Bitcoin safety agency Casa has launched a set of 4 options focusing on social engineering, the assault vector liable for the majority of crypto theft in 2025. The options are stay now for Casa clients, arriving because the FBI studies crypto fraud losses climbed 22% 12 months over 12 months to greater than $11 billion final 12 months.
Social engineering — the place scammers manipulate victims into sending funds or handing over pockets entry — now dwarfs different types of crypto theft. For each bodily assault on a crypto holder reported in 2025, there have been greater than 2,000 phishing assaults filed with the FBI.
Casa CEO Nick Neuman stated the agency treats assaults on its purchasers as a direct problem. “Social engineering is the bottom of the low,” Neuman wrote. “Individuals are making an attempt to trick others into shedding their life financial savings. We won’t stand for it.”
Guardian Mode
The primary function, Guardian Mode, provides a human checkpoint to each transaction. When enabled, the Casa Restoration Key won’t signal a transaction till two Casa Advisors full a stay video verification name with the account holder.
After that decision, a 48-hour maintain prompts earlier than the signature is utilized. The window provides customers the power to reverse course in the event that they acted beneath strain. Disabling Guardian Mode follows the identical course of — a verification name plus a 48-hour delay — so an attacker can not strip the safety and strike in the identical session.
Guardian Mode is opt-in and out there to Premium and Personal Consumer members.
Whitelisting Addresses
Whitelisting restricts vault withdrawals to an inventory of pre-approved addresses. Any new deal with added to the listing enters a 48-hour ready interval earlier than it turns into energetic. Throughout that window, Casa sends an electronic mail alert to the account holder.
The delay is designed to interrupt a core ingredient of social engineering: the manufactured urgency that pushes victims to ship funds earlier than they rethink. Turning off Whitelisting carries its personal 48-hour maintain, stopping an attacker from disabling the function and draining funds in a single transfer.
Suspicious Account Exercise
The third function screens login areas and flags classes which can be bodily unattainable given the timing of prior logins. Casa information city-level location information at sign-in however doesn’t retailer IP addresses; location information is deleted after 48 hours. If a login from Tokyo follows a login from Montreal by 20 minutes, the system sends an electronic mail alert.
The function is constructed to catch unauthorized account entry with out constructing a surveillance profile on the person.
Cellphone Name Detection
The fourth function addresses the function telephone calls play in social engineering. Casa discovered that 20% of such assaults start with an sudden name, the place the attacker makes use of real-time dialog to fabricate urgency and override the sufferer’s judgment.
The Casa app now detects an energetic telephone name on the system and, when a person makes an attempt to ship funds mid-call, requires them to enter a Casa Advisor Verification Code earlier than the transaction proceeds.
A respectable Casa advisor may have the code. The app checks name state solely and doesn’t entry audio, caller ID, or name content material.
Casa stated the options are a part of a broader five-week marketing campaign with trade specialists to boost consciousness about social engineering. AI instruments and information breaches, the corporate famous, have made these assaults extra focused and convincing than earlier than.
