A new study by security experts Naoris Protocol reveals that developers are facing an unprecedented surge in cyber threats, including malware, phishing, ransomware, and DDoS attacks, with no clear solutions in sight.
According to the report, 95 per cent of Web3 developers have observed an increase in malware attacks, while 11 per cent have noted that phishing incidents have doubled. These findings suggest that Web3 is far from the secure, trustless ecosystem it was intended to be.
Naoris Protocol’s CEO & Founder, David Carvalho, said: “The current physical infrastructure that blockchains use as nodes is not known to be trusted. We can’t measure whether a node has been hacked or is colluding with others. DePIN extends blockchain security principles to devices, creating a dedicated and scalable cybersecurity infrastructure.”
A fundamental issue is Web3’s reliance on Web2 infrastructure. Despite its promise of decentralisation, most Web3 nodes continue to operate on centralised cloud services such as AWS, Google Cloud, and Microsoft Azure. This dependence raises concerns about systemic risks. For instance, if AWS decided to cut off Ethereum, the network would suffer significant disruption.
The Web2 security model, which relies on centralised access control, was never designed to accommodate Web3’s decentralised nature. This outdated approach is at odds with Web3’s reliance on APIs, shared data, and multi-stack technologies, creating an environment rife with security vulnerabilities.
Developers report alarming increases in cyber threats. Malware attacks have surged by at least 25 per cent, according to 72 per cent of respondents. Phishing incidents have risen by more than 50 per cent for over one-third of developers. Ransomware threats have escalated significantly, with nearly half of those surveyed reporting substantial increases. Meanwhile, DDoS attacks have grown in frequency and severity, affecting 85 per cent of developers.
Compounding the issue, Web3 remains dependent on Web2 devices, many of which lack independent cybersecurity verification. Without a decent decentralised security model, Web3 risks falling victim to the same vulnerabilities that have plagued Web2 for decades. The question remains whether the industry can develop an effective solution before these threats undermine the Web3 vision.
As if today’s threats weren’t enough, the report warns quantum computing is poised to break traditional encryption, putting vast amounts of sensitive data at risk overnight.
- 95 per cent of Web3 developers are concerned about quantum’s impact on cybersecurity.
- 87 per cent believe DePIN is crucial for defending against quantum-powered threats.
Carvalho said: “As quantum computing accelerates, the necessity of decentralised security frameworks like DePIN becomes even more apparent. They are the key to future-proofing global digital ecosystems.”