Even a minor error or flaw in a smart contract logic can freeze a lot of money, also, holes can be introduced by developers intentionally, to commit exit-scam.
all smart contracts contain critical vulnerabilities
50 million $
Was stolen from the DAO project due to a technical flaw in the smart contract code
1 billion $
lost as a human error result in the smart contract code