Casa Launches Four Security Features to Combat Growing Social Engineering Attacks on Bitcoin Owners
Bitcoin security company Casa released a series of four features targeting social engineering, the attack vector responsible for the majority of crypto crimes in 2025. The features are live now for Casa customers, coming as the FBI reports that crypto fraud losses rose 22% year over year to more than $11 billion last year.
Social engineering – where fraudsters trick victims into sending funds or providing a wallet – is now commonplace in other forms of crypto-crime. For every physical attack on a crypto owner reported in 2025, there were more than 2,000 phishing attacks reported to the FBI.
Casa CEO Nick Neuman said the company takes the attack on its customers as a direct challenge. “Social engineering is the lowest of the low,” Neuman wrote. “People are trying to trick others into losing their life savings, we will not stand for that.”
Guardian mode
The first feature, Guardian Mode, adds a personal check point to every transaction. If enabled, Casa Recovery Key will not sign the transaction until two Casa advisors complete a live video verification call with the account manager.
After that call, a 48-hour hold applies before the signature can be used. The window gives users the ability to reverse course if they act under pressure. Disabling Surveillance Mode follows the same process – a confirmation call and a 48-hour delay – so an attacker can’t strip the protection and attack in the same session.
Guardian Mode is login and available to Premium members and Private Clients.
Authorized Addresses
Whitelisting restricts vault releases to a list of previously approved addresses. Any new address added to the list goes through a 48-hour waiting period before it becomes active. During that window, Casa sends an email notification to the account manager.
The delay is designed to disrupt a key aspect of social engineering: the artificial urgency that forces victims to send funds before they think twice. Whitelisting is valid for 48 hours, which prevents an attacker from disabling the feature and withdrawing funds in one move.
Suspicious Account Activity
The third feature monitors login points and flags sessions that are physically impossible given the previous login time. Casa records city-level location data upon login but does not store IP addresses; Location data is deleted after 48 hours. If a check-in from Tokyo follows a check-in from Montreal by 20 minutes, the system sends an email alert.
The feature is designed to catch unauthorized account access without creating a surveillance profile for the user.
Call Detection
The fourth aspect deals with the role that telephones play in social engineering. Casa found that 20% of such attacks begin with an unexpected phone call, where the attacker uses real-time chat to create urgency and overturn the victim’s judgment.
The Casa app now detects an active call on the device and, when a user tries to send money during a call, requires them to enter the Casa Advisor Verification Code before the transaction can proceed.
An official Casa consultant will have the code. The application only checks the status of the call and does not access the audio, the identity of the call, or the content of the call.
Casa said the features are part of a wider five-week campaign with industry experts to raise awareness of social engineering. AI tools and data breaches, the company noted, have made these attacks more targeted and convincing than ever before.
