Web3 security risk