Web3 security firm Kerberus published a new report showing that phishing and social engineering attacks were responsible for $594 million, or 36%, of all Web3 losses in the first half of 2025, with approximately $90 million, or 15%, occurring on the Solana network. These figures are based on a total of $1.64 billion in Web3 hacks and scams during H1 2025, excluding the Bybit incident, with Solana accounting for $250 million of that total.
The Solana ecosystem has experienced significant growth and high transaction activity in recent years, which has increased its visibility to attackers. This heightened attention is not due to inherent security weaknesses but rather the larger user base and transaction volume, which create more opportunities for attacks targeting individuals. In early 2024, two drainer tools were linked to $4.17 million in losses. Even highly sophisticated threat actors have increasingly focused on user-targeted methods; for example, in May 2025, the state-sponsored Lazarus Group carried out a $3.2 million Solana wallet heist by tricking users into approving malicious transactions.
Between October 2024 and March 2025, over 8,000 phishing transactions were detected on Solana, resulting in roughly $1.1 million in confirmed losses across 64 phishing accounts. Researchers identified three attack methods specific to Solana’s architecture, including account authority transfers and system account impersonation. Attack strategies have become more complex, with fake presale websites and Telegram impersonation campaigns aimed at stealing credentials. By July 2025, CoinNess reported a surge of such impersonation scams in South Korea, with attackers posing as the Solana Foundation.
These findings indicate a clear trend: in widely used, high-activity ecosystems such as Solana, attackers tend to target users through deception and social engineering rather than exploiting technical vulnerabilities. To address this, Kerberus released a micro-brief at Solana Breakpoint, outlining the common tactics behind these thefts and providing guidance on how users can protect themselves.
“What we see on Solana matches what we see on every chain that has grown quickly,” said Alex Katz, cofounder of Kerberus, in a written statement. “Attackers go after moments of confusion. The faster an ecosystem expands, the more of those moments there are,” he added.
The firm’s recent report highlights a gap in the industry’s approach to security. Only 13% of Web3 security tools provide real-time protection, with the majority concentrating on audits, education, and post-incident analysis rather than intervening when a user is about to approve a risky transaction. Broader cybersecurity studies suggest that human error accounts for around 60% of breaches.
“People get scammed because they are rushed, distracted, or excited about something happening on-chain,” said Danor Cohen, cofounder of Kerberus. “Security has to work automatically in those moments.”
The Kerberus Sentinel3 browser extension analyzes Web3 transactions before they are approved, automatically preventing malicious activity with a reported 99.9% detection rate. It has maintained a record of zero user losses for nearly three years and offers up to $30,000 in coverage per transaction through a third-party provider.
In February 2025, Kerberus extended Sentinel3’s real-time protection from all EVM chains to include users on the Solana network. Following its acquisition of competitor Pocket Universe in August, Kerberus implemented the same Solana coverage for Pocket Universe users in November.
“Our goal is to ensure unsafe transactions can’t be approved in the first place,” said Alex Katz. “It’s easy to be distracted or rushed in the heat of on-chain events. That’s why Kerberos protects users at the moment they sign, so they don’t need to inspect every signature themselves,” he added.
The company is working toward a model of safer Web3 adoption, where protection operates automatically and users can focus on their intended activities.
The post Only 13% Of Web3 Tools Offer Real-Time Defense—Kerberus Expands Sentinel3 Protection To Solana Users appeared first on Metaverse Post.
