Kerberus Report: Real-Time Protection Falters as Human-Focused Scams Explode

Security systems are playing catch-up while scammers target the weakest link—human psychology.

The New Attack Frontier

Kerberus researchers discovered protection gaps widening as criminals bypass automated defenses. They're not hacking systems anymore—they're hacking people. Real-time detection algorithms lag behind social engineering tactics that exploit trust and urgency.

Why Humans Are the New Vulnerability

Traditional security layers crumble when faced with personalized manipulation. Scammers now use relationship-building techniques that trigger emotional responses rather than technical vulnerabilities. The report shows protection systems designed for malware detection fail against carefully crafted human interactions.

The Response Gap

Security teams scramble to implement behavioral analysis while financial losses mount. Existing protocols assume rational actors—but panic and pressure make perfect victims. Meanwhile, compliance departments keep adding checkboxes that do nothing against sophisticated social engineering.

Another case of security budgets chasing yesterday's threats while criminals innovate faster—typical corporate cybersecurity theater at its finest.

Key findings from the report

According to the research:

• 44% of crypto thefts stem from private key mismanagement.
• 60% of wider cybersecurity breaches involve human error.
• 90% of exploited smart contracts had passed security audits before being attacked.
• Phishing click-through rates remain between 7–15%, even after security training.

The report suggests that these patterns continue because most Web3 security spending is directed toward code auditing and post-incident analysis, while attackers increasingly focus on manipulating users during wallet interactions.

Kerberus’ leadership team notes that the majority of existing tools function entirely outside the transaction window. These systems play an important role in keeping code SAFE and analysing breaches, but they don’t interpret user intent or scan live transactions at the wallet level. Kerberus points out that delivering this type of protection requires sophisticated real-time detection infrastructure capable of running deep scans in under a second without disrupting the user experience — a technically demanding challenge that explains why only a small minority of providers currently offer true real-time defences.

Real-time protection remains limited

Kerberus reviewed 61 active Web3 security providers and found that:

• 87% operate preventatively focusing on audits or post-incident forensics
• Only 13% provide real-time, transaction-level defences that can block malicious actions before approval.

The report states that this distribution helps explain why losses remain high even as the number of “real-time” solutions increases: many providers market real-time features, but few deliver transaction blocking at the wallet level.

Examples cited in the report

One case highlighted involves an American investor who lost $330 million in Bitcoin after being manipulated in a phone-based social engineering attack, despite keeping funds secure for years. Another section points to compromised websites, hacked social media accounts, and manipulated Discord servers as growing channels for wallet-draining schemes.

Implications for the sector

The authors argue that the current model – where users are expected to independently evaluate risks, verify links, and recognise phishing attempts- creates predictable failure points. Frequent security prompts, they note, can lead to “alert fatigue,” making users more likely to approve malicious transactions.

The report concludes that wider adoption of real-time, automated transaction screening is crucial to reduce losses and support mainstream use of Web3 platforms.