Casa Introduces New Security Features as Social Engineering Becomes Crypto’s Biggest Threat

Bitcoin Security Firm Unveils Four Protections to Stop Human-Centered Attacks
As social engineering scams continue to outpace traditional hacking methods, Bitcoin security company Casa has launched four new security features designed to protect users from manipulation-based attacks.

The rollout comes amid a sharp rise in crypto-related fraud. According to recent FBI data, cryptocurrency scam losses exceeded $11 billion last year, representing a 22% increase from the previous year. Unlike technical exploits that target software vulnerabilities, social engineering attacks focus on exploiting human behavior—convincing victims to voluntarily send funds, reveal sensitive information, or approve fraudulent transactions.

For Bitcoin holders, these attacks have become one of the most significant security risks in the industry.

“People are trying to trick others into losing their life savings,” said Casa CEO Nick Neuman. “We will not stand for it.”
The company's latest update introduces multiple layers of protection aimed at slowing down transactions, increasing verification requirements, and disrupting the urgency scammers rely on to succeed.

 
Guardian Mode Adds Human Verification Before Funds Move
The most significant addition is Guardian Mode, a feature that inserts a mandatory human review process before transactions can be completed.

When enabled, Casa's Recovery Key will not approve a withdrawal until two Casa Advisors conduct a live video verification call with the account owner. Once verification is completed, a 48-hour waiting period begins before the transaction receives final authorization.

The goal is straightforward: create enough time and friction to prevent users from acting under pressure or manipulation.

Even if an attacker persuades a victim to initiate a transaction, the delay provides an opportunity to reconsider, seek advice, or recognize warning signs before funds leave the vault.

Importantly, disabling Guardian Mode requires the same verification process and waiting period, preventing attackers from simply turning off the protection before initiating a withdrawal.

Guardian Mode is currently available to Premium and Private Client members.

 
Address Whitelisting Creates Another Barrier Against Fraud
Casa's second feature introduces Address Whitelisting, restricting withdrawals exclusively to pre-approved Bitcoin addresses.

Users can create a list of trusted destinations, but any newly added address enters a mandatory 48-hour waiting period before becoming active.

During that period, the account holder receives an email notification, providing another opportunity to detect unauthorized activity.

This design specifically targets one of the most common social engineering tactics: manufactured urgency.

Scammers often pressure victims into acting immediately, claiming that a transaction must occur within minutes or hours. By forcing a two-day delay, the system removes the attacker's most effective weapon—time pressure.

Similarly, turning off the whitelist feature also triggers a 48-hour delay, making it far more difficult for a compromised account to be emptied quickly.

 
Impossible Travel Detection Monitors Suspicious Logins
The third security enhancement focuses on unauthorized account access.

Casa now tracks login locations at the city level and can identify "impossible travel" scenarios—situations where two logins occur from geographically distant locations within an unrealistic timeframe.

For example, if an account is accessed from Montreal and then appears to log in from Tokyo just minutes later, the system automatically flags the activity and alerts the user.

The company emphasizes that privacy remains a priority. Rather than storing detailed location histories or IP addresses, Casa retains only limited city-level information and deletes the data after 48 hours.

This approach aims to improve security while avoiding the creation of extensive user surveillance records.

 
New Phone Call Protection Targets a Common Scam Method
The fourth feature addresses a growing trend in crypto theft: scammers using live phone calls to manipulate victims into authorizing transactions.

According to Casa's research, roughly 20% of social engineering incidents begin with an unexpected phone call.

These conversations often create a false sense of urgency, convincing users that immediate action is necessary to protect their assets.

To counter this tactic, the Casa app now detects when a user is actively on a phone call while attempting to send funds.

If a transaction is initiated during a call, the app requires the entry of a special Casa Advisor Verification Code before the transfer can proceed.

A legitimate Casa advisor can provide the code, while scammers cannot.

The company states that the feature only checks whether a call is active. It does not access audio recordings, caller identities, phone numbers, or conversation content.

 
Why Social Engineering Has Become Crypto’s Greatest Security Risk
While headlines often focus on sophisticated hacks and protocol exploits, the reality is that most cryptocurrency theft today involves manipulating people rather than breaking technology.

Phishing campaigns, impersonation scams, fake support agents, and AI-enhanced fraud schemes have become increasingly effective as attackers gain access to personal information from large-scale data breaches.

Advances in artificial intelligence have further amplified the threat by enabling scammers to generate convincing messages, fake identities, and even realistic voice impersonations.

As a result, security experts increasingly view human-centered attacks—not technical vulnerabilities—as the industry's most urgent challenge.

 
A Shift Toward Behavioral Security
Casa's new protections reflect a broader trend in Bitcoin security: designing systems that protect users not only from hackers, but also from moments of panic, confusion, or manipulation.

Rather than relying solely on encryption and cryptography, these tools introduce deliberate pauses, additional verification steps, and behavioral safeguards that make rushed decisions more difficult.

For long-term Bitcoin holders, that may prove just as important as any software upgrade.

As social engineering attacks continue to evolve, the strongest defense may no longer be better code alone—but better systems that help people avoid becoming the weakest link in the security chain.