Low cap projects have always a high risk to be hacked. Not only because requirements to compromise it are low, often techical code for such projects are not proven enough because low cap projects can't afford high quality developers and very important don't have a good peer to peer review.
Low cap projects are often a big experiment and people buying it will have a big risk to be affected of a flawly programmed code.
Did you call this as a low cap? don't you even watch it on the CMC? thorchain was billion marketcap coin and it doesn't have low cap but this can be catagorized as the big cap coin. I think that you must try to find a good information about this. The second hack happened in a short time after the first hack. What the team was doing. It doesn't make sense for a billion cap project to be hacked easily.