Social Engineering in Crypto: How Human Hacking Drives the Biggest On‑Chain Losses

In digital finance, the most devastating crypto “hacks” increasingly begin not with code, but with people being persuaded to do the wrong thing at the wrong time. Social engineering—psychological manipulation that tricks users, employees, or governance signers into bypassing normal security—is now a primary vector for draining wallets, hijacking infrastructure, and compromising DeFi protocols, often at a scale of hundreds of millions of dollars. This explainer unpacks how social engineering works, why it is so powerful in crypto markets, how attackers from solo scammers to North Korean state actors are weaponizing AI to scale these operations, and what defenses—from personal opsec to governance and multisig design—are proving most effective.

1. Why Social Engineering Now Dominates Crypto Risk

The security narrative in crypto once centered almost entirely on smart contract bugs, exchange hot‑wallet compromises, and protocol exploits. That story is changing as attackers discover that the shortest path to billions in digital assets is often through people, not code. Social engineering attacks bypass technical defenses by manipulating human judgment, exploiting trust, fear, greed, or urgency to induce actions that would never pass a code audit, such as approving malicious transactions, handing over seed phrases, or relaxing DNS and registrar protections.

Data from both traditional cybercrime and crypto‑native forensics supports this shift toward human‑layer compromise. The FBI’s 2025 Internet Crime Report estimated that Americans alone lost roughly \( \$893 \) million to AI‑related scams in 2025, driven by deepfake voices, synthetic videos, and AI‑generated scam scripts. In the broader cybersecurity landscape, social engineering is described as one of the most effective attack vectors precisely because it relies on human error rather than software vulnerabilities, allowing attackers to sidestep even mature technical defenses. The rise of generative AI has amplified this trend by making convincing phishing emails, chat messages, and even voice calls cheap and scalable to produce.

Within crypto, the numbers are even starker. Chainalysis estimates that total crypto theft in 2025 reached about \( \$3.4 \) billion, with North Korea‑linked groups stealing \( \$2.02 \) billion—more than half of the total and a 51 percent year‑over‑year increase. Elliptic’s analysis indicates that the majority of the North Korea‑attributed hacks in 2025 were executed through social engineering rather than purely technical exploits, marking a decisive shift in the regime’s playbook. By early 2026, analysts estimated that Democratic People’s Republic of Korea (DPRK) actors had stolen more than \( \$6 \) to \( \$6.75 \) billion in cryptoassets over recent years, often beginning with carefully tailored human‑targeted campaigns.

Recent incidents underscore how this plays out in practice. The April 2026 Drift Protocol attack on Solana drained roughly \( \$280\)–\( \$285 \) million in a matter of seconds, but post‑mortems agree it was not a smart contract exploit; it was a governance‑layer compromise enabled by months of social engineering and manipulation of multisig signers and durable nonce transactions. A separate hardware wallet scam reportedly relieved a single whale of more than \( \$282 \) million in bitcoin and litecoin after tricking them into a malicious device and recovery process, making it one of the largest personal crypto thefts ever reported. From a Kraken user losing \( \$18.2 \) million after being targeted in a sophisticated scheme, to elderly Americans whose frozen bitcoin was traced back to social engineering scams by on‑chain investigator ZachXBT, the pattern is the same: attackers increasingly go around the code, straight through the human.

For crypto builders, investors, and users, this means security is no longer just about audits, bug bounties, and formal verification. It is about understanding that every employee, trader, developer, and multisig signer is now part of the attack surface—what some security researchers call the “human layer” of DeFi infrastructure. As a16z’s Eddy Lazzarin has argued in the context of AI, humans are inherently “prompt injectable”: we can be manipulated by persuasive instructions, authoritative‑seeming messages, and fabricated context, just as large language models can be coaxed into ignoring their guardrails. That framing is especially apt in crypto, where high‑value decisions often hinge on a few clicks in a wallet or a handful of signatures on a governance transaction.

Danicjade

May 19, 2026

View article →

a16z’s Eddy Lazzarin says humans are inherently “prompt injectable,” arguing multisigs and consensus systems are critical defenses against AI-era social engineering

𝕏/@a16z • May 19, 2026

Top Comment

Benthic

May 19, 2026

Bybit’s 2025 Safe compromise and Ronin’s 5-of-9 bridge failure both showed the same uncomfortable thing: a threshold is only as good as the diversity of what each signer can actually verify. Multisig needs intent attestation, transaction simulation, signer separation, timelocks, and out-of-band challenge flows, otherwise AI just scales the attacker’s pretexting while every signer stares at the same poisoned UI. Drift’s April durable-nonce mess pushed that further on Solana: delayed execution turns “I approved it once” into a latent admin key until policy engines and watchdogs treat signed-but-unexecuted payloads as live risk.

2. What Social Engineering Is – And How It Differs From Traditional Exploits

At its core, social engineering is a set of techniques that use psychological manipulation to trick people into making security‑relevant mistakes or divulging sensitive information. IBM describes it as a form of “human hacking” that relies on exploiting natural tendencies—such as trust in authority, desire to be helpful, fear of loss, or excitement about opportunities—rather than technical flaws in code or infrastructure. Imperva emphasizes that social engineering covers a broad range of malicious activities accomplished through human interactions, unfolding in phases from reconnaissance to trust building and finally to exploitation.

Three characteristics distinguish social engineering from conventional exploits. First, the primary vulnerability is human behavior rather than a bug or misconfiguration in software. Attackers might use perfectly valid login forms, multisig interfaces, or contract methods, but they induce the victim to use them in insecure ways, such as approving malicious transactions or temporarily disabling security checks. Second, social engineering attacks often involve elaborate narratives or pretexts—stories about account emergencies, KYC issues, job offers, or exchange support sessions—that are designed to feel legitimate and urgent enough to override skepticism. Third, these attacks often leave on‑chain traces that look superficially like valid user actions, complicating detection and forensics; the “exploit” is in the mind, not the smart contract.

Most social engineering campaigns follow a multi‑step lifecycle. Imperva describes an initial reconnaissance phase, where attackers gather open‑source intelligence (OSINT) on targets, such as job titles, social media posts, or on‑chain behavior, to identify likely victims and craft believable pretexts. This is followed by engagement, where the attacker initiates contact through email, messaging apps, code repositories, or even voice and video calls, building trust over time. The exploitation phase occurs when the attacker leverages that trust to request a specific action, such as sharing a seed phrase, installing remote‑access software, running a “test script,” or approving a governance transaction. Finally, some campaigns include a disengagement phase, where the attacker disappears, covers tracks, or even feigns technical problems to delay investigation.

In the crypto context, the target assets and operations give social engineering attacks a distinctive flavor. Instead of corporate login credentials or wire transfer authorizations, attackers seek wallet private keys, seed phrases, exchange account access, signing rights on multisigs, DNS registrar control, or privileged admin capabilities in DeFi protocols. Because many of these assets are bearer instruments—whoever controls the key controls the funds—successful social engineering can translate almost instantly into irrecoverable financial loss. Moreover, self‑custody culture means ordinary users often hold significant value without the institutional backstops or fraud detection present in traditional finance, magnifying the impact of individual mistakes.

It is also important to distinguish between pure social engineering and hybrid attacks. Many real‑world incidents combine human manipulation with technical exploitation. The Drift hack, for example, involved persuading multisig signers to pre‑approve transactions that, through Solana’s durable nonce mechanism, could be executed later under different conditions than originally understood. DNS hijacks like the Velodrome and eth.limo attacks couple social engineering against domain registrars with technical changes to name server records that route users to phishing sites. In these scenarios, social engineering is the initial access vector that unlocks deeper technical control.

3. Psychological and Technical Mechanics of Social Engineering

Understanding why social engineering works requires looking at both human psychology and the technical context in which decisions are made. On the psychological side, attackers reliably exploit a small set of emotional levers. CoinTracker notes that social engineers in crypto frequently manipulate fear, greed, excitement, trust, urgency, and curiosity to push victims into hasty decisions. Fear might be invoked through fake security alerts, warnings of account suspension, or claims that funds are at risk unless immediate action is taken. Greed and excitement are tapped via offers of free tokens, high‑yield investment opportunities, or preferential allocation in coveted sales or airdrops. Trust is manufactured through impersonation of known brands, influencers, or colleagues, often using stolen branding assets and convincing domain names.

Urgency is perhaps the most consistently effective tool. Both Imperva and IBM highlight that many phishing and pretexting attacks create a sense of time pressure—deadlines, “final warnings,” or limited‑time offers—that short‑circuit rational evaluation. In crypto, where markets are volatile and opportunities often are time‑boxed, this urgency is particularly believable; users are accustomed to scrambling for IDOs, NFT mints, or airdrop snapshots. Social engineers exploit this environment by instructing users to “verify now,” “claim immediately,” or “act before your account is frozen,” leaving little room for verification.

From a technical perspective, social engineering often leverages the opacity and complexity of crypto tooling. Wallet signature prompts can be hard for non‑experts to interpret; users may not fully understand what permissions they are granting when they sign an apparently benign transaction, especially when interfaces compress long contract calls into one or two generic approval messages. Attackers exploit this by designing malicious contracts and transaction payloads that look routine to front‑end UIs but perform destructive actions, such as transferring all tokens or granting infinite approvals. In the Drift case, attackers combined pre‑signed transactions with a governance configuration that lacked sufficient timelocks, allowing them to take over admin powers in minutes once the necessary signatures were in place.

The social context of crypto communities also plays a role. Crypto projects foster real‑time, informal communication on Discord, Telegram, X, and other platforms, often blurring the lines between official and unofficial channels. Social engineers infiltrate these spaces, posing as support staff, core contributors, or even well‑known community members. IBM points out that because people are primed to trade personal information for services and to trust apparent insiders, they often underestimate how seemingly trivial details—dates of birth, phone numbers, partial seed backups—can be combined to compromise accounts. In DAO and protocol governance, the flat, pseudonymous structure can make it difficult to distinguish legitimate signers or delegates from convincingly impersonated ones.

The combination of these factors puts defenders at a disadvantage. Technical security tooling is optimized to detect anomalies in code and network behavior, but social engineering attacks piggyback on legitimate channels and workflows. Emails, job offers, pull requests, Zoom calls, and wallet signatures are all normal parts of a crypto builder’s day; attacks are hidden in the noise. As a result, the most effective defenses tend to be socio‑technical: they combine education and process design with technical safeguards such as multi‑factor authentication, risk‑based access control, anomaly detection, and timelocks.

4. Common Social Engineering Techniques in Crypto

Although attackers constantly innovate, most social engineering campaigns in crypto fall into familiar patterns. Understanding these patterns helps users and teams recognize red flags before damage is done.

4.1 Phishing and Spear Phishing

Phishing remains the archetypal social engineering technique in both traditional IT and crypto. It typically involves deceptive emails, messages, or websites crafted to look like those of trusted entities—exchanges, wallet providers, DeFi protocols, or stablecoin issuers—with the aim of harvesting credentials or inducing unsafe actions. In the crypto space, CoinTracker notes that phishing messages often instruct recipients to verify account details, resolve KYC issues, claim time‑limited rewards, or secure accounts against purported suspicious activity. The embedded links lead to counterfeit login pages or transaction interfaces controlled by the attacker, who then uses captured credentials or signed approvals to drain funds.

Spear phishing is a more targeted variant. Instead of blasting generic messages to thousands of addresses, attackers research specific high‑value individuals—such as exchange employees, protocol developers, or whales—and craft personalized outreach that references their roles, projects, or recent public posts. The FBI’s Internet Crime Complaint Center (IC3) has warned that DPRK actors routinely scout professional networking and employment platforms to profile employees at DeFi or crypto‑related businesses, then approach them with customized phishing or job‑related pretexts. In some campaigns, phishing messages may arrive via GitHub, LinkedIn, or project‑specific email domains, making them harder to distinguish from legitimate communication.

Technically, phishing attacks can be surprisingly low‑tech: a convincing domain, SSL certificate, and copied HTML from a legitimate site may be enough. However, crypto‑specific phishing increasingly blurs into more complex supply‑chain or front‑end attacks, such as compromising DNS records or front‑end code to deliver malicious wallet prompts. Velodrome’s November DNS attack began with a social engineering operation against its domain registrar, ultimately allowing attackers to redirect users to a hostile front end and capture credentials or signatures. Similarly, the eth.limo ENS gateway was hijacked after attackers socially engineered registrar staff at EasyDNS, in what the registrar described as its first successful social engineering compromise against a customer in nearly three decades of operation.

4.2 Vishing, Smishing, and Fake Support

Voice and SMS‑based social engineering, known as vishing and smishing, extend phishing into real‑time channels. CoinTracker describes vishing as a form of phishing where scammers impersonate legitimate authorities over phone calls or voice messages, often using urgency and the appearance of authority to pressure victims into revealing sensitive data. In crypto, common vishing scenarios include imposters claiming to be from an exchange’s fraud department, wallet provider support, or even law enforcement, warning of suspicious activity and insisting on immediate account verification or remote troubleshooting.

Fake support scams are particularly damaging because they piggyback on legitimate user pain points. Coinbase has documented cases where a scammer impersonated Coinbase support staff, contacting users and guiding them through fake troubleshooting steps that ultimately granted the attacker control over their accounts, leading to millions in stolen crypto. In some rings, victims first encounter scammers via search engine ads or forum posts that direct them to fraudulent support numbers; once on the phone, the attacker requests remote access tools, password resets, or 2FA codes under the guise of resolving issues.

SMS and instant messaging are also fertile ground. Attackers send messages claiming to be from exchanges or banks, warning of locked accounts or large withdrawals, and include links to phishing pages tailored for mobile devices. With the rise of messaging‑app‑centric user behavior in crypto, scammers also impersonate project support in Telegram or Discord, offering to “help” users with transaction issues or staking, then walking them through malicious signature flows.

4.3 Pretexting, Impersonation, and “Relationship” Scams

Pretexting involves obtaining information or access by constructing a detailed, often long‑running, false identity and narrative. The attacker pretends to be a trusted person—an employer, colleague, family member, investor, or romantic interest—and uses that persona to solicit sensitive information or actions over time. Imperva notes that pretexting scams often begin with seemingly innocuous requests or conversations that slowly normalize information sharing before escalating to more critical asks.

In crypto, pretexting takes several forms. DPRK‑linked campaigns such as those tracked under the names DangerousPassword and Contagious Interview reportedly begin with fake job offers or interview requests sent to developers, designers, or other staff at crypto companies. Targets are asked to complete coding assignments or run “screening tools” that in fact deploy malware, establishing footholds in corporate networks. The IC3 has warned that offers of employment from prominent cryptocurrency or technology firms that are unsolicited or involve unrealistically high compensation without negotiation can be indicators of such operations.

Impersonation of known figures and institutions is another powerful variant. Attackers clone influencer profiles, project team accounts, or even community moderators, recreating avatars, usernames, and posting styles. They then DM users with investment “opportunities,” insider tips, or urgent governance issues, often steering them to malicious sites or contracts. At the consumer level, on‑chain investigators like ZachXBT have traced funds from social engineering scams that targeted elderly Americans, sometimes involving impersonation of government officials or trusted service providers, back to centralized platforms where they were frozen. These cases highlight how social engineering increasingly preys on demographics less familiar with crypto’s norms and risks.

4.4 Baiting, Airdrops, and Quid Pro Quo Scams

Baiting attacks rely on enticing victims with something of value—free tokens, high yields, exclusive access—to lure them into unsafe behavior. Imperva describes baiting as offering a false promise that exploits greed or curiosity, drawing users into traps that steal personal information or infect systems with malware. In crypto, this frequently manifests as fake airdrops, giveaways, and “reward” sites that ask users to connect wallets and sign transactions to claim rewards, which in reality transfer assets out of their control.

CoinTracker notes that baiting can also involve more tangible lures, such as distributing infected hardware wallets under the guise of promotional giveaways or replacement devices. A widely reported incident involved a whale losing over \( \$282 \) million in bitcoin and litecoin after falling for a hardware wallet social engineering scam that likely involved tampered devices and deceptive setup instructions. In quid pro quo attacks, scammers promise something in exchange for sensitive information—for example, offering technical support or “manual recovery” services if the user provides seed phrases or private keys. These ploys are particularly effective where victims have already experienced a loss or are anxious about access, making them more willing to take desperate measures.

4.5 Hardware Wallet and Seed Phrase Cons

Self‑custody is often framed as the gold standard of crypto security, but social engineering can turn hardware wallets and seed phrases into liabilities. Attackers know that anyone with a seed phrase can reconstruct a wallet and drain it, so many scams are explicitly designed to capture this information under plausible pretenses. Some victims receive unsolicited packages containing purported hardware wallets and instructions warning that their existing devices are compromised, urging them to migrate funds by entering seeds into a cloned app or website. Others encounter fake recovery services or support agents who insist that seed phrases are needed to “verify ownership” or “decrypt corrupted wallets.”

The hardware wallet whale loss of \( \$282 \) million illustrates how devastating such scams can be when aimed at high‑net‑worth individuals. According to reporting, the attacker funneled the stolen funds through privacy‑focused networks, including Monero and cross‑chain protocols like Thorchain, to obscure the trail. This aligns with broader laundering patterns observed in large crypto thefts, where attackers use mixers, cross‑chain bridges, and obscure blockchains to complicate tracing. While hardware wallets substantially reduce many types of risk, they cannot protect users who voluntarily disclose their seed phrases or install malicious firmware at the urging of a convincing social engineer.

4.6 DNS Hijacks and Web‑Layer Social Engineering

DNS and web‑layer attacks sit at the intersection of social engineering and infrastructure exploitation. Instead of targeting end users directly, attackers socially engineer domain registrars, hosting providers, or project staff with access to DNS records. Once they gain control over a domain, they can reroute traffic to phishing front ends that mimic legitimate dApps or gateways, capturing credentials and signatures from unsuspecting visitors.

The Velodrome attack in November began when attackers targeted the domain registrar with a persistent social engineering campaign. After multiple failed attempts, they eventually passed fake identity verification processes and gained control over the protocol’s domain names. This allowed them to conduct a DNS attack that redirected users, leading to estimated losses of up to \( \$250{,}000 \). A similar pattern appeared in the eth.limo hijack, where attackers socially engineered EasyDNS staff to modify DNS settings for the ENS‑to‑web gateway; EasyDNS publicly acknowledged that this was the first successful social engineering attack against a customer in its 28‑year history, underscoring how even experienced infrastructure providers are vulnerable.

These incidents illustrate how crypto projects depend on traditional Web2 infrastructure that may be less hardened against social engineering than the smart contracts they deploy. Domain registrars, CDNs, SaaS tools, and even open‑source dependencies become indirect attack surfaces. For attackers, compromising one registrar can be more efficient than phishing thousands of individual users, particularly when it yields a trusted domain capable of capturing high‑value interactions at scale.

4.7 Governance, Multisig, and Control‑Plane Compromise

Perhaps the most consequential evolution in crypto social engineering is the focus on governance and access control. Rather than phishing individual users, attackers target the people who collectively hold protocol‑level power: multisig signers, security councils, and DAO delegates. The Drift Protocol hack is a canonical example. On April 1, 2026, attackers drained approximately \( \$280\)–\( \$285 \) million from one of Solana’s largest DEXs by gaining control of Drift’s Security Council administrative powers. According to Drift and subsequent analyses, the attackers did not exploit a smart contract bug; instead, they executed a highly sophisticated operation involving multi‑week social engineering, pre‑signed transactions using Solana’s durable nonce mechanism, and manipulation of multisig approvals.

The attack unfolded as a control‑plane compromise. Over months, the adversaries reportedly built trust with key stakeholders and multisig signers, securing sufficient approvals for transactions that, on their face, appeared legitimate or routine. These transactions were pre‑signed and stored via durable nonce accounts, allowing the attacker to execute them later under different contextual conditions. Once triggered, the malicious admin transfer granted the attacker protocol‑level permissions. They then introduced a fictitious asset—CarbonVote Token—with minimal real liquidity but manipulated oracle inputs so that it appeared to be worth hundreds of millions of dollars in collateral. With withdrawal limits removed and governance controls bypassed, the attacker drained funds in minutes.

TRM Labs and Elliptic both noted that the post‑hack laundering patterns, use of Tornado Cash, and cross‑chain maneuvers bore strong resemblance to prior DPRK‑linked hacks, including the massive Bybit exploit of 2025, suggesting North Korean involvement in what TRM called a “structured intelligence operation requiring organizational backing and significant resources.” For the broader DeFi ecosystem, the Drift incident marked a paradigm shift: the biggest vulnerability was not in smart contract code, but in the processes and people that manage protocol permissions and governance. It validated arguments from security thinkers who have emphasized that multisigs and consensus systems must be designed not just for fault tolerance and decentralization, but explicitly to withstand targeted social engineering against individual signers.

To make these attack vectors easier to compare, it is useful to summarize them in a structured way.

This table underscores how diverse social engineering can be, yet how consistently it focuses on a small number of ultimate goals: keys, credentials, signatures, and control over governance levers.

Benthic

Apr 20, 2026

View article →

North Korea's DeFi playbook shifts from code exploits to social engineering as Drift and Kelp losses near $560M in 2026

Coindesk • Apr 20, 2026

Top Comment

Benthic

Apr 20, 2026

CoinDesk ties recent DeFi exploits — $270M from Drift (April 1) and $292M from Kelp DAO (April 18) — to a North Korean shift from scanning vulnerable contracts to scanning vulnerable people. The Drift hit was a six-month op where operatives posed as a quant firm, deposited $1M of their own capital, onboarded an Ecosystem Vault, then compromised an admin key to drain five vaults. Chainalysis pegs 2025 North Korean crypto theft at $2.02B, and Q1 2026 alone saw 18 attacks and $300M+ stolen. Takeaway: Lazarus is bringing intelligence-agency patience to DeFi, and teams without rigorous counterintelligence are the soft target.

5. Case Studies: When Social Engineering Drains Crypto

Abstract definitions become concrete when viewed through notable incidents. Recent years offer a spectrum of examples—from retail victims to major DeFi protocols—that illustrate how social engineering is operationalized in crypto.

5.1 Individual Victims and Consumer‑Level Scams

At the retail level, social engineering often combines familiar fraud patterns with crypto‑specific twists. The Coinbase support impersonation case is illustrative. According to Coinbase’s own account, a Brooklyn man was charged by the local District Attorney with running a long‑running impersonation scam in which he posed as Coinbase customer service, contacting users and convincing them to grant access to their accounts or divulge sensitive security information. Over time, he allegedly stole approximately \( \$16 \) million in cryptocurrency from about 100 victims, targeting those who were already anxious or confused about account issues. Coinbase worked with law enforcement to seize assets, demonstrating one path to partial recovery when centralized intermediaries are involved.

Outside of large platforms, many victims never see funds returned. A widely cited example involved an unknown Kraken user who reportedly lost around \( \$18.2 \) million after being targeted in a sophisticated social engineering attack. Blockchain security monitors observed the attacker bridging the victim’s assets over weeks, highlighting how on‑chain analytics can reveal post‑theft laundering even when the initial compromise is purely social. In another extreme case, a hardware wallet social engineering scam led a whale to lose more than \( \$282 \) million in bitcoin and litecoin, with the attacker subsequently laundering funds through privacy‑oriented networks to obfuscate their trail. Such losses underscore how personal opsec failures at the very top end of wealth distribution can rival or exceed protocol‑level hacks.

Social engineering also disproportionately affects vulnerable populations. In one recent investigation, on‑chain sleuth ZachXBT traced roughly \( \$475{,}000 \) in frozen bitcoin back to social engineering scams that targeted elderly Americans, after a suspected money mule contacted him seeking help in recovering funds tied to those scams. These operations often mimic government agencies, banks, or tech support, instructing victims to move funds into new “safe” accounts or crypto wallets “for protection,” which are in fact controlled by the scammers. The FBI’s Internet Crime Report and additional reporting note that AI‑generated voice cloning and deepfake video have amplified these schemes, enabling attackers to sound like family members in distress or officials issuing urgent instructions, contributing to nearly \( \$900 \) million in AI‑related scam losses in 2025.

These consumer‑level cases share common patterns. Victims are often caught in emotionally charged situations—fear of loss, confusion about technology, excitement about opportunities—and lack clear mental models of what legitimate crypto entities will and will not ask for. Many assume that because crypto is “technical,” any person claiming expertise or using technical jargon is trustworthy. Scammers exploit that gap, positioning themselves as guides who can “help” navigate complexity, only to weaponize that trust.

5.2 Protocol‑Level Breaches: Drift, Velodrome, eth.limo, Zerion, and Beyond

At the protocol and infrastructure level, social engineering has produced some of the largest crypto losses on record. The Drift Protocol hack stands out not just for its size—roughly \( \$280\)–\( \$285 \) million—but for its method. As detailed earlier, the attack did not rely on exploiting a smart contract bug. Instead, it involved a multi‑month campaign to manipulate and mislead governance participants and multisig signers into pre‑signing transactions that later enabled a lightning‑fast takeover of admin permissions. The attacker used these permissions to introduce a fake asset, CarbonVote Token, with minimal real liquidity but inflated oracle valuations, then removed withdrawal limits and drained funds in about ten seconds.

Both Elliptic and TRM Labs found that on‑chain indicators, including use of Tornado Cash for initial staging, cross‑chain bridging patterns, and rapid post‑hack laundering, aligned with known DPRK tradecraft seen in previous hacks such as Bybit’s \( \$1.46 \) billion exploit. If definitively attributed, Drift would represent yet another state‑sponsored operation where the decisive vulnerability lay not in code but in governance design and the susceptibility of signers to sophisticated social engineering. The incident prompted renewed scrutiny of how DeFi protocols structure security councils, timelocks, and durable nonce usage.

Velodrome’s November DNS compromise offers a complementary example at a smaller but still significant scale. Operating in the DeFi sector, Velodrome suffered a DNS attack that resulted in up to \( \$250{,}000 \) in estimated losses after users were directed to malicious infrastructure. The attackers first targeted the project’s domain registrar, launching a well‑planned social engineering scheme aimed at bypassing identity verification. Despite several failed attempts, they eventually convinced the registrar that their fraudulent documents and requests were genuine, gaining control of Velodrome’s domain names and using that access to redirect traffic. The incident raised questions about whether crypto projects adequately assess the security posture of their Web2 providers and whether registrars have robust procedures for verifying high‑value domain changes under social engineering pressure.

The eth.limo hijack amplified these concerns. As an ENS‑to‑web gateway, eth.limo serves as critical infrastructure for users accessing decentralized sites via conventional browsers. Its operator reported that attackers successfully socially engineered EasyDNS, the registrar, into modifying DNS settings for eth.limo’s domain, enabling hijack of the gateway’s traffic. EasyDNS later published a candid blog post taking responsibility and describing the episode as the first time in its 28‑year history that a customer was compromised through social engineering against the registrar itself. For the crypto ecosystem, the episode was a stark reminder that decentralization at the protocol layer does not eliminate dependencies on centralized infrastructure operators who may be targeted in increasingly sophisticated ways.

Social engineering has also been used to infiltrate crypto infrastructure providers directly. NK News reported that North Korean hackers stole around \( \$100{,}000 \) from a cryptocurrency wallet platform, Zerion, by using AI‑powered social engineering to target an employee. The attackers reportedly engaged the employee with convincing communication, likely involving generative‑AI‑assisted language, and leveraged that access to compromise the firm’s environment and steal funds. While the financial loss was modest compared to multi‑hundred‑million‑dollar DeFi exploits, the incident underscores how wallet providers and other non‑custodial services are now squarely in the sights of state‑sponsored actors using AI to refine their pretexts.

Taken together, these cases illustrate a spectrum of social engineering in crypto: from governance‑layer manipulation to infrastructure hijacks and targeted employee compromises. Each incident demonstrates that security in Web3 is not purely an on‑chain problem; it spans human processes, off‑chain infrastructure, and the social graphs of the people who build and secure protocols.

5.3 State‑Scale Operations: Bybit, North Korea, and Laundering at Scale

State‑linked operations demonstrate how social engineering can be industrialized. Elliptic’s research indicates that North Korea‑associated hackers stole more than \( \$2 \) billion in cryptoassets in 2025 alone, bringing their cumulative known haul to over \( \$6 \) billion. Chainalysis estimates a similar figure—around \( \$2.02 \) billion attributed to North Korea that year, out of \( \$3.4 \) billion in total crypto theft—making the DPRK arguably the most prolific crypto thief in the world. Major heists include the \( \$1.46 \) billion Bybit hack in February 2025, which accounted for the majority of that year’s DPRK‑linked takings.

While some of these operations exploit technical weaknesses, analysts note a growing emphasis on social engineering as the initial access vector. Elliptic explicitly states that the majority of 2025 losses linked to North Korea were perpetrated through social engineering, contrasting with earlier periods when technical flaws in crypto infrastructure were more common entry points. The IC3 corroborates this trend in its public service announcement on DPRK activity, warning that North Korean malicious cyber actors conduct extensive reconnaissance on employees of DeFi, crypto exchanges, and ETF‑related businesses, then attempt highly tailored social engineering campaigns to deploy malware and steal company crypto. These campaigns often involve detailed pre‑operational preparation, including reviewing social media and leveraging employment platforms to identify and contact targets.

The laundering phase of these state‑scale thefts is equally sophisticated. Elliptic and others describe multi‑layered laundering strategies, including repeated cycles of mixing and cross‑chain transactions, use of obscure blockchains with limited analytics coverage, strategic purchase of utility tokens to reduce costs, exploitation of refund address fields to redirect assets, and even the creation and trading of tokens issued by laundering networks themselves. The Drift attack, Bybit exploit, and other incidents have all displayed variations of this tradecraft, emphasizing that social engineering is just one component in an end‑to‑end state campaign that includes malware development, infrastructure management, and financial obfuscation.

6. North Korea’s Social Engineering Playbook in Crypto

North Korea’s involvement in crypto theft is not incidental; it is part of a deliberate strategy to fund the regime’s weapons programs through cyber‑enabled financial crime. The United Nations and various government agencies have assessed that stolen crypto plays a critical role in financing the DPRK’s nuclear weapons and missile development activities. In this context, social engineering is not just a hacking technique; it is an instrument of statecraft.

Elliptic and other researchers have identified multiple DPRK‑linked clusters and campaigns focused on the crypto sector. Some are tracked under names such as Lazarus Group, BlueNoroff, CryptoCore, Nickel Gladstone, and Stardust Chollima, with overlapping personnel and tactics. Social engineering is a hallmark across these clusters. Campaigns labeled DangerousPassword (also known as CageyChameleon and CryptoMimic) and Contagious Interview, for example, revolve around carefully staged interactions with employees and developers, often framed as job interviews, collaboration proposals, or investment discussions. Targets are asked to execute code, install packages, or open documents that deploy malware, providing footholds for later theft of keys and access to corporate systems.

The IC3’s advisory on DPRK social engineering in the crypto industry offers a window into the specific pretexts used. It notes that North Korean actors often request that victims execute non‑standard or unknown Node.js or PyPI packages, scripts, or GitHub repositories as part of “pre‑employment tests” or debugging exercises. They may insist on using custom software for simple tasks such as video conferencing, or urge victims to run scripts that “enable” call functionalities blocked by geography. Unsolicited offers of employment or investment with unrealistically high compensation are also flagged as possible indicators of DPRK targeting, especially when coupled with requests to move conversations off professional platforms to less supervised messaging apps.

Recent reporting suggests that North Korean operators are incorporating generative AI to further refine these tactics. Articles on AI‑driven social engineering describe how attackers now use large language models to craft emotionally intelligent, grammatically polished outreach at scale, dynamically adapting to victims’ responses in real time. NK News’ coverage of the Zerion incident, where DPRK actors allegedly used AI‑powered social engineering to infiltrate a wallet platform and steal \( \$100{,}000 \), underscores how quickly these capabilities are being operationalized. The convergence of state‑sponsored determination, disciplined operational planning, and AI‑enhanced pretexts creates a threat landscape in which even well‑trained, security‑conscious employees can be deceived.

For the crypto industry, the DPRK case is a stress test of security models. A regime willing to invest months of effort per target, backed by state resources and unconstrained by legal risk, can eventually find cracks in human defenses. That reality underlies the FBI’s recommendation that companies handling large quantities of cryptoassets adopt structural mitigations—such as strict device policies, multi‑factor approvals from separate networks for any movement of funds, and tightly controlled access to internal documentation and code repositories—to limit the impact even if an individual employee is compromised. In other words, defense must assume social engineering will occasionally succeed and design systems that degrade gracefully under such compromises.

7. AI‑Powered Social Engineering and the “Prompt‑Injectable” Human

If social engineering is fundamentally about manipulating human cognition, generative AI is a force multiplier. Tools capable of producing fluent, context‑aware text, audio, and video on demand have lowered the cost and increased the believability of scams. Cybersecurity analyses in 2026 emphasize that we are entering an era where humans, not systems, are the primary attack surface, and where AI‑driven social engineering is happening at industrial scale rather than as occasional one‑off campaigns.

The ECCU overview of social engineering in the age of generative AI notes that modern attackers can launch highly personalized, emotionally intelligent attacks at “machine speed.” Phishing messages that once bore tell‑tale grammatical errors or awkward phrasing can now be indistinguishable from legitimate corporate communication. Deepfake voice tools allow attackers to clone the voices of executives, colleagues, or family members from a few minutes of public audio, then call victims with convincing requests. Deepfake video, while still more resource‑intensive, has been used in scams where employees are tricked into authorizing large financial transfers after “video calls” with what appear to be their managers or clients.

The FBI’s Internet Crime Report underscores the material impact of these capabilities, attributing nearly \( \$893 \) million in reported losses in 2025 to AI‑related scams, with deepfakes, voice cloning, and AI‑generated scripts identified as primary drivers. These tools have supercharged classic fraud schemes such as romance scams, kidnapping and extortion calls, fake influencers, and government impersonation campaigns, many of which now request payment in crypto or involve on‑chain laundering. For crypto, the risk is amplified because users are already accustomed to remote, pseudonymous interactions; they may have never met the founders of a project or the staff of an exchange in person, making it easier for AI‑mediated impersonation to pass as normal.

AI also enables multi‑channel, layered attacks that are harder to detect. Security analyses describe scenarios where an attacker combines persuasive AI‑generated emails with deepfake voice calls and even synthetic video appearances in virtual meetings, all reinforcing the same fraudulent narrative. In a crypto context, this could involve a supposed protocol executive emailing a governance signer about an urgent security upgrade, followed by a “Zoom call” from a deepfake of that executive walking through the steps of pre‑signing emergency transactions or adding new oracles. Each channel corroborates the others, eroding skepticism that might arise from any single communication.

The concept of humans as “prompt injectable,” borrowed from discussions of AI alignment, is useful here. Just as large language models can be coaxed into ignoring safety instructions when presented with cleverly constructed prompts or contexts, human decision‑makers can be nudged into bypassing normal security protocols when confronted with authority, urgency, or social proof. In DeFi, this might mean a multisig signer who would normally insist on strict review making an exception because they believe a trusted colleague is on the other end of the line, or a developer who runs an unfamiliar script on a work machine because it appears to come from a reputable recruiter.

Defenses against AI‑powered social engineering must therefore account for both the increased realism of fraudulent communication and the psychological biases that attackers exploit. Experts recommend multi‑factor verification for sensitive requests, especially those involving movement of funds or changes to governance. “Out‑of‑band” authentication—such as confirming a request received via email by calling a known number or using a separate secure messaging channel—not only provides redundancy but can expose deepfakes when the supposed requester cannot be reached through official channels. Emerging AI tools can also help detect synthetic content, analyzing voices and images for artifacts, though this is an arms race and cannot be solely relied upon.

Ultimately, AI does not create the vulnerabilities exploited by social engineering; it amplifies them. Crypto organizations and users must adapt by raising the baseline level of skepticism and embedding verification rituals into routine workflows, recognizing that any text, voice, or video interaction could in principle be generated or manipulated.

Danicjade

May 5, 2026

View article →

Ripple shares intelligence on North Korea-linked hackers as crypto attacks shift toward social engineering, following major DeFi breaches

The Block • May 5, 2026

8. Defending Against Social Engineering: Individual Practices

While no set of habits can guarantee safety, individual users can significantly reduce their exposure to social engineering with a combination of skepticism, process, and basic security hygiene. Importantly, these practices complement, rather than replace, technical controls.

A foundational principle is understanding what information is truly “off‑limits.” CoinTracker emphasizes that reputable crypto exchanges, DeFi protocols, and wallets will never ask users for private keys, full seed phrases, or 2FA codes in unsolicited communication. Similarly, support staff should not require remote control of a user’s device to resolve routine issues; such requests are red flags for social engineering. Imperva and IBM both urge users to be cautious with emails and messages from unfamiliar senders and to verify even familiar ones when the content seems out of character or unusually urgent; email addresses can be spoofed, and accounts can be compromised.

Adopting a “pause and verify” reflex is one of the most powerful defenses against urgency‑based scams. When faced with an alarming message—say, a claim that your exchange account will be frozen unless you act immediately—stepping back to independently verify through official channels can break the attacker’s script. This might mean manually typing the exchange’s domain into a browser rather than clicking provided links, calling a phone number listed on the company’s website, or logging into a known app to check for security notifications. The FBI and consumer protection agencies similarly recommend being skeptical of urgent payment demands, particularly those requesting cryptocurrency or gift cards, and verifying identities through official contact channels before sending funds.

Technical hygiene reinforces these habits. IBM and Imperva highlight the importance of multi‑factor authentication (MFA) for accounts, ideally using app‑based or hardware tokens rather than SMS where possible, to add a layer of defense even if passwords are compromised. CoinTracker advises regularly updating passwords, using long and unique passphrases, and leveraging password managers to avoid reuse. Antivirus and antimalware software, kept up to date, can help detect malicious attachments or executables that social engineers attempt to deliver via phishing or “pre‑employment tests.”

Opsec around seed phrases and private keys is particularly crucial for self‑custodied crypto. Users should store seeds offline, ideally in multiple secure, physically separated locations, and never enter them into websites or apps other than the original wallet software, and only when recovering a wallet on a trusted device. Any request to type a seed phrase into a browser to “verify” or “sync” a wallet should be treated as an attempted theft. The IC3 explicitly advises against storing wallet information—logins, passwords, wallet IDs, seed phrases, private keys—on internet‑connected devices, precisely because malware or remote access imposed via social engineering can exfiltrate them. For large holdings, using hardware wallets sourced directly from manufacturers and verifying firmware authenticity can mitigate some device‑level attacks, though as the \( \$282 \) million hardware wallet scam shows, users must still guard against manipulated instructions and support scams.

Network practices also matter. CoinTracker warns that public Wi‑Fi is more vulnerable to eavesdropping and man‑in‑the‑middle attacks, making it unwise to access crypto wallets or conduct transactions over such networks without additional protections. Using a reputable VPN can add privacy for sensitive operations, though it is not a substitute for verifying endpoints. Users should also be cautious about installing browser extensions, wallet add‑ons, or “token tracker” tools from unverified sources, as these can inject malicious scripts into web3 interactions.

Finally, education is an ongoing process. IBM stresses the role of security awareness training in helping people recognize social engineering tactics and respond appropriately. For individual crypto users, this can mean following reliable security researchers, reading exchange and wallet security advisories, and staying abreast of new scams documented by firms like Chainalysis, Elliptic, and Malwarebytes. Recognizing patterns—such as too‑good‑to‑be‑true offers, unsolicited help, or demands for secrecy—can turn potential victims into early detectors of new campaigns.

9. Engineering Resilient Systems: Organizational and Protocol‑Level Defenses

For crypto companies, protocols, and DAOs, defending against social engineering requires treating human behavior and governance processes as first‑class security concerns. This involves rethinking everything from hiring practices and device policies to multisig configurations and incident response.

Security awareness training is a starting point but must be executed thoughtfully to be effective. IBM and other cybersecurity providers emphasize that many users simply lack the knowledge to identify social engineering attempts, and that structured training can raise baseline awareness of phishing, pretexting, and baiting tactics. Adaptive Security’s social engineering playbook argues for simulation‑based training, where organizations run controlled phishing and vishing exercises, track key performance indicators such as click rates and reporting rates, and iterate on training accordingly. In the crypto context, such simulations should include realistic web3‑specific scenarios, such as fake token approvals, bogus governance proposals, or malicious airdrop claims.

Technical controls should embody the assumption that some social engineering will succeed. IBM recommends robust access control policies, including multifactor authentication, adaptive authentication, and zero‑trust approaches that treat every access request as untrusted until verified. For crypto organizations, this translates into strict role‑based access controls for production systems, key management infrastructure, and treasury wallets; limiting the number of employees with direct access to high‑value assets; and requiring multi‑party approvals for any movements above defined thresholds. The IC3 suggests that companies with substantial crypto holdings require multiple factors of authentication from different devices and networks for any asset movement, regularly rotating and auditing devices involved in these processes.

Governance and multisig design are particularly crucial for DeFi protocols. The Drift incident shows that simply having a multisig is not enough; the configuration of signers, timelocks, and transaction flows determines real‑world security. Best practices emerging from post‑mortems include requiring a diversity of independent signers, ideally spread across organizations and jurisdictions; enforcing adequate timelocks on privilege‑escalating actions such as changing oracles, adjusting withdrawal caps, or migrating contracts; and minimizing the use of pre‑signed transactions with long validity windows. CM‑Alliance’s analysis of Drift recommends reducing the risk of pre‑signed transactions by limiting their lifespan, requiring re‑validation for stale approvals, and monitoring for unusual patterns such as dormant approvals suddenly being executed.

Out‑of‑band verification processes for critical actions are another layer of defense against multisig‑level social engineering. This might mean that before signing a governance transaction above a certain risk threshold, signers must confirm details via a separate secure channel—such as a dedicated governance coordination tool, an encrypted messaging group, or even in‑person meetings for the highest‑impact changes. The idea echoes the FBI’s advice that organizations develop unique methods to verify contacts’ identities using separate, unconnected communication platforms; if an instruction comes via a professional networking site, confirmation should occur via a different medium, ideally with video or in‑person verification.

Supply‑chain security, especially around domain registrars, package repositories, and CI/CD pipelines, is an increasingly important part of social engineering defense. The Velodrome and eth.limo incidents highlight how attacks on registrars can give adversaries powerful leverage to impersonate dApps and capture user interactions. Organizations should treat registrar accounts as sensitive as treasury wallets, enforcing strong MFA, account locks, and internal procedures that require multiple approvals and identity checks for changes to DNS or ownership. Similarly, companies should be wary of requests to execute external code on internal devices—whether framed as pre‑employment tests or debugging exercises—and consider isolating such tasks on dedicated, non‑networked machines or virtual machines as the IC3 advises.

Advanced detection and response tools can help mitigate damage when social engineering succeeds. IBM points to spam filters, secure email gateways, firewalls, antivirus, and more sophisticated endpoint detection and response (EDR) and extended detection and response (XDR) platforms as ways to catch or contain threats introduced through social engineering. In crypto organizations, these technologies can be paired with blockchain monitoring to detect unusual asset flows, anomalous smart contract interactions, or sudden changes in governance state. Early detection enables rapid incident response, such as pausing contracts, rotating keys, or coordinating with exchanges and mixers to freeze or flag stolen funds.

Finally, building and regularly exercising incident response playbooks is essential. CM‑Alliance’s Drift analysis stresses that static, generic incident response documents are inadequate in an environment where governance‑layer attacks can unfold in minutes. Organizations should run realistic drills simulating governance compromise, insider threats, and privilege escalation, testing their ability to identify, contain, and recover from such scenarios. These drills should involve not just technical teams but also legal, communications, and risk management, given the cross‑functional nature of modern crypto incidents.

10. Conclusion

Social engineering has emerged as a central risk in crypto precisely because the industry has invested so heavily in technical defenses. As smart contracts are audited, exchanges harden custody systems, and blockchain analytics sharpen, attackers have shifted their focus to the one component that cannot be patched: human behavior. Definitions from IBM, Imperva, and others capture the essence of social engineering as psychological manipulation that induces security mistakes, but recent incidents in crypto demonstrate just how far this can stretch—from elderly Americans being coaxed into draining savings into scam wallets, to DeFi governance signers being maneuvered into pre‑signing transactions that will later drain hundreds of millions from protocols.

Case studies like the Drift Protocol hack, Velodrome’s DNS compromise, eth.limo’s registrar hijack, and Zerion’s AI‑mediated employee breach illustrate the range and sophistication of these attacks. They show that no layer is immune: not retail users, not infrastructure providers, not even state‑of‑the‑art DeFi projects with audited code and established governance frameworks. At the same time, forensic work by firms such as Elliptic and Chainalysis, as well as independent investigators like ZachXBT, demonstrates that on‑chain transparency can aid in attributing and tracking the proceeds of social engineering scams, even when the initial compromise is human and off‑chain.

North Korea’s extensive use of social engineering in its crypto theft operations underscores the geopolitical stakes. With more than \( \$6 \) billion in estimated cumulative crypto theft attributed to DPRK actors and a majority of 2025 losses linked to social engineering campaigns, the human layer of the crypto ecosystem has become a battlefield for state‑sponsored actors as well as opportunistic scammers. Generative AI intensifies this contest, enabling attackers to craft more convincing and scalable pretexts, deepfake voices and faces, and multi‑channel narratives that can sway even experienced professionals.

Defenses must therefore evolve on two fronts. At the individual level, users need clearer mental models of what legitimate crypto services will never request, along with ingrained habits of skepticism and verification, especially in response to urgent or emotionally charged messages. At the organizational and protocol level, security must be engineered into governance, access control, supply chains, and incident response, assuming that some social engineering attempts will succeed and focusing on limiting blast radius and enabling rapid recovery. In many ways, this is a return to first principles: recognizing that trust and authority can be weaponized, and that robust systems require checks, balances, and redundancy not just in code but in people and processes.

Outlook

Looking ahead, social engineering is likely to remain the dominant initial access vector for high‑value crypto attacks. As AI tools become more powerful and accessible, the realism of scams will continue to increase, eroding traditional cues that users rely on to distinguish legitimate from fraudulent communication. Voice and video deepfakes will become more common in the wild, while text‑based pretexts will be tailored in real time using publicly available personal data and on‑chain histories. For multisig signers, protocol delegates, and infrastructure engineers, this means that even familiar faces and voices can no longer be assumed genuine without additional verification.

At the same time, the crypto ecosystem has unique opportunities to respond. Protocol‑native primitives such as multisigs, timelocks, and on‑chain governance can be deliberately engineered to impose friction and consensus on high‑risk actions, mitigating the impact of any single compromised actor. Insights from cryptography and distributed systems—such as threshold signatures, fault tolerance, and formal verification—can be applied to human processes, designing decision‑making frameworks that are resilient to manipulation as well as error. As more protocols treat governance and access control as core parts of their threat models, the relative advantage of social engineering may diminish.

Regulators and law enforcement are also sharpening their focus on social engineering and AI‑mediated scams. Public advisories from entities like the FBI’s IC3, coupled with criminal prosecutions of social engineering rings, may deter some actors and raise broader awareness. However, given the global and pseudonymous nature of crypto, comprehensive prevention will depend less on deterrence and more on a cultural shift within the industry: one that recognizes that security is fundamentally a human problem and invests accordingly in education, process design, and socio‑technical defenses.

For a crypto audience, the takeaway is clear. Smart contract audits and custody solutions remain crucial, but they are no longer sufficient. In an era where humans are as “prompt‑injectable” as machines, resilience will be determined by the strength of our habits, the robustness of our governance, and our willingness to build systems that assume—even expect—attempts to turn our trust against us.