[nostrademons]

The issue with SQL injection and XSS is that there is usually no cost to the website with the vulnerability. They can keep on doing business as usual, after a suitable mea culpa, without significant consequences.

When there's a crypto vulnerability, the contract usually gets drained. It goes bankrupt. There is no funds and no viable business there. Therefore, there's not just a significant incentive to guard against security holes, but there's also a selection mechanism.

People underestimate the power of bankruptcy, failure, death, revolution, nonexistence, and other selection mechanisms. Selection bias is the most powerful force in nature, because natural systems without a selection mechanism tend to get selected away. Arguably a lot of the problems with our current economy come about because we fail to let things fail.