Casa, the bitcoin security firm, released four new features that are aimed at social engineering. This is the primary attack vector for crypto thefts in the year 2025. Casa users can now access these features, which arrive as FBI data shows that losses from crypto fraud grew 22% over the past year and reached more than $11 Billion.
Social engineering — where scammers manipulate victims into sending funds or handing over wallet access — now dwarfs other forms of crypto theft. In 2025, for every crypto-holder who was physically attacked by a criminal reported to the FBI, more than 2,050 phishing attempts were filed.
Casa’s CEO Nick Neuman stated that the company treats any attacks against its customers as a challenge. “Social engineering is the lowest of the low,” Neuman wrote. “People are trying to trick others into losing their life savings. We will not stand for it.”
Guardian Mode
First, the Guardian Mode adds an additional human verification to each transaction. If enabled, Casa Recovery Key won’t sign any transaction before two Casa Advisors finish a live video verifying call with the customer.
The signature will not be activated until 48 hours after that initial call. Users can reverse their actions if under pressure. Disabling Guardian Mode follows the same process — a verification call plus a 48-hour delay — so an attacker cannot strip the protection and strike in the same session.
The Guardian Mode can be opted-in by Premium Clients and Private Clients.
Whitelisting addresses
The whitelisting system restricts the withdrawal of vault funds to addresses that have been pre-approved. Each new address that is added to the whitelist must wait 48 hours before becoming active. Casa emails the account owner an alert during that time.
This delay interrupts a key element in social engineering, namely the manufactured urgency which encourages victims to transfer funds without thinking. Whitelisting is disabled for 48 hours, which prevents an attacker from disabling it and draining your funds.
Suspicious Account Activity
The third feature flags session that appear physically impossible based on the time of previous logins. Casa stores city-level data during sign-in, but not IP addresses. Location data is erased after 48 hours. A system alert is sent if Tokyo’s login follows Montreal’s login by more than 20 minutes.
The feature can be used to track unauthorized accounts without having to build a user profile.
Phone Call Detection
Fourth, we examine the importance of phone calls in social engineering. Casa discovered that 20 percent of these attacks start with an unexpected phone call. The attackers use real-time conversations to create urgency and overwhelm the victim’s judgement.
Casa detects a phone call and requires the user to input a Casa Advisor Verification code before the transaction can proceed.
The code will be provided by a Casa representative. This app only monitors the current call and not audio, caller Id, or any call content.
Casa explained that these features are part a larger five-week initiative with experts in the industry to spread awareness of social engineering. AI tools and data breach, noted the company, has made these attacks more focused and convincing.
“This article is not financial advice.”
“Always do your own research before making any type of investment.”
“ItsDailyCrypto is not responsible for any activities you perform outside ItsDailyCrypto.”
Source: bitcoinmagazine.com
