But we have also seen some open-source Ethereum smart contracts being breached and hacked for reasons that could be bad code, exit scams, lack of knowledge how to secure them properly, etc. It's very important who looks at the code and tags it as verified. If I am not wrong, some hacks occurred even though the projects were called audited and secure.
Well because Ethereum was open source we knew from day one that the protocol is very buggy and has a lot of room for hacks like the ones you mentioned. The fact that nobody listened is their own fault so we can't really mention those breaches in this context since they were already expected.
The audits were also mostly fake, basically they created a business of auditing smart contracts and in the end they ended up getting paid (or bribed) to publish fake results.