Decentralised finance is booming-and so are the security risks

With decentralised finance, people trade, borrow, and earn interest on crypto assets without relying on traditional intermediaries. DeFi services run on blockchains, which are essentially digital ledgers, and use ‘smart contracts’—self-executing code that automates financial transactions.

The worldwide equivalent of tens of billions of dollars have poured into the DeFi market. However, with innovation comes risks. The lack of centralised oversight has made crypto—including decentralised finance - a prime target for hackers and scammers.

In 2024 alone, people lost nearly USD 1.5 billion (ZAR 26.6 billion) due to security exploits and fraud—and, unlike traditional finance, there’s usually no way to recover stolen crypto.

As a computer scientist, I wanted to better understand how people perceive and respond to these risks, so my colleagues and I first conducted in-depth interviews with 14 crypto investors, then surveyed nearly 500 others to validate our findings.

Our study found that people often made the same mistakes, driven by recurring misconceptions and gaps in security awareness. Here are some of the most important.

Mistake 1

Thinking that the blockchain guarantees security

Many people told us they thought decentralised finance was secure—but their reasoning wasn't very convincing.

Some seemed to confuse decentralised finance with blockchain technology itself, which is designed to ensure that transactions are tamper-resistant through so-called ‘consensus mechanisms’. One told us that DeFi is secure “because a hacker would have to override an entire blockchain” to steal funds.

However, services on the blockchain are still vulnerable to implementation and design flaws. These include smart contract breaches, in which bad guys exploit bugs in a service's code; and front-end attacks, where a user interface is altered to redirect funds into a hacker's wallet.