When the first cryptocurrency, Bitcoin, was proposed in 2008, the objective was simple: to create a digital currency free from banks and governments. Over time, this idea has become something much bigger: “decentralized finance” or “deffi”.
With decentralized finances, people exchange, borrow and gain interests on cryptographic assets without counting on traditional intermediaries. The DEFI services operate on blockchains, which are essentially digital books and use “smart contracts” – a self -executing code that automates financial transactions. Tens of billions of dollars have paid on the Defi market.
But with innovation comes from the risks. The absence of centralized surveillance has made crypto, including decentralized finances, a target of choice for pirates and crooks. In 2024, people lost nearly $ 1.5 billion due to safety and fraud exploits. And unlike traditional finances, there is generally no way to recover the stolen crypto.
As a computer scientist, I wanted to better understand how people perceive and respond to these risks. So my colleagues and I first conducted in -depth interviews with 14 cryptography investors, then questioned nearly 500 others to validate our results.
Our study revealed that people have often made the same mistakes, motivated by false ideas and recurring shortcomings in awareness of security. Here are some of the most important.
Error 1: think that the blockchain guarantees safety
Many people told us that they thought that decentralized finance was sure – but their reasoning was not very convincing. Some seemed to confuse decentralized finances with blockchain technology itself, which is designed to guarantee that transactions are residents thanks to “consensus mechanisms”. One told us that DEFI is secure “because a hacker should replace an entire blockchain” to steal funds.
But the blockchain services are always vulnerable to the implementation and design of defects. These include violations of intelligent contracts, in which the bad guys use bugs in the code of a service and frontal attacks, where a user interface is modified to redirect the funds in a pirate. A frontal attack was reportedly responsible for a recent barrier of 1.5 billion dollars.
https://www.youtube.com/watch?v=NCZH9XDP43U
Error 2: Think that safe keys mean safe funds
Another false common idea is that DEFI is secure if the private keys are well stored. A private key is a secret code that allows someone to access their cryptographic assets. It is true that in DEFI – Unlike centralized cryptographic finance where an exchange has private keys – users have total control over their own private keys.
But even with perfect private key management, users can always lose funds by interacting with compromised DEFI platforms. Indeed
The people with whom we spoke did not follow best practices to ensure their private keys. The use of a hardware wallet – a physical device that stores private private keys – is one of the most secure options to protect keys from online threats. However, our study revealed that only a handful of participants really used material portfolios.
Error 3: Thinking about 2 factors authentication is a miracle solution
Authentication with two factors, or 2FA, is a standard safety mechanism in which two forms of verification are necessary to access an account. Remember to have sent an SMS a punctual code before you can connect to your bank account.
To avoid account violations, crypto-centralized exchanges such as binance and the base use two-factor authentication for connections, account recovery and withdrawal confirmations. But while 2FA is crucial for security in the traditional and centralized cryptographic financing system, it plays a much smaller role in decentralized finance.
DEFI portfolios give users with private property access rather than verification of identity, which means that the traditional 2FA cannot be used. Instead, only type 2FA mechanisms are available in DEFI. For example, multipsin portfolios require the approval of several private keys holders. However, if your private key is compromised, attackers can carry out wallet operations on your behalf without any additional verification. In addition, even users who adopt type 2FA measures cannot prevent security violations on the side of DEFI services.
Unfortunately, our participants were too confident regarding the efficiency of 2FA, one saying: “Two factors with two factors was one of the best solutions to ensure the safety of portfolios.” In our survey, 57.1% of users relied on the 2FA as their only technical countermeasure against carpet prints – scams where project creators suddenly remove funds – and 49.3% did it for intelligent contract exploits. This poorly placed trust could lead them to ignore more effective safety strategies.
Error 4: Do not manage tokens approvals
Such an effective strategy is to revoke token approvals. In Defi, tokens are digital assets on a blockchain that represent value or rights, and users often have to approve smart contracts to access or spend them. But if you leave these approvals open, a malicious contract – or a contract that has been hacked – can empty your wallet. It is therefore crucial to regularly check all the tokens approvals that you have granted to prevent losses caused by fraudulent or hacked deffi services. More specifically, you must limit expenditure allowances instead of using the default “unlimited” option and revoke the approvals for applications that you no longer use or no longer trust.
Concern, we found that only 10.8% and 16.3% of the participants checked and regularly revoked tokens approvals to protect against carpet pulls and exploits of smart contracts, respectively. In light of this, we recommend that wallet suppliers introduce a recall functionality to encourage users to periodically examine their token approvals.
Error 5: Do not learn past incidents
Even after being hacked or scammed, people often do nothing to improve their security practices, we found. Only 17.6% of those who declared that they had been victims of a defying defyer regularly checked thereafter. Worse, 26% did not take any measure after a scam and 16.4% doubled by investing even more in other DEFI services.
Surprisingly, more than half of the victims said that their belief in deffi remained the same or became stronger after the incident. A user who lost $ 4,700 due to a Rug-Pull incident said: “My belief in cryptocurrency became stronger after that because I made a lot of money.” This person added: “An opportunity to earn money is something in which I think.” This suggests that the financial motivations of users DEFI can sometimes prevail over their security problems – and, perhaps, their best judgment.
There is no unique solution to define security. But consciousness is the first step. To stay safe, cryptographic investors should use material portfolios, revoke unused token approvals and continuously learn new techniques to protect themselves against the evolution of threats. Most importantly, they should remain rational and not allow the attraction of the benefits to darken their safety practices.
