ means and it’s a deep rabbit hole. Only those who digged into it will be able to understand the industry and realize that a lot of what’s ongoing in the security industry is just blatant money extraction