The (real) reasons for it shutting down were never given.
However, at the time it was theorized that in the event the maintainers had found a fundamental flaw, disclosing that flaw by issuing a patch would immediately jeopardize all preexisting truecrypt containers by revealing a method for breaking them. That would be untenable, and so the only alternative would be to shut down the entire project and recommend no further use of the software - as was done.
A subsequent audit did not identify any such security flaw, so the prevailing theory is now that the maintainers were forced to stop work by a governmental agency. It's considered safe and now known as veracrypt.
However, the question I have is whether a single crowdsourced security audit would be capable of finding a flaw that it took the developers themselves years (decades?) to identify.
However, at the time it was theorized that in the event the maintainers had found a fundamental flaw, disclosing that flaw by issuing a patch would immediately jeopardize all preexisting truecrypt containers by revealing a method for breaking them. That would be untenable, and so the only alternative would be to shut down the entire project and recommend no further use of the software - as was done.
A subsequent audit did not identify any such security flaw, so the prevailing theory is now that the maintainers were forced to stop work by a governmental agency. It's considered safe and now known as veracrypt.
However, the question I have is whether a single crowdsourced security audit would be capable of finding a flaw that it took the developers themselves years (decades?) to identify.