Phishing and social engineering scams accounted for $594 million (36%) of all H1 2025 losses, with an estimated $90 million (15%) of these losses happening on Solana.
These figures are derived from $1.64 billion in Web3 hacks and scams in H1 2025 (excluding the Bybit incident), of which a total of $250 million occurred on Solana.
In recent years, the Solana ecosystem has experienced a period of sustained growth and high activity, which has inevitably drawn attention from attackers. This is not because Solana is less secure, but simply because more users and transactions create more opportunities for human-targeted attacks. In early 2024, $4.17 million was traced to just two drainer tools. Even highly sophisticated actors have shifted toward user-targeted tactics: in May 2025, the state-sponsored Lazarus Group executed a $3.2M Solana wallet heist by tricking users into approving malicious transactions.
Between October 2024 and March 2025, over 8,000 phishing transactions on Solana were detected, with confirmed losses of roughly $1.1 million tied to 64 phishing accounts. The researchers identified three attack methods unique to Solana’s design, such as account authority transfers and system account impersonation. The tactics have grown more elaborate, with fake presale sites and Telegram impersonation campaigns designed to steal credentials. By July 2025, CoinNess documented a wave of these impersonation scams in South Korea, with attackers posing as the Solana Foundation itself.
These studies show a consistent pattern: in high-traffic, popular ecosystems like Solana, attackers rely less on exploiting code and more on exploiting user attention, confusion, and urgency.
This is why Kerberus has released a micro-brief at Solana Breakpoint, breaking down the patterns behind these thefts and what users can do about them. “What we see on Solana matches what we see on every chain that’s grown quickly,” said Alex Katz, cofounder of Kerberus.
“Attackers go after moments of confusion. The faster an ecosystem expands, the more of those moments there are”, he added.
Kerberus’ own recent report points to a gap in how the industry responds. Only 13% of Web3 security tools offer real-time protection. Most focus on audits, education, and post-incident analysis, but few step in at the moment a user is about to sign a dangerous transaction. Broader cybersecurity research attributes 60% of breaches to human error.
“People get scammed because they are rushed, distracted, or excited about something happening on-chain,” said Danor Cohen, cofounder of Kerberus. “Security has to work automatically in those moments.”
The Kerberus Sentinel3 browser extension scans Web3 transactions before users sign, automatically blocking malicious ones with a 99.9% detection rate. It has recorded zero user losses for almost 3 years and provides up to $30,000 in coverage per transaction through a third-party partner.
In February 2025, Kerberus expanded Sentinel3’s real-time protection from all EVM chains to also cover its users in the Solana chain. After acquiring its competitor Pocket Universe in August, Kerberus rolled out the same Solana protection to Pocket Universe users in November.
“Our goal is to ensure unsafe transactions can’t be approved in the first place,” Katz added. “It’s easy to be distracted or rushed in the heat of on-chain events. That’s why Kerberus protects users at the moment they sign, so they don’t need to inspect every signature themselves.”
The company is carving a path toward safer Web3 adoption, one where protection runs automatically, and users can focus on what they came for.
Disclaimer: The information provided on AlexaBlockchain is for informational purposes only and does not constitute financial advice. Read complete disclaimer here
