Yes, as I observed, the first two are user issues, though I wouldn't call asset loss due to being hacked by social engineers user error. More like a lack of user savvy. But hopefully by the time someone has gathered sufficient assets to be worth targeting, they have gained the savvy needed to avoid such things.

But what about my third point? What happens to wallets on a blockchain if the primary token collapses?