Kerberus Finds Only 13% Of Web3 Security Solutions Provide Real-Time User Protection
According to the brand new report from the Web3 safety agency Kerberus titled “The Human Factor: Real-Time Protection Is the Unsung Layer of Web3 Cybersecurity,” solely 13% of current Web3 safety options present real-time safety for customers. The majority of options stay reactive or provide solely partial transaction monitoring, highlighting a major hole in an business that has invested billions in safety infrastructure.
The report notes that through the first half of 2025, over $3.1 billion in losses have been recorded, together with the $1.46 billion breach of the Bybit alternate, which represents the biggest single cryptocurrency heist in historical past. Excluding this incident, human-targeted assaults similar to phishing and social engineering accounted for $600 million in losses, representing 37% of the remaining $1.64 billion.
Most safety instruments deal with auditing code previous to deployment or analyzing assaults post-event, thereby bettering protocol security, however customers stay largely unprotected on the exact second they conduct transactions.
Kerberus’s report examined the timing and intervention methods of main safety suppliers throughout the market, emphasizing the necessity for simpler real-time defenses.
“Our evaluation exhibits the business has a useful resource allocation drawback,” mentioned Alex Katz, CEO of Kerberus, in a written assertion. “Companies spend billions on safety measures that work earlier than or after an assault, however customers nonetheless lack safety through the important moments after they approve a transaction. Attackers exploit this window as a result of it’s undefended. Real-time safety solely covers a minority of options,” he added.
Kerberus Report: Majority Of Web3 Security Providers Rely On Preventative Measures
Kerberus performed an evaluation of 61 distinguished Web3 safety suppliers to evaluate the timing and strategies of their interventions. The research revealed that 87% of those suppliers provide preventative companies similar to code audits and forensic investigations, whereas solely 13% present energetic, real-time menace blocking on the transaction degree. Companies have been labeled utilizing publicly accessible data relating to their merchandise, deployment fashions, and whether or not their options stop assaults earlier than person approval of transactions or merely detect them afterward.
Although preventative safety measures are precious for assessing and mitigating dangers, business knowledge signifies that 90% of exploited sensible contracts had already handed safety audits. Additionally, 44% of cryptocurrency thefts in 2024 have been linked to non-public key mismanagement, highlighting {that a} portion of losses happen in areas past the attain of code verification.
In April 2025, a US investor misplaced $330 million in Bitcoin because of social engineering, with no compromise to the pockets or underlying code. Research exhibits that even with person coaching applications, phishing click on charges stay between 7% and 15%, demonstrating that customers proceed to be susceptible to manipulation regardless of current technical safeguards.
“Most safety instruments function exterior the transaction window,” mentioned Danor Cohen, CTO of Kerberus, in a written assertion. “They present precious audits and post-breach investigations, however these have to be complemented by real-time options, which interpret person intent on the pockets degree throughout a stay transaction and carry out a quick, deep scan with out interrupting the person. That’s a extremely difficult technical drawback that requires refined rip-off detection IP, which explains why real-time safety is obtainable by solely 13% of suppliers,” he added.
Real-Time Protection Needed As Web3 Security Struggles To Keep Pace With Growing User Base
The Web3 safety business initially developed to deal with the priorities of its early, experimental section, when vulnerabilities in sensible contract code represented the first danger. (At that point, firms targeted on auditing contracts and investigating breaches, constructing their enterprise fashions round these companies.
That method was applicable when the person base was small and technically proficient. However, Web3 has since grown to 820 million energetic wallets, with 59% of customers managing their very own personal keys. Although threats have advanced, a lot of the safety infrastructure has remained unchanged.
Trust is important for Web3 adoption, however customers presently lack confidence within the security of their funds. In conventional finance, shopper safety is constructed into the system: banks monitor transactions, block suspicious exercise, and reimburse victims of fraud. Users depend on these safeguards as a result of they stop catastrophic losses from a single error.
Web3, against this, exposes customers to everlasting loss from a single mistake, with no automated recourse. This atmosphere discourages retail participation in markets that require fixed vigilance and limits institutional funding in programs with out basic fraud protections. Establishing real-time safety as commonplace infrastructure is due to this fact important for increasing the person base.
Kerberus launched these findings to supply data-driven benchmarks for real-time safety inside the Web3 safety panorama, highlighting the necessity for options that safeguard customers in the intervening time of transaction.
The submit Kerberus Finds Only 13% Of Web3 Security Solutions Provide Real-Time User Protection appeared first on Metaverse Post.
