Home Industry News science events
  • 简体中文
  • English
  • 简体中文
  • English
Home > Industry News > News detail

Illusions and puzzles: social engineering and human nature game in the crypto world

Blockchain platform
14 Mar 2025 02:00:56 PM
People are the weakest link in the security system.Security is like a chain, it depends on the weakest link. And people are the Achilles' heel in the cryptographic system. When the market was still obsessed with building more complex crypto
Illusions and puzzles: social engineering and human nature game in the crypto world

People are the weakest link in the security system.

Security is like a chain, it depends on the weakest link. And people are the Achilles' heel in the cryptographic system. When the market was still obsessed with building more complex cryptographic protection mechanisms, attackers had already found a shortcut: no need to crack the password, just manipulate the person who uses the password.

People are the weakest link, and also the least valued link. In other words, people are the easiest loopholes for hackers to break through and exploit, and they are also the shortcoming of enterprises with the least investment in security and the slowest improvement.

According to the latest report from blockchain analysis company Chainalysis, in 2024, North Korean hackers launched 47 complex attacks and stole assets worth $1.3 billion from global crypto asset platforms, a year-on-year increase of 21%. Even more shocking is that on February 21, 2025, the Bybit exchange was hacked, resulting in the theft of crypto assets worth about $1.5 billion, setting a new record for a single theft in the history of cryptocurrencies.

Many of the major attacks in the past were not achieved through traditional technical vulnerabilities. Although exchanges and project owners invest billions of dollars in technical protection every year, in this world that seems to be built by mathematics and code, many participants often underestimate the threat posed by social engineering.

The nature and evolution of social engineering

In the field of information security, social engineering has always been a unique and dangerous means of attack. Unlike invading the system through technical vulnerabilities or encryption algorithm defects, social engineering mainly uses human psychological weaknesses and behavioral habits to deceive and manipulate victims. It does not require too high a technical threshold, but it can often cause extremely serious losses.

The advent of the digital age has provided new tools and stages for social engineering. In the field of encryption, this evolution is particularly evident. The early crypto asset community was mainly composed of technology enthusiasts and cypherpunks, who generally had vigilance and certain technical literacy. But as crypto assets gradually became popular, more and more new users who were not proficient in related technologies entered the market, creating fertile soil for social engineering attacks.

On the other hand, the highly anonymous and irreversible transaction characteristics make crypto assets an ideal target for attackers to reap profits. Once the funds are transferred to the wallets they control, it is almost impossible to recover them.

The reason why social engineering can be easily successful in the field of encryption is largely due to various cognitive biases in human decision-making. Confirmation bias will make investors pay attention only to information that meets their expectations, herd mentality can easily lead to market bubbles, and FOMO emotions often lead people to make irrational choices when facing losses. Attackers skillfully use these psychological weaknesses and cleverly "weaponize" them.

Compared with trying to crack complex encryption algorithms, launching social engineering attacks is cheaper and has a higher success rate. A carefully forged phishing email or a job invitation that looks formal but hides traps is often more effective than facing technical difficulties directly.

Common social engineering techniques

Although there are many types of social engineering attack techniques, the core logic still revolves around "deceiving the target's trust and information". The following is a brief description of several common methods:

Phishing

Email/SMS phishing: Using links disguised as exchanges, wallet service providers or other trusted institutions to induce users to enter sensitive information such as seed phrases, private keys, account passwords, etc.

Impersonating social platform accounts: For example, impersonating "official customer service", "well-known KOL" or "project party" on platforms such as Twitter, Telegram, Discord, etc., posting posts with fake links or fake event information to trick users into clicking and entering keys or sending cryptocurrencies.

Browser extensions or fake websites: Building a copycat website that is extremely similar to the real exchange or wallet website, or inducing the installation of malicious browser extensions. Once users enter or authorize on these pages, the keys will be leaked.

Fake customer service / impersonating technical support

Common in Telegram or Discord groups, someone impersonates "administrator" or "technical customer service" to help solve problems such as recharge failure, withdrawal failure, wallet synchronization error, etc., and guides users to hand over private keys or transfer coins to a designated address.

It is also possible to win over victims through private messages or small groups, falsely claiming to be able to "help find lost coins", but in fact it is to lure more funds or obtain keys.

SIM card swap (SIM Swap)

The attacker bribes or deceives the customer service of telecom operators to transfer the victim's mobile phone number to the attacker in the background. Once a mobile phone number is stolen, the attacker can reset the password of the exchange, wallet or social account through SMS verification, two-factor authentication (2FA), etc., thereby stealing crypto assets.

SIM Swap occurs more frequently in the United States and other places, and such cases have also occurred in many countries.

Social engineering combined with malicious recruitment/headhunting

Under the guise of recruitment, the attacker sends a "job invitation" with malicious files or links to the target's email or social media account, tricking the target into downloading and executing the Trojan.

If the target of the attack is an internal employee or core developer of a crypto company, or a "heavy user" who holds a large number of coins, it may lead to serious consequences such as the intrusion of the company's infrastructure and the theft of keys.

In 2022, the Ronin bridge security incident of Axie Infinity was reported by The Block to be related to a fake recruitment advertisement. People familiar with the matter revealed that the hacker contacted an employee of Sky Mavis, the developer of Axie Infinity, through LinkedIn, and after several rounds of interviews, he was informed that he was hired with a high salary. The employee then downloaded a fake acceptance letter presented in a PDF document, causing the hacker software to infiltrate Ronin's system, thereby hacking and taking over four of the nine validators on the Ronin network, leaving only one validator that could not be fully controlled. The hacker then took control of the unrevoked Axie DAO to achieve the final invasion.

Fake airdrops/fake coin giveaways

Fake "official" events that appear on platforms such as Twitter and Telegram, such as "Just transfer x coins to a certain address and you can double the return", are actually scams.

Attackers also often use the names of "whitelist airdrops" and "testnet airdrops" to trick users into clicking on unknown links or connecting to phishing website wallets to trick them into giving away keys or authorizations and stealing coins.

In 2020, the social media Twitter accounts of many American political and business celebrities, including Obama, Biden, Buffett, and Bill Gates, as well as many well-known companies, were stolen. Hackers stole passwords, took over accounts, and posted messages, using double returns as bait to get users to send cryptocurrency funds to designated account address links. In recent years, there are still a large number of "double return" scams impersonating Musk on YouTube.

Insider infiltration/resigned employee cases

Some former employees of cryptocurrency companies or project teams, or current employees bribed by attackers, use their familiarity with internal systems and operating procedures to steal user databases, private keys, or perform unauthorized transactions.

In this type of scenario, technical vulnerabilities are more closely combined with social engineering, often causing large-scale losses.

Fake hardware wallets with "backdoors" or tampered with

Attackers will sell hardware wallets on eBay, Xianyu, Telegram groups or other e-commerce/second-hand trading platforms at gimmicks such as lower than market prices or authenticity guarantees. In fact, the chip or firmware inside the device has been replaced. Some users may inadvertently purchase refurbished or second-hand phones, and the seller may pre-import the private key. Once the buyer deposits funds, the attacker can use the same private key to take it away at any time.

In addition, some users received free replacement devices or security upgrade devices disguised as manufacturers (such as Ledger) after the data breach, and the package also came with new mnemonic cards and operating instructions. Once the user uses these preset mnemonics or migrates the original mnemonics to a fake device, the attacker can gain full access to the wallet's assets.

The above examples are just the tip of the iceberg. The diversity and flexibility of social engineering make it particularly destructive in the field of cryptocurrency. For most ordinary users, these attacks are often hard to defend against.

Greed and fear

Greed is always the most easily manipulated weakness. When the market is extremely active, some people will rush to the suddenly popular projects because of the herd effect. Fear and uncertainty are also common breakthroughs in social engineering. When the encryption is violently volatile or the project has problems, scammers will issue an "emergency notice" claiming that the project is in an extremely dangerous situation, inducing users to quickly transfer funds to the so-called safe address. Many novices are afraid of losses and find it difficult to think clearly, and are often easily swept into this panic.

In addition, the FOMO mentality is ubiquitous in the crypto ecosystem. The fear of missing out on the next bull market or the next Bitcoin causes people to rush to invest and participate in projects, but they lack the basic ability to distinguish between risks and authenticity. Social engineering attackers only need to create an atmosphere where opportunities are fleeting and there is no possibility of doubling once missed, which is enough to make some investors fall into the trap.

Risk identification and prevention

Social engineering is difficult to prevent because it targets people's cognitive blind spots and psychological weaknesses. As an investor, you should pay attention to the following key points:

Improve security awareness

Do not disclose private keys and mnemonics at will. Under no circumstances should you trust others and reveal your private keys, mnemonics or sensitive identity information. The real official team will hardly ask for such information through private chat.

Be wary of "unreasonable profit promises". Any activities that claim "zero risk and high returns" and "returning several times the principal" are likely to be scams.

Verify links and sources

Use browser plug-ins or official channels to verify the URL. For websites of cryptocurrency exchanges, wallets or decentralized applications (DApps), you need to repeatedly confirm whether the domain name is correct.

Do not click on links of unknown origin at will. If the other party claims to be "airdrop benefits" or "official compensation", you should verify it on regular social media or official channels as soon as possible.

Pay attention to community and social media identification

Verify the certification mark, number of fans and interaction records of official accounts. Avoid blindly adding unfamiliar private chat groups and clicking on unknown links in groups.

For "free lunch" information, you must remain skeptical, read more and ask more, and verify it with experienced investors or official channels.

Build a healthy investment mentality

Look at market fluctuations rationally and avoid being swept up by short-term surges and plunges.

Always be prepared for the worst, and don't ignore potential risks because of "fear of missing out".

The eternal importance of human factors

Human nature is the foundation for social engineering to succeed repeatedly. Attackers will design all kinds of scams targeting traits such as herd mentality, greed, fear, insecurity, and FOMO (fear of missing out).

As technology iterations and business models in the blockchain and crypto fields continue to expand, social engineering methods will also evolve. The maturity of deepfake technology may pose a greater threat in the near future. Attackers may realistically impersonate project leaders and connect with victims in real time through synthetic videos and audio. Multi-dimensional social engineering will also be upgraded. Attackers may lurk and collect information across multiple social platforms for a long time, and then attack their targets through carefully designed emotional manipulation.

The continued existence of social engineering reminds us that no matter how advanced the technology is, the human factor is still a core component of the system. It may be unrealistic to completely eliminate the impact of social engineering. Only by paying attention to both code and people can we help us build more resilient systems.

Crypto World
Recommended Reading
Brazilian banking giant Itaú invests $210 million to establish Oranje to accumulate strategic Bitcoin reserves
Brazilian banking giant Itaú invests $210 million to establish Oranje to accumulate strategic Bitcoin reserves
29 Apr 2025
 Cambridge University report: The proportion of sustainable energy used in Bitcoin mining has increased to 52.4%
Cambridge University report: The proportion of sustainable energy used in Bitcoin mining has increased to 52.4%
29 Apr 2025
 From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
29 Apr 2025
 The Sandbox: Single-wallet Web3 gaming is still a player’s vision
The Sandbox: Single-wallet Web3 gaming is still a player’s vision
29 Apr 2025
 Bitcoin (BTC) Could Reach $210,000 by 2025, Says Presto Research Head
Bitcoin (BTC) Could Reach $210,000 by 2025, Says Presto Research Head
29 Apr 2025
 Arizona Legislature Passes Bitcoin Reserve Bill, Sends It to Governor
Arizona Legislature Passes Bitcoin Reserve Bill, Sends It to Governor
29 Apr 2025
 Ethereum Fusaka hard fork scheduled for late 2025
Ethereum Fusaka hard fork scheduled for late 2025
29 Apr 2025
 Mastercard plans to integrate stablecoins into global payments network
Mastercard plans to integrate stablecoins into global payments network
29 Apr 2025
Popular Searches
ai Cryptocurrency Ethereum btc gold 比特币 Dollar Binance Securities Trading Crypto Trading
Related News
Brazilian banking giant Itaú invests $210 million to establish Oranje to accumulate strategic Bitcoin reserves
Brazilian banking giant Itaú invests $210 million to establish Oranje to accumulate strategic Bitcoin reserves
Cambridge University report: The proportion of sustainable energy used in Bitcoin mining has increased to 52.4%
Cambridge University report: The proportion of sustainable energy used in Bitcoin mining has increased to 52.4%
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
From the desert to the racetrack: How can exchanges make their presence felt in TOKEN2049?
The Sandbox: Single-wallet Web3 gaming is still a player’s vision
The Sandbox: Single-wallet Web3 gaming is still a player’s vision