Yes this is question arise in every expert mind. When they are giving so many marketing fund to early supporters as a airdrop then why not use some fund to strengthen the security to make ecosystem more secure.
IMHO, it is their uncertainty that their project is going to be successful so instead of focusing and investing that to their security, they're just putting that into fund as marketing for which that's how going to attract more investors. It's like a hit or miss on them and that's why usually we see most projects do that, the same thinking and strategy I guess.
This is worst hack,as their discord hack at a time when people could be deceived very easily because airdrop token claiming ended just some hours ago and hackers start pinning new link for new airdrop (fake). No one even think that it could be scam attempt.
I think I've seen the same airdrop as this when the actual airdrop was done and then several hours later, there goes the hype for that airdrop and project and then many still think that it's possible to claim it because of some links given. I can't recall the name of a project but a friend of mine who's new to it dug on it and I've said that the airdrop was totally done and there was no anymore round 2s.