I Experienced More than 10 DeFi Scams: On DeFi Users' Perception of Security Breaches and Countermeasures

TL;DR

This study explores DeFi users' perceptions of security risks, their behaviors after scams, and the need for stronger regulations, revealing that financial motivations often outweigh security concerns among users.

Contribution

It provides the first comprehensive analysis of DeFi users' security perceptions, behaviors post-attack, and highlights the gap in security practices despite frequent scams.

Findings

DeFi users prefer DeFi over CeFi due to decentralization and profitability.

Most victims do not change security practices after scams.

Financial motivation outweighs security concerns among DeFi users.

Abstract

Decentralized Finance (DeFi) offers a whole new investment experience and has quickly emerged as an enticing alternative to Centralized Finance (CeFi). Rapidly growing market size and active users, however, have also made DeFi a lucrative target for scams and hacks, with 1.95 billion USD lost in 2023. Unfortunately, no prior research thoroughly investigates DeFi users' security risk awareness levels and the adequacy of their risk mitigation strategies. Based on a semi-structured interview study (N = 14) and a follow-up survey (N = 493), this paper investigates DeFi users' security perceptions and commonly adopted practices, and how those affected by previous scams or hacks (DeFi victims) respond and try to recover their losses. Our analysis shows that users often prefer DeFi over CeFi due to their decentralized nature and strong profitability. Despite being aware that DeFi, compared to CeFi, is prone to more severe attacks, users are willing to take those risks to explore new investment opportunities. Worryingly, most victims do not learn from previous experiences; unlike victims studied through traditional systems, DeFi victims tend to find new services, without revising their security practices, to recover their losses quickly. The abundance of various DeFi services and opportunities allows victims to continuously explore new financial opportunities, and this reality seems to cloud their security priorities. Indeed, our results indicate that DeFi users' strong financial motivations outweigh their security concerns - much like those who are addicted to gambling. Our observations about victims' post-incident behaviors suggest that stronger control in the form of industry regulations would be necessary to protect DeFi users from future breaches.