Security exploits in decentralised systems are rarely caused by technical failures alone. Instead, they emerge at the edges between code, incentives, and institutions - where authority is informal, coordination is improvised, and legitimacy is contested.

Drawing on multi-year ethnographic research embedded in decentralised security communities and real world experience in security practices, this talk reframes security as a socio-technical phenomenon: one sustained not only by protocols and tools, but by moral codes, information practices, incentive structures, and cross-institutional coordination. While the ecosystem is still (rightly) investing heavily in technical interventions (such as improved wallets and developer tooling), many high-impact dynamics remain under-acknowledged, including white-hat incentives, incident information formats, coordination with traditional authorities, and the physical and organisational realities of security work.

The presentation outlines key findings from a forthcoming book on blockchain security, followed by a practitioner response and Q&A with Matta from The Red Guild, who works daily on frontline interventions including phishing education, operational security guidance, and adversarial response. Together, the session bridges analytical diagnosis with operational reality, offering security professionals a clearer map of the system they already inhabit—and a basis for thinking differently about where leverage actually lies, and what needs to be done to improve the state of blockchain security.