There’s no sugarcoating this – web3 has a big user security challenge on its hands. With new scams and copycat domains popping up overnight, it’s an issue that many of us have likely experienced or, at the very least, come across.
Anecdotally, phishing seems to be widespread. But, what does the data say? We teamed up with Blowfish, a leader in web3 security, on The State of Web3 User Security study, to better understand the scale of this issue and provide a path forward for wallets and apps to improve security for their end users.
Copycats and clicks: Diving into the data
Our findings back up what our gut has been telling us: scammers act fast, and their methods are increasingly sophisticated.
Research from Blowfish shows that large web3 projects can experience upwards of 100 new copycat websites launched every month. If they happen to have an event or a campaign taking place (say, an airdrop), then that number can spike to as much as 500 in just one month. These aren’t low-production scams, either; as the Optimism example below illustrates, these are polished copycats that can easily snag newcomers and even fairly seasoned crypto users.