Yikes. Wasn't aware of that one. Thanks for sharing it.
I like smart contracts but you really have to be super careful with them, and ideally they should all be audited by a third party before launch, to help catch stuff like this. But even that's not a guarantee crap like this won't happen sometimes.
1) Upgradeable - where an authority has the right to replace the live contact at any time and rug-pull everyone. That's not trustless, and it's no better than running an app in AWS.
2) Non-upgradeable - where you simply have a self-funding bug bounty waiting to get popped. Even if they're audited.
They're not smart, and they're not interesting, to me anyways.
Re: Upgradeable contracts, there is often some governance method that removes the power from just one person, but there's usually also a time-delay, so that in theory at least, users of the contract can see that an upgrade has happened and remove their interaction with it if they don't like the new contract.
This is quite different from having money in a bank where policy changes and government seizures or freezes may happen without warning.
I like smart contracts but you really have to be super careful with them, and ideally they should all be audited by a third party before launch, to help catch stuff like this. But even that's not a guarantee crap like this won't happen sometimes.