I Experienced More than 10 DeFi Scams: On DeFi Users' Perception of Security Breaches and Countermeasures

Authors: 

Mingyi Liu, Georgia Institute of Technology; Jun Ho Huh, Samsung Research; HyungSeok Han, Jaehyuk Lee, Jihae Ahn, and Frank Li, Georgia Institute of Technology; Hyoungshick Kim, Sungkyunkwan University; Taesoo Kim, Georgia Institute of Technology

Abstract: 

Decentralized Finance (DeFi) offers a whole new investment experience and has quickly emerged as an enticing alternative to Centralized Finance (CeFi). Rapidly growing market size and active users, however, have also made DeFi a lucrative target for scams and hacks, with 1.95 billion USD lost in 2023. Unfortunately, no prior research thoroughly investigates DeFi users' security risk awareness levels and the adequacy of their risk mitigation strategies.

Based on a semi-structured interview study (N = 14) and a follow-up survey (N = 493), this paper investigates DeFi users' security perceptions and commonly adopted practices, and how those affected by previous scams or hacks (DeFi victims) respond and try to recover their losses. Our analysis shows that users often prefer DeFi over CeFi due to their decentralized nature and strong profitability. Despite being aware that DeFi, compared to CeFi, is prone to more severe attacks, users are willing to take those risks to explore new investment opportunities. Worryingly, most victims do not learn from previous experiences; unlike victims studied through traditional systems, DeFi victims tend to find new services, without revising their security practices, to recover their losses quickly. The abundance of various DeFi services and opportunities allows victims to continuously explore new financial opportunities, and this reality seems to cloud their security priorities. Indeed, our results indicate that DeFi users' strong financial motivations outweigh their security concerns – much like those who are addicted to gambling. Our observations about victims' post-incident behaviors suggest that stronger control in the form of industry regulations would be necessary to protect DeFi users from future breaches.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299832,
author = {Mingyi Liu and Jun Ho Huh and HyungSeok Han and Jaehyuk Lee and Jihae Ahn and Frank Li and Hyoungshick Kim and Taesoo Kim},
title = {I Experienced More than 10 {DeFi} Scams: On {DeFi} Users{\textquoteright} Perception of Security Breaches and Countermeasures},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {6039--6055},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/liu-mingyi},
publisher = {USENIX Association},
month = aug
}