Web3 promised decentralisation, transparency and security – but, instead of breaking free from Web2’s vulnerabilities, it has inherited them, creating an even more dangerous cyber threat landscape.
New research shows that rising threats like malware, phishing, ransomware, and DDoS attacks are leaving developers scrambling for solutions.
The study by Naoris Protocol reports that 95% of Web3 developers have seen increased malware attacks, with 11% noting doubled phishing incidents.
At its core, Web3 still relies on Web2 infrastructure. Most Web3 nodes operate on centralised cloud services like AWS, Google Cloud or Microsoft Azure. If AWS were to cut off Ethereum tomorrow, the network would face serious disruption.
The Web2 security model – centralised access control – was never designed for Web3’s decentralised nature. This outdated approach clashes with Web3’s reliance on APIs, shared data, and multi-stack technologies.
As a result:
- Malware: 72% report increases of 25% or more.
- Phishing: Over one-third say attacks have surged by more than 50%.
- Ransomware: Nearly half of developers report significant increases.
- DDoS: 85% see more frequent and impactful attacks.
With Web3 still dependent on Web2 devices – many of which lack independent cybersecurity verification – the risks will only escalate. Without a decentralised security model, Web3 remains vulnerable to the same threats plaguing Web2 for decades.
To break free from inherited weaknesses, Web3 needs to embrace Decentralised Physical Infrastructure Networks (DePIN). Unlike traditional cybersecurity, which relies on centralized security perimeters, DePIN distributes data, processing, and security across a trustless, decentralised network. This eliminates single points of failure and significantly enhances cyber resilience.
A Naoris Protocol study found:
- 40% of developers consider DePIN “extremely important” for Web3 security.
- 60% see DePIN as vital for securing decentralized applications and blockchain networks.
Naoris Protocol’s CEO and founder, David Carvalho, explains: “The current physical infrastructure that blockchains use as nodes is not known to be trusted. We can’t measure whether a node has been hacked or is colluding with others. DePIN extends blockchain security principles to devices, creating a dedicated and scalable cybersecurity infrastructure.”