“The lowest layer of infrastructure, which is the blockchain itself, is really secure in compared to other technologies. It’s almost bulletproof,”
Share
Crypto scams have become one of the fastest-growing threats in the Web3 ecosystem. Despite advances in blockchain security, user losses continue to rise, driven mainly by phishing, address poisoning, and social engineering attacks rather than protocol failures.
The core issue is not technological weakness at the blockchain level. It is the way responsibility shifted when users moved from traditional finance into crypto. In banks, fraud protection, insurance, and monitoring exist by default.
In Web3, those safeguards largely disappeared, replaced by the expectation that users would manage security on their own.
That expectation, according to Danor Cohen, is fundamentally flawed.
“People really got excited about the idea of moving from Web2 to Web3 or the concept of blockchain,” Cohen said.
“But what they didn’t really realize is that the moment they shifted from their traditional banking systems into crypto, they literally lost tens of years of development and know-how in the cybersecurity space.”
Cohen is the CTO and co-founder of Kerberus Cyber, a Web3 security company that focuses on detecting onchain threats in real-time.
He has spent more than a decade working in both offensive and defensive cybersecurity, including vulnerability research and large-scale attack simulations for major platforms.
In an interview with CCN, he explained why Web3 scams remain so effective, why user education alone cannot solve the problem, and why crypto security must evolve beyond the idea of personal responsibility.
Watch the interview here:
How Web3 Removed Banking Security and Shifted Risk to Users
One of the most overlooked aspects of Web3 adoption is what users gave up when they left traditional financial systems.
Banks built layered security infrastructures over decades. Fraud detection teams, behavioral analysis models, transaction monitoring, and consumer protections operate quietly in the background.
Crypto removed those systems almost overnight.
“All of the companies that got built during the years to protect against frauds in banking, scams, cyber, everything thrown out of the window,” Cohen said.
Web3 framed this shift as empowerment through self-custody. In practice, it transferred institutional risk directly onto individuals.
“The user is almost solely responsible on his own security,” Cohen said.
From a cybersecurity perspective, that shift represents a regression. Systems that once absorbed human error now punish it permanently.
Unlike Web2 fraud, most Web3 scams do not rely on technical exploits. They rely on finality.
Once a user signs a transaction, there is no reversal, no dispute mechanism, and no intermediary to intervene. Attackers exploit this design by creating scenarios that pressure users into quick decisions.
“Hackers are not after hacking people just for fun,” Cohen said. “They are there for the money.”
That incentive structure explains why scams cluster around retail-facing tools rather than core protocols. Wallet interfaces, websites, browser extensions, and QR codes all depend on user interpretation. Any moment of distraction becomes an entry point.
The system assumes constant vigilance. Human behavior does not.
The Gap Between Blockchain Security and User Interfaces
Cohen repeatedly emphasized a distinction that many users still miss.
“People do not understand the separation between the crypto infrastructure versus decentralized applications (DApps) and the usage of crypto in technology in blockchain,” he said.
At the protocol level, blockchains perform well.
“The lowest layer of infrastructure, which is the blockchain itself, is really secure in compared to other technologies. It’s almost bulletproof,” Cohen said.
The failures occur above that layer. Users interact with interfaces that evolve rapidly and lack consistent security standards. Each additional layer introduces ambiguity, and ambiguity creates risk.
Cohen compared the situation to operating a powerful machine without sufficient safeguards. The technology works as designed, but the consequences fall on the user.
Why No Blockchain Is Immune During Hype Cycles
Kerberus monitors threats across multiple blockchains. Cohen rejected the notion that specific ecosystems inherently offer protection.
“I wouldn’t say that there is a difference between the different chains in terms of security,” he said.
Instead, scam activity mirrors hype cycles.
“We see a clear correlation between where the money goes and the trends and when the scammers go,” Cohen said.
“If it’s a Solana month and everyone is doing Solana and Solana memecoins, you would definitely see all of the scammers aiming towards Solana.”
Security risk scales with participation. As attention increases, attackers follow.
Phishing and Address Poisoning Drive Most Crypto User Losses
When Kerberus analyzed how users lose funds, one pattern stood out.
“They are losing most of their funds due to phishing. Simple phishing,” Cohen said.
Once phishing defenses improved, attackers adapted.
“Now we are losing funds due to an attack called address poisoning,” he said.
Address poisoning relies on visual similarity rather than deception through messaging. Attackers exploit repetition and inattentive copying, not lack of knowledge.
These attacks highlight a broader issue. Most losses do not occur because users misunderstand crypto. They occur because users operate within normal cognitive limits.
Why Crypto Security Cannot Rely on User Awareness
User education remains one of the most cited solutions in cybersecurity. Cohen views that approach as incomplete.
“We are human beings and we are vulnerable,” he said.
Many victims believed they were informed and cautious.
“People say it would never happen to me. I’m very informed. I’m well educated,” Cohen said.
Losses still happened. He gave an example.
“(Let’s say) I woke up in the morning. I wasn’t focused. I drank a couple of drinks. I fought with my partner.”
These examples illustrate why user-based security models fail. No amount of training eliminates fatigue, stress, or distraction.
The Role of Insurance in Reducing Crypto Scam Losses
Cohen acknowledged that no detection system eliminates all risk.
“No system is really 100% safe,” he said.
However, he pointed to coverage as the mechanism that changes outcomes.
“If you have an insurance up to let’s say 100K, you know for sure that you are secured 100% on those 100K,” Cohen said.
Coverage only becomes viable when detection rates remain high.
“If 50% of your users lose funds for scams, you cannot insure them,” he said.
This mirrors how online payments evolved. Fraud never disappeared. Responsibility shifted away from users.
Balancing Web3 Security, Privacy, and AI Ethics
Real-time security raises legitimate privacy concerns. Cohen said Kerberus does not collect personal data.
“Our way of detecting scams does not require any specific user data,” he said.
Still, AI introduces new risks.
“AI does not have separation inside the model itself between shared users,” Cohen said.
Without strict boundaries, security tools risk leaking information or introducing bias. Protection must not come at the cost of user autonomy.
Why Web3 Users Cannot Protect Themselves From Crypto Scams
Cohen summarized the core issue directly.
“A user by himself has zero chance to protect himself against scams.”
That statement challenges one of Web3’s foundational narratives. Self-custody without systemic protection does not empower users. It exposes them.
Security systems must assume human error rather than deny it.
Despite ongoing risks, Cohen sees progress.
“The industry is getting older and more mature,” he said.
That maturity depends on abandoning the idea that users should act as their own security infrastructure. Web3 adoption requires institutional-grade protection adapted to decentralized systems.
Until that shift happens, the cost of mistakes will continue to fall on individuals.
Disclaimer:
The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Dr. Lorena Nessi is an award-winning journalist and media technology expert with 15 years of experience in digital culture and communication. Based in Oxfordshire, UK, she combines academic insight with hands-on media practice.
She holds a PhD in Communication, Sociology, and Digital Cultures, and an MA in Globalization, Identity, and Technology.
Lorena has taught at Fairleigh Dickinson University, Nottingham Trent University, and the University of Oxford. She is a former producer for the BBC in London, with additional experience creating television content in Mexico and Japan.
Her research focuses on digital cultures, social media, technology, capitalism, and the societal impact of blockchain innovation.
She has written extensively on digital media and emerging technologies, with her work featured in both academic and media platforms. Her Web3 expertise explores how blockchain technologies shape culture, economics, and decentralized systems.
Outside of work, Lorena enjoys reading science fiction, playing strategic board games, traveling, and chasing adventures that get her heart racing. A perfect day ends with a relaxing spa and a good family meal.
Easy 
