Why Scammers Prefer Targeting Veteran Web3 Users

Human Error Drives Major Web3 Losses, Kerberus Report Finds

A recent report by Kerberus, a leading Web3 security firm, has highlighted a concerning trend: human behavior is the primary risk factor in Web3 environments. As digital assets proliferate, so do the vulnerabilities associated with their management. This alarming finding has emerged from Kerberus’ report titled “The Human Factor – Real-Time Protection Is the Unsung Layer of Web3 Cybersecurity (2025),” and raises critical questions regarding user safety in the blockchain space.

The Landscape of Vulnerability

The Kerberus report points out a staggering statistic: around 44% of crypto thefts in 2024 were directly linked to the mismanagement of private keys. When combined with findings that human error is a factor in approximately 60% of security breaches, the data paints a grim picture. With 820 million active wallets projected for 2025, the potential for harm only escalates. The danger isn’t limited to newcomers; even seasoned users are increasingly vulnerable, albeit for different reasons.

“What makes experienced users particularly at risk is their familiarity,” explained Alex Katz, CEO of Kerberus, during an engaging conversation with BeInCrypto. “Veteran users engage with more decentralized applications (dApps), execute more transactions, and handle larger sums. A fleeting moment of complacency can lead to catastrophic losses.”

The Misconception about User Knowledge

Interestingly, Kerberus’ CTO, Danor Cohen, challenged the common belief that security issues mainly stem from a lack of user understanding of technology. He argues that the real problem lies in an unrealistic burden placed on users. While the industry often assumes that increased knowledge can mitigate risks, Cohen posits that threats are continually evolving, making it nearly impossible for users to stay ahead.

“Users think, ‘I know how wallets work, so I’m safe,’ but that’s a dangerous mindset,” Cohen asserted. “Attackers aim not just to exploit the technology but to manipulate your decision-making process. The technology should be designed to help users, not require them to decipher hundreds of technical signals to stay safe.”

Human Vulnerability and Psychological Exploitation

As attackers have become increasingly savvy, the nature of their strategies has shifted. The Kerberus report emphasizes that human vulnerabilities are often exploited through psychological triggers like urgency, authority, fear of missing out, and the comfort of routine. These aren’t flaws; rather, they are fundamental instincts that help navigate daily life.

“Technology alone cannot change human psychology. However, it can proactively identify when these instincts are being weaponized against the user,” Cohen pointed out.

The Challenge of Traditional Security Models

Despite significant investments in cybersecurity, including rigorous audits and monitoring, attackers appear to be targeting users directly during transactions. The alarming part? Many users find these scams nearly indistinguishable from legitimate operations, making traditional security measures less effective.

“Real-time detection is invaluable. If we can alert users the moment their instincts are being manipulated, a significant number of losses can be averted,” Cohen elaborated. However, he cautioned that even this isn’t foolproof, as users can sometimes misinterpret warnings, leading to further confusion.

The Impact of Security Fatigue

The push to up security measures often results in an overload of warnings, contributing to what some experts call “security fatigue.” Users become desensitized to alerts, which leads to declining vigilance. Although the industry’s response has generally been to add verification steps, this method can backfire, making users feel overwhelmed and less capable of careful decision-making.

As many potential compromises occur in brief moments—often when users are distracted, hurried, or fatigued—the challenge lies in creating an environment where users can feel secure without being bombarded by excessive, unclear warnings.

3 Actions Users Can Take to Stay Safer in Web3

Given the disheartening statistics and evolving threats, what can users do to protect themselves in this complex environment? Kerberus offers three practical recommendations:

1. Pause Before Signing: Many successful compromises happen in under ten seconds. Taking a moment to read prompts or checking whether a request aligns with intentions can drastically reduce the likelihood of falling victim to a scam.

2. Separate High-Value Assets from Everyday Activity: Using multiple wallets is a robust protective measure. Users are advised to compartmentalize their assets by storing long-term holdings in secure wallets while using a different wallet for regular activities. This strategy can help limit potential losses.

3. Rely on Real-Time Transaction Protection: Since many threats involve social manipulation rather than technical exploitation, leveraging tools that assess on-chain actions before they are finalized can provide crucial protection. This proactive measure can guard against advanced scams that may not be immediately apparent.

The aim is not to turn users into security experts, but rather to create a robust framework that minimizes risks and prevents small mistakes from leading to hefty financial consequences.

In an environment where the stakes are continually rising, understanding these vulnerabilities—and how to counteract them—becomes essential for every user navigating the complexities of Web3.