Your keys, your coins.
That’s one of the foundational promises of bitcoin and other cryptocurrencies, which remove the intermediaries standing between you and your money. But the phrase also carries a latent assumption Web3 companies would be wise to move on from: that any security problems are the holder’s problem, not theirs. That mindset may have worked when crypto was experimental. It doesn’t work when trillions of dollars and millions of people are involved.
The design space for crypto has expanded enormously since Bitcoin was created over 15 years ago. There are apps and protocols, cryptocurrency exchanges, stablecoins, and dozens of token standards, all connecting with each other. It’s not just decentralized money anymore, it’s a trillion-dollar ecosystem. The security risks have gotten more complicated, and the stakes have gotten higher. Self-custody still has a role to play, yes – but Web3 designers shouldn’t put most of the security burden on users.
To succeed as a mainstream technology, the crypto industry must evolve to match real-world security risks — social engineering, human error, and physical coercion — without compromising other core values like anonymity and pseudonymity.
Multiple decades of personal computing have given us plenty of data about people’s cyber hygiene. In short: it’s not perfect.
Educational campaigns like Cybersecurity Awareness Month, going on right now, help, but threats like phishing, bogus QR codes, and malware remain consistently effective. These aren’t going away. In fact, they’re evolving faster than our defenses.
According to data compiled by CoinLaw, crypto phishing attacks are on the rise, increasing by 40% in early 2025 and leading to user losses valued at $410 million. Some more bad news: AI-powered deepfakes are exacerbating the problem; those increased over 450% between mid-2024 and mid-2025, according to CoinLaw’s data.
Even more alarming: the uptick in violent crypto-related attacks, as organized crime groups physically force high-net-worth holders to give up their credentials. According to blockchain tracking company Chainalysis, there were over 30 reported “wrench attacks” in 2024, and 2025 is on pace to double that amount.
In short, security issues aren’t anomalies. They are predictable.
We don’t shrug at earthquakes in San Francisco or Japan; we build earthquake-resistant buildings. The same logic should apply to crypto security.
The good news: there’s lots of work being done in the Web3 space to make users safer and products more secure.
Your keys, your coins.
That’s one of the foundational promises of bitcoin and other cryptocurrencies, which remove the intermediaries standing between you and your money. But the phrase also carries a latent assumption Web3 companies would be wise to move on from: that any security problems are the holder’s problem, not theirs. That mindset may have worked when crypto was experimental. It doesn’t work when trillions of dollars and millions of people are involved.
The design space for crypto has expanded enormously since Bitcoin was created over 15 years ago. There are apps and protocols, cryptocurrency exchanges, stablecoins, and dozens of token standards, all connecting with each other. It’s not just decentralized money anymore, it’s a trillion-dollar ecosystem. The security risks have gotten more complicated, and the stakes have gotten higher. Self-custody still has a role to play, yes – but Web3 designers shouldn’t put most of the security burden on users.
To succeed as a mainstream technology, the crypto industry must evolve to match real-world security risks — social engineering, human error, and physical coercion — without compromising other core values like anonymity and pseudonymity.
Multiple decades of personal computing have given us plenty of data about people’s cyber hygiene. In short: it’s not perfect.
Educational campaigns like Cybersecurity Awareness Month, going on right now, help, but threats like phishing, bogus QR codes, and malware remain consistently effective. These aren’t going away. In fact, they’re evolving faster than our defenses.
According to data compiled by CoinLaw, crypto phishing attacks are on the rise, increasing by 40% in early 2025 and leading to user losses valued at $410 million. Some more bad news: AI-powered deepfakes are exacerbating the problem; those increased over 450% between mid-2024 and mid-2025, according to CoinLaw’s data.
Even more alarming: the uptick in violent crypto-related attacks, as organized crime groups physically force high-net-worth holders to give up their credentials. According to blockchain tracking company Chainalysis, there were over 30 reported “wrench attacks” in 2024, and 2025 is on pace to double that amount.
In short, security issues aren’t anomalies. They are predictable.
We don’t shrug at earthquakes in San Francisco or Japan; we build earthquake-resistant buildings. The same logic should apply to crypto security.
The good news: there’s lots of work being done in the Web3 space to make users safer and products more secure.
Leave feedback about this