[rdl]

The complexity of deployed identification/auth chain/secrets management/ec. is pretty terrifying; even if you can somehow understand it for one OS and hardware platform, if your service needs to support multiple OSes plus web plus multiple auth technologies plus a recovery path and everything else, dragons.

This is one of the few things cryptocurrency gets right in one specific way better than most other applications -- in most cases, everything is explicitly about operations with a key, and you build up protections on both sides of that. Unfortunately those protections themselves are often inadequate (hence billions of dollars in losses), but it's at least conceptually simpler and potentially could be fixed.

[dannyw]

I'm not convinced crypto is inherently less secure; I'd argue it's more secure on average. Data breaches happen every day; whether in financial services or not. The difference is that a breach is catastrophic for crypto; but just bad for most businesses.

[lxgr]

Have any of these catastrophic failures happened due to client/wallet-side user confusion, though?

I'm not a big fan of many things in crypto, but what I've seen in terms of "what you see is what you sign", clear user interfaces, secure user verification and confirmation etc. in some popular wallets is something that many existing banks could take a lesson from.

[rdl]

A lot of them -- the whole "phishing" thing happens to crypto users with regularity, and often for surprisingly large amounts. Usually not the single-victim/cause $100mm+ hacks, but lots of $1-5mm losses. The "new" fun thing is creating spoofed addresses where first 4 and last 4 characters match a target, but are controlled by attacker, but variations on getting users to initiate transfers to the wrong address are pretty common.

Crypto gets a few things really right, and can do some things which can't be done by tradfi, but has a huge number of problems which need to be solved (some are "open problems" which don't really have solutions yet; some are taking what the top 0.1% of people or what people do some amount less than 100% of the time and making it universal, which is mostly what I am doing now as CSO at a crypto insurance company.)