Recipe: Roasted smashed baby potatoes with wild greens pesto

The post Kerberus Report Warns Real-Time Protection Lags as Human-Targeted Scams Surge appeared com. A new industry report released this week shows that human-targeted attacks rather than technical vulnerabilities are responsible for the majority of Web3 losses, despite record levels of security spending across the sector. The report, The Human Factor: Why Real-Time Protection Is the Missing Layer in Web3 Security, published by security firm Kerberus, estimates that more than $3. 1 billion was stolen through hacks and scams between January and June 2025. Of that, over $600 million came from phishing, wallet compromise and social engineering incidents that targeted users directly rather than exploiting blockchain code. The figures include the $1. 46 billion Bybit exchange breach, the largest crypto heist to date. Kerberus notes that even when excluding the Bybit incident as an outlier, human-targeted attacks remain a significant source of losses across the ecosystem. The report highlights what Kerberus describes as a fundamental resource-allocation failure across the Web3 security sector. According to the company’s analysis, most security spending still flows into tools that operate either before an attack occurs such as audits and vulnerability testing or after funds have already been stolen, including forensics and incident response. Kerberus argues that this leaves a critical gap during the short window in which users approve transactions, a moment attackers increasingly exploit because it remains largely undefended. Despite rising losses tied to phishing, wallet drainers, and social engineering, real-time protection still accounts for only a small share of available solutions. Key findings from the report According to the research: 44% of crypto thefts stem from private key mismanagement. 60% of wider cybersecurity breaches involve human error. 90% of exploited smart contracts had passed security audits before being attacked. Phishing click-through rates remain between 7-15%, even after security training. The report suggests that these patterns continue because most Web3 security spending is directed toward.