The biggest crypto security threat is persuasion: an adviser playbook for HNW families

Phishing and impersonation drive many high-value crypto losses. A practical playbook for advisers and families to reduce avoidable harm.

Introduction

Many people think crypto losses happen because 'someone hacked the blockchain'. In reality, high-value losses increasingly happen because someone convinced a human to do the wrong thing. This matters for HNW families because: • they are target-rich (wealth signals), • they are time-poor, • they often delegate admin, • and they may not rehearse 'what to do under pressure'.

Key takeaways

• Social engineering beats technology because it targets people, not systems. • Most attacks rely on urgency, authority and shame: 'act now', 'we're support', 'your account is compromised'. • A strong defence is a written household process: verify, slow down, separate roles, log steps. • Bitzo's value is turning best practice into an executable family plan, not just advice.

Why persuasion works so well

Attackers do not need to break encryption if they can: • impersonate a platform, • impersonate a lawyer/accountant, • spoof an 'executor' or family member, • trigger a panic response, • get the client to 'confirm' access. They exploit: • urgency, • authority, • confusion, • fear of loss, • embarrassment.

The seven scripts HNW clients are most likely to face

1. 'Your account is compromised' – move funds immediately to 'safe wallet'. 2. 'Compliance review' – provide documents, seed words, recovery codes. 3. 'Support ticket' – click link, install remote tool, approve signing request. 4. 'Recovery service' – pay upfront fee, share sensitive details. 5. 'New device login' – verify with code/QR, attacker captures session. 6. 'Executor / probate urgency' – 'we need access today' during bereavement. 7. 'Friend / colleague intro' – trusted referral angle to lower defences.

A household security process that actually works

The goal is not paranoia. It is a repeatable ritual. 1) Two-channel verification If a message arrives by email, verify by a second channel you already know (saved phone number, known portal). Never use the contact details inside the message. 2) The pause rule Any urgent request involving crypto gets a mandatory pause (even 15 minutes). Most scams collapse when urgency disappears. 3) Role separation Decide in advance: • who receives messages, • who approves actions, • who executes transfers, • who is the escalation contact. One person doing everything is where persuasion wins. 4) A clean device rule Sensitive actions happen only on a known, updated device. Not on a borrowed laptop, not on a rushed phone session, not via screen-share. 5) A logging habit Write down what happened (time, channel, request, action). This prevents confusion and makes it easier for professionals to help.

How this connects to inheritance

Bereavement is the highest-risk period: • families are stressed, • executors are learning quickly, • people are more likely to accept 'help'. That is why crypto continuity must include anti-impersonation controls, not just 'where the seed phrase is'.

Where Bitzo fits

Bitzo's role is to turn scattered best practice into a family-ready process: • documented controls, • clear escalation steps, • continuity planning for incapacity/death, • a structured approach professionals can introduce confidently. Related reading: Security, Inheritance, and How It Works.