Human-Targeted Attacks Are Now Web3’s Most Dangerous Threat, Report Finds

A recent report by Kerberus, a Web3 security firm, suggests that human behavior is now the primary risk in Web3.

BeInCrypto spoke with the firm’s CEO, Alex Katz, and CTO, Danor Cohen, to understand why users continue to fall victim to attacks and what they can do to better protect themselves.

Human Error Drives Major Web3 Losses, Kerberus Report Finds

In its latest report titled “The Human Factor – Real-Time Protection Is the Unsung Layer of Web3 Cybersecurity (2025),” Kerberus revealed that human-focused attacks were the most structurally dangerous vector in Web3.

The report cites data showing that a significant share of industry losses stems from user mistakes. Roughly 44% of crypto thefts in 2024 resulted from the mismanagement of private keys. Another research indicates that human error is involved in approximately 60% of security breaches.

With 820 million active wallets in 2025, the threat landscape is expanding quickly, and everyone remains at risk. Katz told BeInCrypto that bad actors are targeting both newcomers and experienced users, but for very different reasons.

“New users are attractive because they don’t yet understand what ‘normal’ Web3 behavior looks like,” he said

Interestingly, the executive noted that long-time users are becoming increasingly higher-value targets compared to newcomers. According to him,

“Veteran users interact with far more dApps, sign more transactions, and move larger amounts. That means a single moment of complacency can do far more damage. So the group most at risk today is anyone who assumes they’re not at risk.”

Cohen added that one of the biggest misconceptions in Web3 is the belief that security failures stem from users not understanding the technology. His analysis points in the opposite direction. People are getting hacked because the system places an unrealistic burden on them.

“Users think, ‘I’m too smart to get drained, I know how wallets work – I’m safe.’ But the threat landscape changes faster than users do. Attackers aren’t trying to outsmart your wallet; they’re trying to outsmart you. And they’re extremely good at it. What people misunderstand is that Web3 puts an enormous cognitive burden on the individual. Users shouldn’t have to decipher technical signals to stay safe – security must work for them automatically,” he mentioned.

Why Even Smart Web3 Users Keep Getting Drained in 2025

These human-driven risk persists despite record spending on security in 2025. Kerberus’ report stated that crypto-related services and investors lost over $3.1 billion to hacks and scams in the first half of the year. This is already more than the total for all of 2024.

That number includes the historic Bybit breach. Excluding this, human-targeted attacks such as phishing and social engineering still accounted for $600 million. This represented 37% of the remaining $1.64 billion in losses.

The report noted that these attacks scale with growing adoption and bypass technical defenses entirely. This makes it difficult for traditional security models to prevent them.

While companies invest heavily in audits, monitoring, and code reviews, attackers increasingly exploit users directly at the transaction level. But what makes humans so vulnerable to these attacks?

“Humans are vulnerable because every scam is designed to exploit natural psychological shortcuts — urgency, authority, familiarity, fear of missing out, or comfort with routine. These are not flaws; they’re the same instincts that allow us to function in everyday life. Technology alone can’t change human psychology, but it can catch the moment when psychology is being weaponized,” Cohen detailed.

He emphasized that the strongest form of protection isn’t relying on users to avoid mistakes through education alone, but rather stopping harmful actions in real-time before damage occurs.

“That’s why real-time detection matters so much. If you can warn a user at the exact moment their trust is being manipulated, you can stop most losses before they occur,” Cohen added.

The executive noted that it’s unrealistic to expect an everyday user to distinguish between a malicious dApp, an airdrop, or a mint page. Modern fraudulent platforms often closely mirror legitimate ones. This makes them nearly indistinguishable.

He added that users can click phishing links repeatedly. They don’t do so out of carelessness, but because the attacks are intentionally crafted to deceive.

Even real-time warnings can sometimes appear to be false positives, highlighting the advanced nature of these scams.

“Users shouldn’t be expected to perform forensic checks. The burden has to shift to tools that analyze intent and behavior in real time,” Cohen suggested.

The report also states that these attacks exploit moments when users are least able to assess threats. It may happen when someone checks their wallet while distracted at work, reacts to an urgent message claiming their account will be frozen, or approves a transaction at the end of a long day when they’re exhausted.

According to the findings, the industry’s response has largely been to add more warnings and verification steps. But this approach often backfires due to “security fatigue.” As users become accustomed to constant alerts—many of which are false alarms that simply slow them down—their ability to make careful decisions diminishes under the continuous cognitive pressure.

3 Actions Users Can Take to Stay Safer in Web3

To reduce real-world losses, Katz disclosed three practices users can adopt. He advised users to:

• Pause before signing: Most compromises occur in under ten seconds. Taking even a brief moment to read the prompt or confirm whether the request aligns with the intended action can prevent a large share of successful attacks.
• Separate high-value assets from everyday activity: Using multiple wallets remains one of the most effective safeguards. He suggested that users should keep their long-term holdings in a cold or low-touch wallet and use a separate wallet for exploration, mints, and dApps. This compartmentalization limits potential damage.
• Rely on real-time transaction protection: Because many threats involve social engineering rather than technical exploits, users benefit from tools that interpret on-chain actions before they’re finalized. This single layer of defense blocks many of the more advanced scams.

The intention, he stressed, is not to turn users into security experts, but to build guardrails that prevent mistakes from turning into financial losses.

The post Human-Targeted Attacks Are Now Web3’s Most Dangerous Threat, Report Finds appeared first on BeInCrypto.