Veracrypt 1.18 was audited in 2016 by the Open Source Technology Improvement Fund [0]. It is incredibly unlikely that a random NSA backdoor is sitting around on a high profile open source project like Veracrypt. If you are still skeptical you are free to take a look at all of the source yourself [1].
Has there been any equivalent audit of Veracrypt? Or should we basically assume it’s been compromised/backdoored.