Illusions and puzzles: social engineering and human nature game in the crypto world

Foresight News
Foresight News03/16/2025, 11:30 PM
People are the weakest link in a security system.

Written by ChandlerZ, Foresight News

Security is like a chain, it depends on the weakest link. And people are the Achilles' heel of the cryptographic system. While the market is still obsessed with building more complex cryptographic protection mechanisms, attackers have already found a shortcut: no need to crack the password, just manipulate the person who uses the password.

People are the weakest link and also the least valued link. In other words, people are the most vulnerable loopholes that hackers can easily break through and exploit. They are also the weak link that enterprises invest the least in security and improve the slowest.

According to the latest report from blockchain analysis company Chainalysis, in 2024, North Korean hackers launched 47 complex attacks, stealing $1.3 billion worth of assets from global crypto asset platforms, a year-on-year increase of 21%. Even more shocking is that on February 21, 2025, the Bybit exchange was hacked, resulting in the theft of approximately $1.5 billion worth of crypto assets, setting a new record for a single theft in crypto history.

Many of the major attacks in the past were not achieved through traditional technical vulnerabilities. Although exchanges and project owners invest billions of dollars in technical protection every year, in this world that seems to be built by mathematics and codes, many participants often underestimate the threats posed by social engineering.

The Nature and Evolution of Social Engineering

In the field of information security, social engineering has always been a unique and dangerous means of attack. Different from invading the system through technical loopholes or encryption algorithm defects, social engineering mainly uses human psychological weaknesses and behavioral habits to deceive and manipulate victims. It does not require a very advanced technical threshold, but can often cause extremely serious losses.

The advent of the digital age has provided new tools and stages for social engineering. This evolution is particularly evident in the field of encryption. The early crypto asset community was mainly composed of technology enthusiasts and cypherpunks, who were generally vigilant and had a certain level of technical literacy. However, as crypto assets gradually became popular, more and more new users who were not proficient in related technologies entered the market, creating fertile soil for social engineering attacks.

On the other hand, the highly anonymous and irreversible transaction characteristics make crypto assets an ideal target for attackers to reap profits. Once the funds are transferred to the wallets they control, it is almost impossible to recover them.

The reason why social engineering can be easily successful in the crypto field is largely due to various cognitive biases in the human decision-making process. Confirmation bias will make investors pay attention only to information that meets their expectations, herd mentality can easily lead to market bubbles, and FOMO emotions often cause people to make irrational choices when facing losses. Attackers skillfully use these psychological weaknesses and cleverly "weaponize" them.

Compared with trying to crack complex encryption algorithms, launching social engineering attacks is cheaper and more successful. A carefully forged phishing email or a job invitation that looks legitimate but is a trap is often more effective than facing technical difficulties directly.

Common social engineering techniques

Although there are many types of social engineering attack methods, the core logic still revolves around "deceiving the target's trust and information." The following is a brief description of several common methods:

Phishing

Email/SMS phishing: Using links disguised as exchanges, wallet service providers or other trusted institutions to trick users into entering sensitive information such as seed phrases, private keys, account passwords, etc.

Impersonating social platform accounts: For example, impersonating "official customer service", "well-known KOL" or "project party" on platforms such as Twitter, Telegram, Discord, etc., posting posts with fake links or fake event information, tricking users into clicking and entering keys or sending cryptocurrencies.

Browser extensions or fake websites: Building a fake website that is extremely similar to the real exchange or wallet website, or inducing the installation of malicious browser extensions. Once the user enters or authorizes on these pages, the key will be leaked.

Fake customer service/technical support

It is common in Telegram or Discord groups that someone pretends to be an "administrator" or "technical customer service" and guides users to hand over their private keys or transfer coins to a designated address on the grounds of helping to solve problems such as unsuccessful deposits, failed withdrawals, and wallet synchronization errors.

They may also lure victims through private messages or small groups, falsely claiming that they can "help recover lost coins", but in fact they are trying to lure more funds or obtain keys.

SIM Swap

The attacker bribes or deceives the customer service of telecom operators to transfer the victim's mobile phone number to the attacker in the background. Once the mobile phone number is stolen, the attacker can reset the password of the exchange, wallet or social account through SMS verification, two-factor authentication (2FA), etc., thereby stealing encrypted assets.

SIM Swap occurs more frequently in the United States and other places, and similar cases have also occurred in many countries.

Social engineering combined with malicious recruitment/headhunting

Attackers use the pretext of recruitment to send "job invitations" containing malicious files or links to the target's email or social media account, tricking the target into downloading and executing the Trojan.

If the target of the attack is an internal employee or core developer of a crypto company, or a "heavy user" who holds a large amount of coins, it may lead to serious consequences such as the company's infrastructure being invaded and keys being stolen.

In 2022, Axie Infinity's Ronin bridge security incident, according to The Block, was related to a fake job advertisement. People familiar with the matter revealed that the hacker contacted an employee of Axie Infinity developer Sky Mavis through LinkedIn, and after several rounds of interviews, he was informed that he was hired with a high salary. The employee then downloaded a forged acceptance letter presented in a PDF document, causing the hacker software to infiltrate Ronin's system, thereby hacking and taking over four of the nine validators on the Ronin network, leaving only one validator that could not be fully controlled, and then took control of the Axie DAO whose permissions had not been revoked to achieve the final invasion.

Fake airdrops/fake coin giveaways

Fake "official" activities that appear on platforms such as Twitter and Telegram, such as "Just transfer x coins to a certain address and you can double your money back", are actually scams.

Attackers also often use the names of "whitelist airdrop" and "testnet airdrop" to trick users into clicking on unknown links or connecting to phishing website wallets in order to trick them into providing keys or authorizations and steal coins.

In 2020, the Twitter accounts of many American politicians and business celebrities, including Obama, Biden, Buffett, and Bill Gates, as well as many well-known companies, were stolen. Hackers stole passwords, took over accounts, and posted messages, using double returns as bait to get users to send cryptocurrency funds to a designated account address link. In recent years, there are still a large number of "double return" scams impersonating Musk on YouTube.

Internal staff infiltration/departure employee work case

Some former employees of cryptocurrency companies or project teams, or current employees bribed by attackers, use their familiarity with internal systems and operating procedures to steal user databases, private keys, or perform unauthorized transactions.

In this type of scenario, technical vulnerabilities are more closely combined with social engineering, often causing large-scale losses.

Fake hardware wallets that have been implanted with a "backdoor" or have been tampered with

Attackers will sell hardware wallets on eBay, Xianyu, Telegram groups or other e-commerce/second-hand trading platforms at prices below market price or with authenticity guarantees. In fact, the chip or firmware inside the device has been replaced. Some users may accidentally buy refurbished or second-hand phones, and the seller may pre-import the private key. Once the buyer deposits funds, the attacker can use the same private key to withdraw them at any time.

In addition, some users received free replacement devices or security upgrade devices disguised as manufacturers (such as Ledger) after the data breach, with new mnemonic cards and operating instructions included in the package. Once the user uses these preset mnemonics or migrates the original mnemonics to the fake device, the attacker can gain full access to the wallet's assets.

The above examples are just the tip of the iceberg. The diversity and flexibility of social engineering make it particularly destructive in the field of cryptocurrency. For most ordinary users, these attacks are often difficult to defend against.

Greed and fear

Greed is always the most vulnerable weakness to manipulation. When the market is extremely active, some people will rush to the suddenly popular projects because of the herd effect. Fear and uncertainty are also common breakthroughs in social engineering. When the crypto market fluctuates violently or there are problems with the project, scammers will issue an "emergency notice" claiming that the project is in an extremely dangerous situation, inducing users to quickly transfer funds to the so-called safe address. Many novices are afraid of losses and find it difficult to think clearly, and are often easily swept into this panic.

In addition, the FOMO mentality is ubiquitous in the crypto ecosystem. The fear of missing out on the next bull market or the next Bitcoin causes people to rush to invest money and participate in projects, but they lack the basic ability to distinguish between risks and authenticity. Social engineering attackers only need to create an atmosphere that opportunities are fleeting and there is no possibility of doubling once missed, which is enough to make some investors fall into the trap.

Risk identification and prevention

Social engineering is difficult to prevent because it targets people's cognitive blind spots and psychological weaknesses. As an investor, you should pay attention to the following key points:

Raise safety awareness

Do not disclose private keys and mnemonics at will. Under no circumstances should you trust others and reveal your private keys, mnemonics, or sensitive identity information. The real official team will rarely ask for this kind of information through private chat.

Be wary of "unreasonable profit promises". Any activity that claims "zero risk and high returns" or "return of several times the principal" is most likely a scam.

Verify links and sources

Use browser plugins or official channels to check the URL. For websites of cryptocurrency exchanges, wallets, or decentralized applications (DApps), you need to double-check whether the domain name is correct.

Do not click on links of unknown origin. If the other party claims that it is an "airdrop benefit" or "official compensation", you should immediately verify it on regular social media or official channels.

Focus on community and social media screening

Check the official account's certification mark, number of followers, and interaction records. Avoid blindly joining unfamiliar private chat groups or clicking on unknown links in the group.

Be skeptical about "free lunch" information, read more, ask more questions, and verify with experienced investors or official channels.

Develop a healthy investment mindset

Look at market fluctuations rationally and avoid being swayed by short-term surges and plunges.

Always prepare for the worst and don't ignore potential risks because of "fear of missing out".

The enduring importance of the human factor

Human nature is the basis for social engineering to succeed again and again. Attackers will design all kinds of scams to target herd mentality, greed, fear, insecurity, and FOMO (fear of missing out).

As technology iterations and business models in the blockchain and encryption fields continue to expand, social engineering techniques will also evolve. The maturity of deepfake technology may pose a greater threat in the near future. Attackers may realistically impersonate project leaders through synthetic videos and audios, and connect with victims in real time. Multi-dimensional social engineering will also be upgraded. Attackers may lurk and collect information across multiple social platforms for a long time, and then attack their targets through carefully designed emotional manipulation.

The continued existence of social engineering reminds us that no matter how advanced the technology is, the human factor is still a core component of the system. It may be unrealistic to completely eliminate the impact of social engineering. Only by paying attention to both code and people can we help us build more resilient systems.

Share to:

Author: Foresight News

This article represents the views of the PANews columnist and does not represent PANews' position. PANews assumes no legal responsibility.

The article and opinions do not constitute investment advice

Image source: Foresight News. Please contact the author for removal if there is infringement.

depthCognition
Follow PANews official accounts, let's navigate bull and bear markets together
Telegram Discussion Group
Telegram Info Channel
@PANewsCN
Recommended Reading
一周预告一周预告6 hour ago
Weekly preview | US lawmakers to hold final vote on stablecoin GENIUS Act; Trump to attend TRUMP dinner on May 22
PA日报PA日报10 hour ago
PA Daily | Binance has issued an additional 3,860 tokens to users who received the REX airdrop; the UK plans to require crypto companies to report user and transaction data starting in 2026
白话区块链白话区块链11 hour ago
Is Ethereum’s Rally a Flash in the Pan?
深潮TechFlow深潮TechFlow14 hour ago
Binance Alpha's returns crush the airdrop track. Is it better to make money than to make money from alpha?
吴说区块链吴说区块链15 hour ago
The current status of the Ethereum Blob market after Pectra upgrade: L2 costs plummet, node pressure increases
FelixFelix19 hour ago
Chaos in the Internet Capital Market (ICM): Order and Disorder in Decentralized Financing

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

Pioneer's View: Crypto Celebrity Interviews

Exclusive interviews with crypto celebrities, sharing unique observations and insights

PAData: Web3 in Data

Data analysis and visualization reporting of industry hot spots

Memecoin Supercycle: The hype around attention tokenization

From joke culture to the trillion-dollar race, Memecoin has become an integral part of the crypto market. In this Memecoin super cycle, how can we seize the opportunity?

AI Agent: A Journey to Web3

The AI Agen innovation wave is sweeping the world. How will it take root in Web3? Let’s embark on this adventure together!