Can scammers steal money using smart contracts?

[mk4]

You might have been disappointed had you invested in Vee Finance, Spartan Protocol, Akropolis, or Saddle Finance. They all were audited by Certik and got hacked later. People lost more than 60 million dollars. For me, it is an instructive example of how it is almost pointless to rely on third-party audits when it comes to DeFi projects and smart contracts. If the hack can happen, it will happen.

https://rekt.news/leaderboard/

I wouldn't say it's almost pointless because I'm pretty sure they do help a lot, but then again, no one should be basing their decisions if they should use a smart contract or not based on audits. Just like how having good engineers and architects make a building structure better, but not 100% earthquake proof.

[Pmalek]

If you transfer your coins and tokens to a third-party platform, there is very little you can do expect hoping and begging that the site is secure enough and wont be exploited. But there is also the possibility of rug pulls and exit scam.

On the other hand, a lot of smart contract exploits happen because it's the users who allow and give permission for a certain type of transaction to happen in their wallet. If a hacker discovers a vulnerability in a particular smart contract, he can target users who own that asset. Send them a fake airdrop, for example, with instructions on how to sell those coins. Once the victim attempts to make a transaction to trade/sell that token, MetaMask pops up asking the user if he wants to approve the transaction. Since many people are in a hurry and don't feel like double-checking what they are doing, many will just approve and broadcast. In reality, you allowed another token to be sent from your wallet, and that's how a smart contract vulnerability can lead to the loss of money if you aren't careful and in a hurry. 

[pooya87]

I wouldn't say it's almost pointless because I'm pretty sure they do help a lot, but then again, no one should be basing their decisions if they should use a smart contract or not based on audits. Just like how having good engineers and architects make a building structure better, but not 100% earthquake proof.

It is pointless in my opinion because of high possibility of corruption. It is the nature of all centralized entities to have corruption and when it comes to a service that can have such a power on a market and values the chance of corruption is high.
Basically it is the same scam called "ICO reviewers" that we had in 2017. They get paid to promote a shittoken as a legitimate project worth investing in to.

[JoyMarsha]

To stay safe, don't click on any link sent to you asking you to connect your wallet without verifying the source. If you have to indulge in it, you shouldn't make use of the smart contract that has much of your funds in it. It will be okay to create a new smart contract. If it should be hacked finally, let it be a smart contract that has no funds in it.
Let's all stay safe. No site is to be trusted without verifying it first