you are right, there have been many cases of hacking, theft and malicious behaviour in the blockchain space by many parties: developers, crypto-exchange owners, etc. As it happens in other industries, the community is formed of a majority of good people and a minority of bad people that cause pain and damage to the rest. Not many people are probably aware of the Bitcoin MT GOX hack that in 2014 ended with the theft of $450M in bitcoin. And not too many people know about the hack to the Ethereum DAO, the first big scale Dapp, which in 2015 cost around $150M in investment losses and required a major blockchain fork to roll back the damage. These hackings happened before the big-boom of December 2017, when cryptocurrencies and blockchain became mainstream. In the last few months you might have heard other episodes, such as the suspicious death of the CEO of a Canadian crypto-exchange that was alledgedly the only person to own the private keys of the exchange accounts, with a loss for his customers of around $200M. These news definitely contribute to damage the reputation of cryptocurrencies and also to the blockchain industry. And I believe, given the hype on the technology and the economic value involved, it is very easy new episodes will happen again.
I believe most of the hackings are due to the general inexperience of the whole industry. You would think that the developers of the crypto-exchanges should be so experienced in cryptography that hacking should be very unlikely. Yet the fact that these hacking episodes have been relatively frequent, proves that the industry is learning "the hard way" because good practice has yet to be defined. For example, the famous Ethereum DAO hacking was launched against a project developed by some of the most experienced Ethereum developers at the time, who obviously did not forsee all the possible "bad scenarios" that could have happened.
In the last couple of years Ethereum and other blockchain technologies have become more robust. For example, Solidity, the main EVM smart-contract language, has phased out some of the most vulnerable features which were being exploited by attackers.
In my book I cover security extensively, especially in chapter 14, which is entirely dedicated to the topic. I explain the most common attack strategies and I recommend how you should defend against them. I also give many pointers for further learning.
Hopefully going forward smart-contract languages and tools will become more robust and hacking cases will become less frequent.