Users face increased risks in Web3's public and decentralized systems as adversaries can directly steal digital assets and tokens. Additionally, Web3 systems' transparent transaction information and smart contract source codes offer adversaries ideal conditions for planning and executing attacks. As of 2024, over US$ 30 billion has been lost across more than 1,000 documented hacks and scams in Web3, demonstrating the urgent need for understanding adversary behaviors. We address this need by developing the Web3 Attack Matrix, a comprehensive knowledge base that systematically categorizes attack vectors and adversary tactics specific to Web3, based on the MITRE ATT&CK cyber security framework. The Web3 Attack Matrix’s empirical evaluation by Web3 security experts enables the development of professional standards, processes, and countermeasures, bridging the gap between Web3 academic researchers, practitioners, and users. The Web3 Attack Matrix is extendable to accommodate future Web3 security developments and potential new threats.