It's true, smart contract security is a tough problem, but the reality is that with formal verification, security audits and big bug bounties many have gotten it right. There are many protocols that have held billions in stablecoins for years with no issues. Some examples: https://defillama.com/
Smart contract hacks are really not as common as they were 5 years ago when security practices were an afterthought.
Regarding your seconds point on blockchain rollbacks, although technically possible on proof of stake networks with a 66% consensus it's simply not something that happens in reality as it goes against the goal of blockchains. The last time it happened was the 2016 DAO hack in Ethereum, 2 years after ethereuum mainnet launched, which was so controversial that the network split in two. "Ethereuum Classic" still exists to this day
Smart contract hacks are really not as common as they were 5 years ago when security practices were an afterthought.
Regarding your seconds point on blockchain rollbacks, although technically possible on proof of stake networks with a 66% consensus it's simply not something that happens in reality as it goes against the goal of blockchains. The last time it happened was the 2016 DAO hack in Ethereum, 2 years after ethereuum mainnet launched, which was so controversial that the network split in two. "Ethereuum Classic" still exists to this day