Solana’s Phishing Wave Shouldn’t Scare Investors, But Attitudes Must Change
More than $3.1 billion was stolen across Web3 between January and June 2025, with approximately $594 million from phishing and social engineering targeting users directly.
Within that, Solana stands out. The network users accounted for roughly $90 million in phishing-driven losses in H1 2025 alone. More than 8,000 malicious transactions, tied to just 64 phishing accounts, occurred between October 2024 and March 2025. It’s tempting to treat that as an indictment of the chain, but that misses the point.
Solana is simply where the future shows up first when it comes to human-driven risk. This doesn’t mean the protocol is broken. It means the ecosystem has grown fast enough that attackers now chase signatures and attention, not smart contract bugs. So, the real question is not “How secure is the chain?” but “How protected is the user at the moment they sign?”
Three Threat Vectors Investors Are Underpricing
The first and most obvious vector is social engineering. Fake presale sites, spoofed support chats, and Telegram impersonation campaigns now sit at the center of many Web3 thefts, including Solana-specific drains. These schemes rarely require any sophisticated on-chain exploit. They just need users to move quickly enough to stop asking hard questions.
The second vector is buried inside the wallet interaction layer. On Solana, attackers abuse authority transfers and masquerade them as routine interactions, often during high-velocity events such as mints or airdrops. Users see a familiar interface and click through, unaware they’ve just handed over permanent control.
The third one is cultural. Our industry still spends disproportionately on protocol-level defenses while treating user protection as “education” or an optional add-on. A mapping of 61 Web3 security products indicates that only a small minority provide true, real-time, transaction-level defense, even as human-targeted attacks rise. That
gap between where we invest and where users actually lose money is the blind spot Solana is throwing into relief.
Audits Won’t Save Distracted Users
To be clear, audits and bug bounties matter. They’ve helped reduce severe protocol failures. But audits defend a specific …
About The Author
