More than $3.1 billion was stolen across Web3 between January and June 2025, with approximately $594 million from phishing and social engineering targeting users directly.
Within that, Solana stands out. The network users accounted for roughly $90 million in phishing-driven losses in H1 2025 alone. More than 8,000 malicious transactions, tied to just 64 phishing accounts, occurred between October 2024 and March 2025. It’s tempting to treat that as an indictment of the chain, but that misses the point.
Solana is simply where the future shows up first when it comes to human-driven risk. This doesn’t mean the protocol is broken. It means the ecosystem has grown fast enough that attackers now chase signatures and attention, not smart contract bugs. So, the real question is not “How secure is the chain?” but “How protected is the user at the moment they sign?”
Three Threat Vectors Investors Are Underpricing
The first and most obvious vector is social engineering. Fake presale sites, spoofed support chats, and Telegram impersonation campaigns now sit at the center of many Web3 thefts, including Solana-specific drains. These schemes rarely require any sophisticated on-chain exploit. They just need users to move quickly enough to stop asking hard questions.
The second vector is buried inside the wallet interaction layer. On Solana, attackers abuse authority transfers and masquerade them as routine interactions, often during high-velocity events such as mints or airdrops. Users see a familiar interface and click through, unaware they’ve just handed over permanent control.
The third one is cultural. Our industry still spends disproportionately on protocol-level defenses while treating user protection as “education” or an optional add-on. A mapping of 61 Web3 security products indicates that only a small minority provide true, real-time, transaction-level defense, even as human-targeted attacks rise. That
gap between where we invest and where users actually lose money is the blind spot Solana is throwing into relief.
Audits Won’t Save Distracted Users
To be clear, audits and bug bounties matter. They’ve helped reduce severe protocol failures. But audits defend a specific class of risk: bugs in code that want to be secure. They do nothing about malicious contracts spun up solely to steal funds, or interfaces designed from the start to trick users. Approximately $1.71 billion in H1 2025 losses came from compromised wallets, compared to roughly $410 million from classic phishing attacks.
Attackers don’t need to “break” blockchains when they can break people. The signature pop-up has quietly become the most valuable surface in Web3. If your risk model ignores what happens there, you’re measuring yesterday’s threat landscape.
Solana as Web3’s Stress Test
Solana has all the features attackers love: low fees, high throughput, and an always-on flow of NFTs, memecoins, and gamified campaigns. Each one adds more moments where a distracted user might sign something they don’t fully understand. The specific attack techniques — such as authority transfers and system account impersonation — are Solana-specific, but the pattern isn’t. Any high-velocity chain will eventually run into the same wall.
If you’re allocating capital, the right conclusion isn’t to blacklist Solana. It’s to treat it as an early-warning dashboard for what happens when adoption, UX friction, and attacker creativity collide. The question then becomes: which ecosystems are
proactively learning from that data rather than waiting to be the next headline?
What Real User-First Security Looks Like
Outside of Web3, no one expects consumers to manually detect fraud on every transaction. Card networks and banks run real-time risk engines behind the scenes. Customers only see the occasional text asking, “Was this you?” Web3 is the
opposite: we hand users raw transaction blobs and tell them, “Don’t get rekt.”
Reports cite broader cybersecurity research that attributes roughly 60% of breaches to human error and notes that “awareness training” has sharply diminishing returns. Even in heavily regulated industries, phishing click-through rates remain stubbornly high. Expecting better outcomes from retail traders juggling Discord, X, and multiple
wallets is optimistic at best.
User-first security means something closer to an always-on layer that inspects sites and transactions in real time and blocks malicious ones before they hit the chain. Only about 13% of existing Web3 tools offer this kind of live protection, even as
human-focused scams become the dominant risk. You don’t have to endorse any specific vendor to see the direction of travel.
Rethinking Risk in High-Velocity Ecosystems
If you’re an investor, treasurer, or risk officer, the metrics you track need to change. Counting audits tells you how mature a protocol stack is, but it says very little about whether ordinary users can participate safely. The real signals are things like the rate of phishing incidents per active wallet, coverage of real-time protection across major dApps and wallets, and how quickly ecosystems respond to new social-engineering patterns.
Nearly $1.93 billion in crypto-related crime was hit in H1 alone, with a marked rise in phishing through fake exchange sites. Combine that with the estimate that human-targeted scams accounted for over $600 million of H1 losses, and you see
that behavioral risk is becoming the structural bottleneck for adoption. Chains, wallets, and applications that treat that bottleneck seriously will deserve a different risk premium than those that continue to externalize it onto “careless” users.
Solana’s current numbers should be read in that light. They don’t prove the network is fatally flawed. They prove that user-side defenses have not yet caught up with the speed and creativity of the activity happening on top of it. That’s a solvable problem, but only if investors, builders, and security teams start treating it as core infrastructure.
Conclusion: Follow the Human Risk
Web3 is now big enough for its security failures to have macro consequences. When billions disappear in six months, regulators, insurers, and institutional desks take notice, and they don’t particularly care whether the root cause was a buffer overflow or a rushed signature on a fake mint. From their perspective, risk is risk.
Solana sits at the intersection of that reality: technically robust, economically vibrant, and increasingly targeted at the human layer. Its phishing losses shouldn’t scare investors away from the chain itself. Rather, they serve as an early-warning signal for what every fast-growing ecosystem will face unless the industry shifts from code-first to user-first, real-time security.
We can conclude that measuring protocol integrity is no longer enough. Investors, builders, and security teams should now track human-focused risk as a core indicator of ecosystem resilience. Solana’s experience is not an indictment — it is a
preview of the operational risks that come with growth, adoption, and high-velocity activity.
Benzinga Disclaimer: This article is from an unpaid external contributor. It does not represent Benzinga’s reporting and has not been edited for content or accuracy.
