Paper Number
ECIS2025-1541
Paper Type
CRP
Abstract
Users face increased risks in Web3's public and decentralized systems as adversaries can directly steal digital assets and tokens. Additionally, Web3 systems' transparent transaction information and smart contract source codes offer adversaries ideal conditions for planning and executing attacks. As of 2024, over US$ 30 billion has been lost across more than 1,000 documented hacks and scams in Web3, demonstrating the urgent need for understanding adversary behaviors. We address this need by developing the Web3 Attack Matrix, a comprehensive knowledge base that systematically categorizes attack vectors and adversary tactics specific to Web3, based on the MITRE ATT&CK cyber security framework. The Web3 Attack Matrix’s empirical evaluation by Web3 security experts enables the development of professional standards, processes, and countermeasures, bridging the gap between Web3 academic researchers, practitioners, and users. The Web3 Attack Matrix is extendable to accommodate future Web3 security developments and potential new threats.
Recommended Citation
Hanneke, Björn; Horch, Andrea; Savaliya, Sirish Kalubhai; Ruff, Christopher; and Schunck, Christian, "Web3 Attack Matrix: An Adversary Behavior Framework" (2025). ECIS 2025 Proceedings. 5.
https://aisel.aisnet.org/ecis2025/security/security/5
Web3 Attack Matrix: An Adversary Behavior Framework
Users face increased risks in Web3's public and decentralized systems as adversaries can directly steal digital assets and tokens. Additionally, Web3 systems' transparent transaction information and smart contract source codes offer adversaries ideal conditions for planning and executing attacks. As of 2024, over US$ 30 billion has been lost across more than 1,000 documented hacks and scams in Web3, demonstrating the urgent need for understanding adversary behaviors. We address this need by developing the Web3 Attack Matrix, a comprehensive knowledge base that systematically categorizes attack vectors and adversary tactics specific to Web3, based on the MITRE ATT&CK cyber security framework. The Web3 Attack Matrix’s empirical evaluation by Web3 security experts enables the development of professional standards, processes, and countermeasures, bridging the gap between Web3 academic researchers, practitioners, and users. The Web3 Attack Matrix is extendable to accommodate future Web3 security developments and potential new threats.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.