Only 13% Of Web3 Tools Offer Real-Time Defense—Kerberus Expands Sentinel3 Protection To Solana Users
In Brief
Kerberos’ latest report reveals that phishing and social engineering drove $594M in Web3 losses in H1 2025, with Solana users hit hardest amid fast ecosystem growth.
Web3 security firm Kerberus published a new report showing that phishing and social engineering attacks were responsible for $594 million, or 36%, of all Web3 losses in the first half of 2025, with approximately $90 million, or 15%, occurring on the Solana network. These figures are based on a total of $1.64 billion in Web3 hacks and scams during H1 2025, excluding the Bybit incident, with Solana accounting for $250 million of that total.
The Solana ecosystem has experienced significant growth and high transaction activity in recent years, which has increased its visibility to attackers. This heightened attention is not due to inherent security weaknesses but rather the larger user base and transaction volume, which create more opportunities for attacks targeting individuals. In early 2024, two drainer tools were linked to $4.17 million in losses. Even highly sophisticated threat actors have increasingly focused on user-targeted methods; for example, in May 2025, the state-sponsored Lazarus Group carried out a $3.2 million Solana wallet heist by tricking users into approving malicious transactions.
Between October 2024 and March 2025, over 8,000 phishing transactions were detected on Solana, resulting in roughly $1.1 million in confirmed losses across 64 phishing accounts. Researchers identified three attack methods specific to Solana’s architecture, including account authority transfers and system account impersonation. Attack strategies have become more complex, with fake presale websites and Telegram impersonation campaigns aimed at stealing credentials. By July 2025, CoinNess reported a surge of such impersonation scams in South Korea, with attackers posing as the Solana Foundation.
These findings indicate a clear trend: in widely used, high-activity ecosystems such as Solana, attackers tend to target users through deception and social engineering rather than exploiting technical vulnerabilities. To address this, Kerberus released a micro-brief at Solana Breakpoint, outlining the common tactics behind these thefts and providing guidance on how users can protect themselves.
“What we see on Solana matches what we see on every chain that has grown quickly,” said Alex Katz, cofounder of Kerberus, in a written statement. “Attackers go after moments of confusion. The faster an ecosystem expands, the more of those moments there are,” he added.
Kerberus Exposes Web3 Security Gap: Sentinel3 Delivers Real-Time Protection With 99.9% Accuracy
The firm’s recent report highlights a gap in the industry’s approach to security. Only 13% of Web3 security tools provide real-time protection, with the majority concentrating on audits, education, and post-incident analysis rather than intervening when a user is about to approve a risky transaction. Broader cybersecurity studies suggest that human error accounts for around 60% of breaches.
“People get scammed because they are rushed, distracted, or excited about something happening on-chain,” said Danor Cohen, cofounder of Kerberus. “Security has to work automatically in those moments.”
The Kerberus Sentinel3 browser extension analyzes Web3 transactions before they are approved, automatically preventing malicious activity with a reported 99.9% detection rate. It has maintained a record of zero user losses for nearly three years and offers up to $30,000 in coverage per transaction through a third-party provider.
In February 2025, Kerberus extended Sentinel3’s real-time protection from all EVM chains to include users on the Solana network. Following its acquisition of competitor Pocket Universe in August, Kerberus implemented the same Solana coverage for Pocket Universe users in November.
“Our goal is to ensure unsafe transactions can’t be approved in the first place,” said Alex Katz. “It’s easy to be distracted or rushed in the heat of on-chain events. That’s why Kerberos protects users at the moment they sign, so they don’t need to inspect every signature themselves,” he added.
The company is working toward a model of safer Web3 adoption, where protection operates automatically and users can focus on their intended activities.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
