Today we are going through a major shift in how the Internet is structured. Web 2, also known as the read/write web that most people currently use, is gradually evolving to web 3, also known as Web 3.0 and sometimes stylized as web 3, where the network based on blockchain technology will be decentralized, and more open. 

In the transition to web 3, while interest in cryptocurrencies keeps growing, some of the most valuable and easily-stolen digital assets stored in blockchains attract attackers and dare them to test the security of this evolving Internet.

After reading this article you will find out:

  • What are Web 3, cryptocurrencies, and blockchain?
  • What are the key bot threats to web applications and apps in the world of web 3?
  • What are feasible solutions to these threats?

What is web 3?

In contrast to web 2, the read/write web, where digital assets are owned and dominated by centralized tech firms like Google and Meta, web 3 is a read/write/own version of the Internet. Instead of just using tech platforms and storing what they created there, users can participate in the storage and management of digital assets themselves. This means that people own what they created and earned on the Internet, and their digital assets follow users to new platforms they use.

What are cryptocurrencies?

A cryptocurrency is a form of digital asset based on a network that is distributed across a large number of computers. It is secured by cryptography which is nearly impossible to counterfeit, so people can earn and trade cryptocurrencies on the Internet. Bitcoin is the most popular and valuable cryptocurrency, and each cryptocurrency claims to have a different function and specification.

What is blockchain? 

Just as its name implies, a blockchain is a set of connected databases. Each block stores information in digital format. Blockchains have a crucial role in the cryptocurrency systems for maintaining a secure and decentralized record of transactions. Unlike regular databases that usually structure data into tables, blockchains structure data into chunks (blocks) that are linked together via cryptography.

Key bot threats to web3 applications and apps

Malicious bots consume Internet resources and overwhelm organizations worldwide, accounting for at least a quarter of all Internet traffic. New bot threats arrive every day, from NFT-hoarding bots to bots-as-a-service to snap up PS5s. 

As one of the most profitable businesses, blockchain-oriented organizations like crypto exchanges and blockchain games attract more bad bots than ever. Such a bot-flooded system can also be prone to fraud.

Fake Account Creation Fraud

Fake account creation fraud is often found in play-to-earn crypto games.

In blockchain games, users are able to take ownership of in-game items that can be traded and sold for fiat currency, or receive rewards with real-world value. The easy-to-get high profit draws a large number of digital fraudsters to these games. 

Fraudsters use fraudulent information to create fake accounts through which they can quickly and easily funnel earnings from crypto games.

Credential stuffing

Data breaches happen all the time, and now bad actors target customers in the cryptocurrency industry. Just recently, in March 2022, HubSpot, a major provider of CRM, sales, and marketing software, confirmed that some of the contact data of its customers in the cryptocurrency industry were stolen.

With stolen credentials, attackers try to access these users’ crypto accounts by setting up bots that can automatically log into multiple accounts in parallel, and steal these users’ digital assets eventually. 


Fraudsters are manipulating NFT(non-fungible token) prices with the help of scalper bots.

NFTs are currently the hottest tradable cryptographic assets on the blockchain. They are traded in NFT marketplaces where sophisticated bots are waiting for every sale.

As long as they want, fraudsters can use scalper bots to either drive NFT prices down or up. They can bid and then cancel by making the NFT relisted, or purchase all NFTs that are currently for sale at the lowest price and resale at a higher price.

Solutions to web3 bot threats

  • Identifying or blocking bots at key sessions

Bot attacks on web applications and apps frequently happen during registration, login, and payment. Use bot detection and mitigation solutions, like CAPTCHAs, to block or label suspicious bot activities on your websites or apps and ensure that interactions on your crypto-related business are done by legitimate human users.

  • Tracking and analyzing your web traffic

Bad bots bring unusual traffic to your websites and apps. By keeping an eye on your web traffic, you can notice anomalies in the first place. 

Take GeeTest Adaptive CAPTCHA as an example. It monitors suspicious web traffic by detecting multiple signs of bots, e.g. web simulators, CAPTCHA farms, and anomalous IPs that visit your websites and apps.

  • Updating security solutions regularly

The world changes every day, and so do bot attacks. Bot operators tweak their bots when they encounter bot management tools. You should too. Make sure you have a bot management solution that continuously adapts to the changing attack trends and does not degrade over time.

What GeeTest offers

  • Accurate and human-friendly bot mitigation

Proof of work (PoW) mechanism runs in GeeTest risk management system. It is also a key part of the original vision for cryptocurrencies.

Through adjusting PoW for each user, the verification takes only about 10 milliseconds for legitimate users and increases PoW for malicious requests that consume more CPU.

  • Real-time Protection | 7-Layer Dynamic Approach

GeeTest security policies always act based on real-time monitoring (see GeeTest dashboard), and its AI algorithms and global risk database are updated regularly which makes GeeTest Adaptive CAPTCHA a bot management solution that grows with technological change and the new trend of attacks.

  • Data Visualization | Reporting & Analytics

Inclusive data analysis could reflect insights on bot mitigation and helps to better understand traffic trend in your business.

Final thoughts

The battle between humans and bots will still exist in the world of web3 since unpredictable profits in the blockchain technology-based network would only make bot operators crazier than ever. What’s more, for blockchains to work, they have to solve the same old problem that thousands of organizations face today - figuring out whether their audience is human or bot. 

Either from the aspect of how fraudsters will deal with web 3 or how web 3 itself works, bot management solutions are indispensable, and they should be what crypto businesses need to consider now.

Start your free trial
Over 320,000 websites and mobile apps worldwide are protected by GeeTest captcha

Hayley Hong

Content Marketing @ GeeTest