There appears to be a culture among crypto devs to reject the standard practice employed, in the fiat world, by technology companies that individually represent more than $1, to hire third-party security companies to audit their software/sites.
Indeed, the God of Computer Science Vitalik Buterin in his infinite IQ, needed not the council of some dusty researcher with 20+ years of experience on formal languages for smart contracts.
Who was young Vitalik to ignore techno-divine instruction? And so Ethereum was built.
And its duplicate in under a year.
I mean, when your organization make $1,000,000+ from premined coins, you can't afford not to bootstrap. So it stands to reason that you shouldn't hire security researchers for several tens of thousands of dollars.
"We'll just hard-fork #theDAO 2.0 once the fund reaches $1 billion" was his response.
To be sure, that code was hacked together, yet they exercised greater diligence than their crypto-counterparts.
They paid a security firm $200 to research integer overflow risks.
"DAO is going to the moon. So we'll have to add realllllyy big numbers" he explained.