Background: Recently, the Chainbase Lab detected and captured a phishing email campaign disguised as an “audit/compliance confirmation.” After desensitizing the relevant malicious samples, Chainbase shared them with the SlowMist security team. The two parties jointly conducted an investigation and analysis of the malicious samples.
SlowMist (opens in new tab)Bitcoin security firm Casa has released four new features targeting social engineering, the dominant crypto theft vector in 2025. As the FBI reports crypto fraud losses exceeding $11 billion, Casa introduced Guardian Mode (requiring a live video verification call and a 48-hour hold for transactions), Whitelisting Addresses (with a 48-hour delay for new addresses), Suspicious Account Activity monitoring (flagging impossible logins without storing IPs), and Phone Call Detection (blocking fund transfers during active calls without a verification code). Casa CEO Nick Neuman emphasized that these features directly combat scammers manipulating victims into losing their life savings.
CryptoRank (opens in new tab)South Korea's National Tax Service (NTS) is moving to select a private custody provider for seized crypto assets. In February, NTS accidentally exposed a wallet seed phrase in a press release, triggering unauthorized transfer of confiscated tokens worth ~$4.8M.
Cointelegraph (opens in new tab)Law enforcement agencies from the U.S., U.K., and Canada have launched a joint initiative called Operation Atlantic to disrupt cryptocurrency fraud schemes known as approval-phishing attacks. According to the Ontario Securities Commission (OSC), these scams trick victims into granting wallet permissions via fake alerts or pop-ups that appear to come from trusted apps, allowing criminals to seize control of crypto wallets and execute irreversible blockchain transactions. Building on earlier efforts like Project Atlas and Operation Spincaster, the initiative will focus on the real-time disruption of scams, issuing victim warnings, and providing guidance on securing compromised wallets and recovering stolen assets.
CoinDesk (opens in new tab)The most powerful quantum computers reach ~1,500 qubits. Breaking ECDSA requires ~2.3 million. Seed phrases (BIP-39) are protected by SHA-256 and remain secure.
CoinDesk (opens in new tab)NFC for wireless transaction signing, Secure Element ATECC608B, fully open source. BIP-39 passphrase support.
BitBox (opens in new tab)Full-size QWERTY keyboard, built-in QR camera, MicroSD slot, 100% air-gapped. Built-in Seed XOR for hardware XOR encryption.
Coinkite (opens in new tab)SLIP-39 is no longer "a Trezor-only standard." Cross-device compatibility of Shamir backups reduces single-vendor lock-in.
Keystone (X) (opens in new tab)Haptic display for tactile seed phrase verification. NFC, Secure Element, full SLIP-39 support. Retail price ~$169.
Trezor (opens in new tab)A third-party email service was compromised. Email addresses and names leaked, but not seed phrases or private keys. The incident highlights the importance of physical security.
Ledger (opens in new tab)