In its present state, DeFi developments are still nascent platforms, but this has not hindered their ability to attract millions in deposits. This makes exploitations, even non-technical ones, rewarding for abusers.
The greater problem here, though, is bZx team's incompetency at handling disastrous events and absolute disregard for users' funds.
Not only did they get hacked (twice within days), they also used their master key to try and revert some of the losses, making the concept of DeFi moot by showing to the public that their "decentralized" finance protocol is both unsafe and centralized. A key highlight for why developers should avoid self-managing their PR.
It gets better—or worse, rather.
The bZx team admitted to have unaudited contracts on mainnet, then denied, chopped, and delayed payments to those who helped them, and refused to notify users about a problem they were aware of.