There is no defence here.
If I was a developer in something scammy like crypto, maybe I would consider some security flaws to be a natural part of my Early Retirement Portfolio, or Fuck-Off Money, or just Fuck You "team lead"
Kevin!? Crypto Tradition has it that someone is going to loot the assets, and why not the working classes for once?
I have worked a few places where critical infrastructure is built and provided; some of those have stuff like: Rah-Rah meetings, free pizza, onsite cocktail bar, and even table football to compensate for low pay, long hours and hostile management. People who work there for more than 2 years, they tend to run out of fucks to give, and much longer than that, they will start plotting their revenge.
Much of those systems that we take for granted and depend on, are garbage. It just hasn't been hacked yet or the hacking didn't make the news.