Bitcoin safety agency Casa has launched a collection of 4 options focusing on social engineering, the assault vector accountable for the majority of crypto theft in 2025. The options are stay now for Casa prospects, arriving because the FBI studies crypto fraud losses climbed 22% yr over yr to greater than $11 billion final yr.
Social engineering — the place scammers manipulate victims into sending funds or handing over pockets entry — now dwarfs different types of crypto theft. For each bodily assault on a crypto holder reported in 2025, there have been greater than 2,000 phishing assaults filed with the FBI.
Casa CEO Nick Neuman stated the agency treats assaults on its purchasers as a direct problem. “Social engineering is the lowest of the low,” Neuman wrote. “People are trying to trick others into losing their life savings. We will not stand for it.”
Guardian Mode
The primary characteristic, Guardian Mode, provides a human checkpoint to each transaction. When enabled, the Casa Restoration Key is not going to signal a transaction till two Casa Advisors full a stay video verification name with the account holder.
After that decision, a 48-hour maintain prompts earlier than the signature is utilized. The window provides customers the flexibility to reverse course in the event that they acted underneath stress. Disabling Guardian Mode follows the identical course of — a verification name plus a 48-hour delay — so an attacker can not strip the safety and strike in the identical session.
Guardian Mode is opt-in and accessible to Premium and Non-public Shopper members.
Whitelisting Addresses
Whitelisting restricts vault withdrawals to an inventory of pre-approved addresses. Any new handle added to the record enters a 48-hour ready interval earlier than it turns into energetic. Throughout that window, Casa sends an e mail alert to the account holder.
The delay is designed to interrupt a core component of social engineering: the manufactured urgency that pushes victims to ship funds earlier than they rethink. Turning off Whitelisting carries its personal 48-hour maintain, stopping an attacker from disabling the characteristic and draining funds in a single transfer.
Suspicious Account Exercise
The third characteristic displays login areas and flags periods which can be bodily unimaginable given the timing of prior logins. Casa information city-level location information at sign-in however doesn’t retailer IP addresses; location information is deleted after 48 hours. If a login from Tokyo follows a login from Montreal by 20 minutes, the system sends an e mail alert.
The characteristic is constructed to catch unauthorized account entry with out constructing a surveillance profile on the person.
Cellphone Name Detection
The fourth characteristic addresses the function cellphone calls play in social engineering. Casa discovered that 20% of such assaults start with an surprising name, the place the attacker makes use of real-time dialog to fabricate urgency and override the sufferer’s judgment.
The Casa app now detects an energetic cellphone name on the machine and, when a person makes an attempt to ship funds mid-call, requires them to enter a Casa Advisor Verification Code earlier than the transaction proceeds.
A legit Casa advisor could have the code. The app checks name state solely and doesn’t entry audio, caller ID, or name content material.
Casa stated the options are a part of a broader five-week marketing campaign with business consultants to boost consciousness about social engineering. AI instruments and information breaches, the corporate famous, have made these assaults extra focused and convincing than earlier than.
