Human Errors Drive Most Web3 Losses Despite Billions Spent on Security, Kerberus Finds

Audits and monitoring safeguard protocols, but only a minority of providers offer real-time transaction-level protection to prevent social engineering attacks.

Monday, 17 November, Buenos Aires - Research from Kerberus shows that human-focused errors are a primary driver of Web3 losses. Data indicates that 44% of crypto thefts stem from private key mismanagement, while broader cybersecurity research finds that 60% of breaches involve human error. The findings, published in Kerberus’s report “The Human Factor: Real-Time Protection Is the Unsung Layer of Web3 Cybersecurity”, reveal a critical misalignment between where the industry invests in security and the points at which users actually lose funds.

“The ecosystem sets users up to fail,” said Alex Katz, CEO of Kerberus. “Social engineering drives the majority of real losses because we expect people to identify threats they have no way to detect. Users face these attacks during distracted moments or high-stress situations when cognitive capacity fails. Audits and monitoring can’t prevent what happens in those seconds. We need security that protects people during transactions, not just protocols before deployment.”

Even rigorous security training fails to solve the problem - phishing click rates stay between 7% and 15% after training programs. Users must constantly verify URLs, check contract addresses, review transaction details, approve token permissions, and interpret technical warnings. This repeated decision-making creates cognitive overload, and the brain responds by default to the easiest option, which in security contexts means users click approve or ignore warnings.

The industry security infrastructure prioritizes code integrity. Billions have been spent on smart contract audits, bug bounties, and blockchain monitoring. These tools verify well-known vulnerability patterns in code and overall technical quality, but operate outside the window where users actually lose funds. Traditional finance banks detect fraud automatically and protect consumers by default. Credit card companies don’t educate users about how to spot fraudulent charges; they block suspicious transactions in real time.

In April 2025, a US investor lost $330 million in Bitcoin through social engineering, with no breach of the wallet or code. This example illustrates how attackers exploit predictable human behavior, even when technical safeguards are in place.

“Social engineering works because the transaction often looks legitimate on-chain,” said Danor Cohen, CTO of Kerberus. “Traditional security tools aren’t able to distinguish between what a user wants to do and what an attacker manipulates them into. While audits remain a critical line of defense for protocols, they do not detect compromised intent at the moment of the user’s approval. Real-time solutions require systems that interpret behavioral signals and analyze transactions in real time at the wallet level. Our research shows that only 13% of Web3 security providers actively block malicious transactions in real time at the wallet level — the kind of protection that can prevent social engineering attacks before funds leave a user’s wallet.”

Each successful attack discourages multiple potential users from entering the ecosystem. Someone loses funds and tells friends, family, and social media followers to avoid crypto. These warnings spread and create barriers to adoption that compound over time. Retail investors hesitate when one mistake can erase their savings. Institutions avoid markets where basic fraud prevention doesn’t exist. The industry can’t reach mainstream adoption while it treats preventable losses as acceptable user errors.

Kerberus conducted the research to quantify the gap between security investment and actual user protection.

Unlike traditional security tools that focus on code audits and post-transaction monitoring, Sentinel3 provides real-time transaction scanning that blocks malicious transactions before they execute. This approach mirrors how traditional banks protect consumers—by automatically detecting and preventing fraud at the moment it occurs, not after the fact.

Sentinel3 has maintained zero user losses since its launch in January 2023, demonstrating the effectiveness of real-time protection. The extension also includes third-party coverage up to $30,000 per transaction, providing an additional layer of security for users. Learn more about Sentinel3’s transaction coverage.

To better protect yourself, it’s essential to understand the various threats in the Web3 ecosystem. Our comprehensive guide on crypto wallet drainers explains how these attacks work and how to recognize them before it’s too late.

Kerberus is a Web3 security company founded by Danor Cohen and Alex Katz. Cohen spent 15 years in offensive security, including as Head of Salesforce’s Offensive Security Department. He also earned recognition as a Top 10 PayPal bug hunter. Katz has a background in financial markets and global operations. The company built Sentinel3, a browser extension that blocks malicious transactions in real time across all EVM chains and Solana. Since its launch in January 2023, Sentinel3 has recorded zero losses for users and includes third-party coverage up to $30,000 per transaction.

Ready to protect your Web3 transactions? Get Sentinel3 and join thousands of users who have experienced zero losses with real-time transaction protection.