Scoopfeeds — Intelligent news, curated.
Crypto users keep getting robbed because of a simple design flaw—but a solution is at hand
business

Crypto users keep getting robbed because of a simple design flaw—but a solution is at hand

Fortune · May 7, 2026, 1:00 PM · Also reported by 1 other source

If you have ever paid online with Stripe’s new Link wallet, autofilled a checkout with Apple Pay, or topped up a Revolut account, you have used a piece of financial architecture that took decades to perfect. Sadly, for crypto and all its talk of reinventing money, the crypto industry has stubbornly failed to catch on. The principle is so simple it feels obvious. The thing you tap to pay should not be the thing that holds your money. When you use Apple Wallet, your real money sits in your bank or on a credit line at a card issuer. Apple Wallet is a key. The bank is the vault. When you check out with Stripe’s Link, the funds are charged to your linked debit card or bank account. Link itself holds nothing. Revolut takes a hybrid approach: a small balance for daily spending, with the rest of your financial life parked in linked accounts and cards. In every case, the architecture is the same: the spending interface and the store of value live apart. The interface is exposed to the world. The vault stays sealed. Crypto’s approach to wallets is decidedly the opposite. A crypto wallet, as the industry has built it, is not a wallet at all. It is a vault with a public-facing slot. Open MetaMask, Phantom, or any of the dozen consumer wallets that dominate the space, and what you are looking at is your entire net worth balance: Every token, every position, every digital deed, sitting at a single address controlled by a single private key. Each time you connect that wallet to an application, sign an approval, or send a transaction, you re-expose the whole thing to the open internet. The consequences are not theoretical. Last year, on-chain analytics firm Chainalysis tallied billions of dollars stolen through phishing signatures, malicious approvals, and so-called drainer kits. Pre-packaged scams that wait for a user to connect to a compromised site and empty the wallet in seconds. These are not edge cases. They are the predictable consequence of a category mistake. T

Article preview — originally published by Fortune. Full story at the source.
Read full story on Fortune → More top stories

Also covered by

Fast Company How do you design a bathroom for the godfather of the Bauhaus? Keep it simple

More in business

MarketWatch
Hantavirus outbreak is deadly and unfortunate. Experts don’t think it’s the next pandemic.
Investing.com
Space analytics firm HawkEye valued at $3.15 billion after NYSE debut
Investing.com
Outfront Media earnings in focus: Can digital push offset seasonal dip?
Investing.com
Paylocity earnings in focus: Can software firm reverse stock slide?
Investing.com
All eyes on PTC Therapeutics earnings after brutal Q4 miss
Aggregated and edited by the Scoop newsroom. We surface news from Fortune alongside other reporting so you can compare coverage in one place. Editorial policy · Corrections · About Scoop