It's mostly neglect on behalf of the teams. In this case, the code was never audited and was created by a rather immature team that was rushing for production. So recupe for disaster.
In truth you can write code that is upgradable or ammendable, but always within limits of Ethereum transactions being immutable. However, when a project wants to emphasize that immutability, because that's perceived as the need by the users and the devs, then you end up in this situation.
So, as usual, the problem is solvable with a little diligence. The challenge is for crypto culture to get over itself and mature and actually perform that diligence.
I will say that there are very mature, very well developed projects that you don't hear about getting hacked, because they take advantage of the wealth of experience that's been built on this subject.
>So, as usual, the problem is solvable with a little diligence.
If you're going to potentially lose tens or hundreds of millions, you need a lot more than a little diligence. Formally proved code (something along the lines of Ada with Spark Pro) is the bare minimum for something with some much money on the line, and even then I'd still prefer a traditional contract and leave things to the courts.
In truth you can write code that is upgradable or ammendable, but always within limits of Ethereum transactions being immutable. However, when a project wants to emphasize that immutability, because that's perceived as the need by the users and the devs, then you end up in this situation.
So, as usual, the problem is solvable with a little diligence. The challenge is for crypto culture to get over itself and mature and actually perform that diligence.
I will say that there are very mature, very well developed projects that you don't hear about getting hacked, because they take advantage of the wealth of experience that's been built on this subject.