Web3 Security Crisis: Social Engineering Attacks Account for Over 70%, Fund Recovery Rate Less Than 10%

BroadChain has learned that at 18:16 on April 20, according to TechFlow, in the first quarter of 2026, social engineering attacks in the Web3 field accounted for 74.7% of total hacker losses, a significant increase from 28.7% in 2021. During the same period, the average recovery rate of stolen funds remained below 10%. Recent cases have been frequent: in April, the cross-chain bridge protocol @hyperbridge was attacked due to a vulnerability in proof verification logic, resulting in user losses of approximately $2.5 million; previously, the DeFi protocol @DriftProtocol suffered a six-month-long social engineering attack by a North Korea-related hacker group, with losses reaching $295.7 million. Despite $147.5 million in aid from Tether and others, it was still insufficient to cover all losses. Unlike traditional finance, Web3 on-chain transactions are irreversible, making it difficult to recover assets once they are transferred. Institutional investors are therefore hesitant, and the industry urgently needs to establish accountable operational mechanisms and structured security frameworks, rather than empty talk about concepts.