A recent report by Kerberus, a Web3 security company, suggests that human behavior is a major risk in Web3.
BeInCrypto spoke to the company’s CEO, Alex Katz, and CTO, Danor Cohen, to understand why users continue to fall victim to attacks and what they can do to better protect themselves.
Sponsored Sponsored
Human error causes significant losses for Web3, Kerberus report finds
In its latest report titled “The Human Factor – Real-time Protection is the Hidden Layer of Web3 Cybersecurity (2025),” Kerberus revealed that human-focused attacks are structurally the most dangerous vector in Web3.
The report cites data showing that a significant portion of industry losses are attributable to user error. Approximately 44% of cryptocurrency thefts in 2024 were due to private key mismanagement. Another study shows that approximately 60% of security breaches involve human error.
With 820 million active wallets in 2025, the threat landscape is growing rapidly and everyone remains at risk. Katz told BeInCrypto that malicious actors target both beginners and experienced users, but for completely different reasons.
“It’s appealing because new users don’t yet understand what ‘normal’ Web3 behavior looks like,” he said.
Interestingly, the executive noted that long-time users are becoming an increasingly valuable target compared to new users. According to him,
“Veteran users interact with far more dApps, sign more transactions, and move more amounts of money, which means a moment of complacency can cause far more damage. Therefore, the groups most at risk today are those who believe they are not at risk.”
Cohen added that one of the biggest misconceptions about Web3 is the belief that security failures are due to users not understanding the technology. His analysis points in the opposite direction. People are being hacked because the system imposes an unrealistic burden on them.
“Users think, ‘I’m too smart to waste my energy, I know how wallets work, so I’m safe.'” But the threat landscape changes faster than users. The attacker isn’t trying to steal your wallet. They’re trying to outwit you. And they’re very good at it. What people misunderstand is that Web3 places a huge cognitive burden on individuals. Users should not have to decipher technical signals to stay safe, security should work automatically,” he said.
Sponsored Sponsored
Why even smart Web3 users will continue to be exhausted in 2025
Despite record spending on security in 2025, these human-driven risks still exist. Cryptocurrency-related services and investors lost more than $3.1 billion to hacks and fraud in the first half of this year, according to a report from Cerberus. This already exceeds the total for all of 2024.
This number also includes the historic Bybit breach. Even excluding this, human-targeted attacks such as phishing and social engineering still accounted for $600 million. This represented 37% of the remaining loss of $1.64 billion.
The report notes that these attacks are growing as adoption grows, completely evading technological defenses. This makes it difficult to prevent them using traditional security models.
While enterprises invest heavily in auditing, monitoring, and code reviews, attackers are increasingly exploiting users directly at the transaction level. But why are humans so vulnerable to these attacks?
Sponsored Sponsored
“Humans are vulnerable because all deceptions are designed to exploit natural psychological shortcuts: a sense of urgency, authority, familiarity, fear of missing out, a sense of security in everyday life. These are not flaws, but the same instincts that allow us to function in everyday life. Technology alone cannot change human psychology, but it can seize the moments when psychology becomes weaponized,” Cohen elaborated.
He emphasized that the strongest form of protection is not just educating users to avoid mistakes, but stopping harmful behavior in real time before any damage is done.
“That’s why real-time detection is so important. If we can warn users at the exact moment their trust is being manipulated, most losses can be stopped before they occur,” Cohen added.
The executive noted that it is unrealistic to expect everyday users to be able to distinguish between malicious dApps, airdrops, and mint pages. Modern fraudulent platforms often closely mirror legitimate platforms. This makes them almost indistinguishable.
He added that users may repeatedly click on phishing links. They do not do so out of inadvertence, but because the attack is intentionally designed to deceive.
Even real-time alerts can appear to be false positives, highlighting the sophisticated nature of these scams.
Sponsored Sponsored
“Users should not be expected to perform forensic checks; that burden needs to be shifted to tools that analyze intent and behavior in real time,” Cohen suggested.
The report also states that these attacks exploit the moments when users are least capable of assessing threats. It can happen when you check your wallet while distracted by work, respond to an urgent message that your account will be frozen, or approve a transaction when you’re exhausted at the end of a long day.
According to our findings, the industry’s response was primarily to add warnings and verification steps. However, this approach often backfires due to “security fatigue.” As users become accustomed to a constant stream of alerts, many of which are false alarms that simply slow them down, their ability to make deliberate decisions under continuous cognitive pressure diminishes.
3 actions users can take to stay secure with Web3
To reduce real-world losses, Katz identified three practices users can adopt. He advised users:
Pause before signing: Most breaches occur within 10 seconds. Simply taking a few moments to read the prompt and check whether the request matches the intended action can prevent the majority of successful attacks. Separate high-value assets from daily activities: Using multiple wallets remains one of the most effective safety measures. He suggested that users should store long-term assets in cold or low-touch wallets and use separate wallets for exploration, minting, and dApps. This compartmentalization limits potential damage. Rely on real-time transaction protection: Because many threats involve social engineering rather than technical exploits, users benefit from tools that interpret on-chain actions before they are completed. This single layer of defense blocks many of the more sophisticated scams.
He stressed that the goal is not to make users security experts, but to build guardrails that prevent mistakes from leading to financial losses.
