How to Protect Yourself from Social Engineering in Crypto

The attacks that bypass every technical security measure

You can use a hardware wallet, enable 2FA on every account, and memorize all the on-chain red flags. None of these protections helps when the attack targets your psychology rather than your technology. Social engineering — manipulating people into voluntarily compromising their own security — is responsible for more crypto losses than all technical exploits combined.

---

The most common social engineering attacks in crypto

"Crypto support" impersonation: You post about a problem with your wallet on Twitter or Reddit. Within minutes, multiple "helpful" accounts reply offering to assist via DM. They guide you through a "recovery process" that ends with you entering your seed phrase on a fake wallet website. Rule: no legitimate wallet or exchange support will ever DM you unsolicited, and no legitimate support process ever requires your seed phrase.

Romance/pig butchering scams: A sophisticated, long-term manipulation where the attacker builds a romantic or friendship relationship over weeks or months — establishing deep trust — before introducing a "too good to be true" crypto investment opportunity. The victim is guided to a fake trading platform that shows impressive returns, encouraged to invest increasingly large amounts, and then loses everything when they attempt to withdraw.

Fake project "collaboration" offers: A team member of an "exciting new project" reaches out offering a partnership, investment opportunity, or collaboration. They send a contract, a pitch deck, or a "demo app" — which is malware that steals credentials or seeds a wallet drainer.

Authority impersonation: Fake Binance compliance officers, SEC investigators, or even law enforcement officers who claim your funds are "under investigation" and must be moved to a "safe wallet" (their wallet) immediately to avoid freezing.

---

The psychological mechanisms being exploited

• Authority: Humans are predisposed to comply with apparent authority figures
• Reciprocity: When someone appears to help us, we feel obligated to trust and help them in return
• Scarcity and urgency: Time pressure disables careful thinking
• Liking/rapport: The pig butchering scam invests weeks in building genuine emotional connection before the financial ask

---

The universal defense: slow down

Social engineering attacks depend on urgency. Every manipulation technique above includes an element of time pressure. The most powerful defense against all forms of social engineering is a simple rule: any unsolicited contact involving your crypto assets gets a mandatory 24-hour pause before any action.

Additional rules that eliminate the majority of social engineering attacks:

• Your seed phrase is never shared with anyone, under any circumstances, for any reason
• Unsolicited DMs about crypto are presumed to be scams until proven otherwise
• No legitimate platform requires moving funds to a "safe wallet" to protect them
• If an opportunity requires secrecy from people in your life, it's a scam

Apply the same scrutiny to token opportunities that you would to personal contacts. Check every token on Hannisol before acting on any "opportunity" you hear about through unsolicited channels.