The Crypto Industry Must Evolve to Match Real-World Security Risks
The crypto industry must shift security burdens from users to designers to address evolving real-world risks like social engineering and physical coercion.Summary
The foundational crypto promise of "your keys, your coins" places too much security responsibility on users, a mindset that is unsustainable given the industry's trillion-dollar scale and complexity. Security issues like phishing, malware, and increasingly, physical coercion (wrench attacks) are predictable, not anomalies, and the industry must evolve its design philosophy accordingly, similar to how other sectors build earthquake-resistant structures.
Adrian Ludwig argues that security incidents should be treated as feedback on design flaws, not just user error. The industry needs to incorporate successful security layers from the broader internet, such as multifactor authentication and behavioral signals, to protect users automatically. Furthermore, designers must account for physical risks like assaults targeting high-net-worth holders, moving beyond purely digital threats.
Ultimately, as crypto matures beyond its experimental phase, systems must be designed for real people with inherent imperfections, not for ideal users. Security is no longer solely a user problem but an industry-wide design imperative to protect livelihoods.
(Source:CoinDesk)