Bitcoin safety agency Casa has launched a collection of 4 options focusing on social engineering, the assault vector answerable for the majority of crypto theft in 2025. The options are reside now for Casa prospects, arriving because the FBI stories crypto fraud losses climbed 22% 12 months over 12 months to greater than $11 billion final 12 months.
Social engineering — the place scammers manipulate victims into sending funds or handing over pockets entry — now dwarfs different types of crypto theft. For each bodily assault on a crypto holder reported in 2025, there have been greater than 2,000 phishing assaults filed with the FBI.
Casa CEO Nick Neuman mentioned the agency treats assaults on its purchasers as a direct problem. “Social engineering is the bottom of the low,” Neuman wrote. “Individuals are attempting to trick others into dropping their life financial savings. We won’t stand for it.”
Guardian Mode
The primary characteristic, Guardian Mode, provides a human checkpoint to each transaction. When enabled, the Casa Restoration Key won’t signal a transaction till two Casa Advisors full a reside video verification name with the account holder.
After that decision, a 48-hour maintain prompts earlier than the signature is utilized. The window offers customers the power to reverse course in the event that they acted underneath strain. Disabling Guardian Mode follows the identical course of — a verification name plus a 48-hour delay — so an attacker can not strip the safety and strike in the identical session.
Guardian Mode is opt-in and obtainable to Premium and Non-public Shopper members.
Whitelisting Addresses
Whitelisting restricts vault withdrawals to an inventory of pre-approved addresses. Any new handle added to the listing enters a 48-hour ready interval earlier than it turns into lively. Throughout that window, Casa sends an e mail alert to the account holder.
The delay is designed to interrupt a core aspect of social engineering: the manufactured urgency that pushes victims to ship funds earlier than they rethink. Turning off Whitelisting carries its personal 48-hour maintain, stopping an attacker from disabling the characteristic and draining funds in a single transfer.
Suspicious Account Exercise
The third characteristic displays login areas and flags classes which can be bodily unattainable given the timing of prior logins. Casa information city-level location knowledge at sign-in however doesn’t retailer IP addresses; location knowledge is deleted after 48 hours. If a login from Tokyo follows a login from Montreal by 20 minutes, the system sends an e mail alert.
The characteristic is constructed to catch unauthorized account entry with out constructing a surveillance profile on the consumer.
Cellphone Name Detection
The fourth characteristic addresses the position cellphone calls play in social engineering. Casa discovered that 20% of such assaults start with an surprising name, the place the attacker makes use of real-time dialog to fabricate urgency and override the sufferer’s judgment.
The Casa app now detects an lively cellphone name on the machine and, when a consumer makes an attempt to ship funds mid-call, requires them to enter a Casa Advisor Verification Code earlier than the transaction proceeds.
A respectable Casa advisor may have the code. The app checks name state solely and doesn’t entry audio, caller ID, or name content material.
Casa mentioned the options are a part of a broader five-week marketing campaign with trade consultants to lift consciousness about social engineering. AI instruments and knowledge breaches, the corporate famous, have made these assaults extra focused and convincing than earlier than.
