People are the weak spot

Crypto losses in 2025 are already over $3B, and most come from social attacks: Phishing emails, fake support chats, impostors asking for "verification," and, in some cases, real-world threats.

The issue is how we handle access. Seed phrases live in notes and photos. Many wallets still depend on one factor for recovery. Once a thief has it, the funds move, and there is no way to pull them back.

The fix typically encompasses: Hardware keys, multi-factor recovery, allow lists and spend limits, verified identity when resetting access, keeping secrets offline (cold storage), far away from cloud drives, and practicing on small amounts first.

If payments are to mature, this is what's required. Crypto needs the same muscle memory: Controls, checklists, and tools that make safe the default.