Reason #57526 on verifying:
Tornado Cash IPFS front-ends had backdoor code that hijacked deposit certificates and was hidden in plain sight for just almost two months inside a governance proposal made by Butterfly Effects.
Discussion
Honestly believe the platforms they use are at fault here.
Not many people are going out of their way to use Ethereum domains for serious use cases. It's mostly circulated purely for LARP or for a limited audience. Maybe I have filter bubbled myself but I couldn't think of a single person who does... If they had a more accessible platform people would have noticed these discrepencies far better because there would be more eyes watching them. Monero wallet developers make their workflow almost entirely on Tor and has worked far better because people genuinely use Tor.
This is only my opinion though...
If you can't make the platform to verify your software accessible then most people just won't even try to do that. That's on them.