Vitalik Buterin has offered a sweeping reframing of how the crypto industry should think about security, arguing that the concept is inseparable from user experience and fundamentally rooted in aligning systems with human intent.
Summary
- Vitalik Buterin argues that crypto security should be defined as minimizing the gap between user intent and system behavior.
- He says security and user experience are not separate fields, with security focused on high-impact, adversarial “tail risk” scenarios.
- Buterin advocates redundancy — such as simulations, multisig, and formal verification — over friction, stressing that perfect security is impossible.
Vitalik Buterin reframes crypto security as an intent problem
In a detailed post on X, the Ethereum co-founder defined security as minimizing “the divergence between the user’s intent, and the actual behavior of the system.”
Under that framing, he said, user experience and security are not separate disciplines but security simply focuses on tail-risk scenarios, particularly those involving adversarial behavior, where the cost of divergence is high.
Vitalik Buterin stressed that “perfect security” is impossible, not because machines or developers are flawed, but because user intent itself is deeply complex and difficult to formalize.
Even a seemingly simple action such as sending 1 ETH to “Bob” involves layers of ambiguity. Bob must be represented by a public key or address, which introduces risks such as impersonation, key compromise or even disputes over which blockchain fork represents the “real” ETH.
The problem becomes even more complicated with abstract goals like privacy. Encrypting messages may not be enough if metadata, who communicates with whom and when, reveals sensitive patterns. Determining what constitutes trivial versus catastrophic privacy loss, Buterin suggested, is itself subjective and context-dependent.
Drawing parallels to early AI safety debates about goal specification, he argued that robust security comes not from single safeguards but from redundancy. Good systems, he said, allow users to specify intent in multiple overlapping ways and only execute actions when those signals align.
He cited examples ranging from type systems and formal verification in programming to transaction simulations, multisignature wallets, spending limits and social recovery mechanisms. The common thread: redundancy from different “angles” reduces risk.
Buterin also suggested that large language models can serve as one such angle, approximating user intent, but warned they must never be the sole authority.
Ultimately, he concluded, security should not mean more friction across the board, but rather making low-risk actions easy and dangerous ones appropriately hard.
