There have already been multiple incidents involving bugs in "smart contract" code being exploited to steal funds, one within the past few days[1]. A particularly nasty case involved something called "the DAO", which was an attempt to do something like a distributed VC fund, but had a bug which allowed any participant to steal all funds contributed. That one got backed out by a hard fork of the Ethereum blockchain, but that's obviously not a stable or scalable solution to dealing with these types of situations going forward.

[1] https://www.theregister.co.uk/2017/07/20/us30_million_below_...