In modern crypto, user risk is the dominant risk.

Not exploits.
Not bugs.
Not protocols.

Users lose money because they misunderstand how systems work. And systems do work.

Why This Sounds Wrong

Most assume that protocol risk is primary.
That audits equal safety.
That exploits (supposedly executed by a team of super-coders in a dark room) are the main danger.

This is a visibility problem.

Exploits are dramatic and legible when they do happen.
They generate headlines and post-mortems.

User error is diffuse and boring.
It happens one wallet at a time.
It hides in aggregate statistics.

The industry measures what appears dangerous.
It ignores the real losses.

The Evidence

In September 2024, Radiant Capital lost roughly $50 million.

The protocol was audited.
The code behaved as designed.
No smart contract bug was exploited.

Developers received a malicious PDF via Telegram.
The file contained malware.
Transaction signatures were captured.
Funds were drained.

Code: correct.
Audits: passed.
Users: drained.

Radiant is not an outlier.