Low cap projects have always a high risk to be hacked. Not only because requirements to compromise it are low, often techical code for such projects are not proven enough because low cap projects can't afford high quality developers and very important don't have a good peer to peer review.
Low cap projects are often a big experiment and people buying it will have a big risk to be affected of a flawly programmed code.
Did you call this as a low cap? don't you even watch it on the CMC? thorchain was billion marketcap coin and it doesn't have low cap but this can be catagorized as the big cap coin. I think that you must try to find a good information about this. The second hack happened in a short time after the first hack. What the team was doing. It doesn't make sense for a billion cap project to be hacked easily.
agree, RUNE is far from low cap coin, capitalization is above $1B
on the other hand, they are now active on twitter, defending their right to be hacked, instead having all means deployed to build a solution, second hack was done by white hat hacker, that required bounty to get back funds, and proposed measures to improve protocol security
they should pause all LPs, and implement necessary improvements prior to continue, with contract audit as a required step to deploy pools on main-net
it is not enough to say that you are using protocol at your own risk, for a $1B project, that is way down