Social Engineering

The most sophisticated Bitcoin security setup in the world is vulnerable to one attack: social engineering. Because social engineering doesn’t target the technology. It targets the person.

Here’s how the most common version works.

A victim receives a message — via Twitter, Telegram, Discord, or email — from what appears to be a support account for their wallet, exchange, or a well-known Bitcoin figure. The message identifies a problem: unusual activity on their account, a security vulnerability that needs immediate attention, a verification requirement to prevent loss of funds.

The message creates urgency. Act now or lose your Bitcoin. The victim, alarmed, follows the instructions — which ultimately lead to entering their seed phrase on a website, sharing it via a form, or handing it to the “support agent” directly.

The Bitcoin is gone within minutes.

The attack succeeds not because of technical sophistication but because of psychological pressure. Urgency. Authority. Fear of loss. The same mechanics that make phishing emails effective — applied to a higher-value target.

The complete defence:

No legitimate entity will ever ask for your seed phrase. Not wallet support. Not exchange support. Not a recovery service. Not a well-known Bitcoin figure. Not anyone. Ever. The seed phrase is the key to your Bitcoin. Giving it to anyone is giving them your Bitcoin.

When in doubt: close the conversation, go directly to the official website of the service in question, and contact support from there. Never click links in unsolicited messages.

The technology is secure. The human is the vulnerability. Knowing this is most of the protection.

Tomorrow: the week in review — seed phrases, inheritance, and scams.

— The Daily Bit