Crypto Conferences Scaling up, fraud, security experts warn

Table of Contents

Criminals are using in-person crypto events to launch phishing campaigns and spoofing fraud, Kraken warns.

It’s no secret that Crypto is now mainstream and therefore has become a bigger target. From Dubai skylines to Singapore’s high-tech halls, crypto conferences exploded in size and scope. But on the panel and pitch, Kraken’s chief security officer, Nick Percoco, warns of a troublesome pattern. People in the space may disappoint security guards at precise moments when they need to be more vigilant.

“Personal security hygiene at Crypto Conferences has won a back seat,” Percoco wrote in a blog post. His team at Kraken is quietly observing. What they saw is hard to ignore.

At a recent event, Kraken staff found a deserted laptop with wallet notifications while the owner chatted nearby, and wallet access remained visible. “If you’re in crypto, digital devices aren’t phones or laptops,” recalls Percoco, adding, “It’s a safe.”

In the Crypto.News commentary, Percoco explained that phishing continues to be the most common and effective scam in meetings. Not because they are technically refined, but the nature of these events, including constant networking, QR code scanning, and information sharing, creates the ideal conditions for making a scam for creating a “Minimal Quarting.”

“By leveraging common meeting behavior, attackers can easily distribute malicious links and false scheduling invitations under specialized follow-up. This is a low-friction tactic that does not require technical refinement and can deliver important access and financial rewards if successful.”
Nick Percoco

The meeting has now become a hot target.

Cryptocurrency has always been a social hub, but now it is also a vulnerable Intel gold mine. Percoco shared one scene. A group of meetings openly discussing high-value deals on public sidewalks are openly discussing the straps that display names and businesses in mediocre sights.

If you don’t think everyone is listening, someone is probably. Public Wi-Fi or QR codes can be hijacked easily. Percoco says it’s not paranoia – it’s pattern recognition. Suggestion: Use your burner wallet with minimal funds and do not scan any QR codes that cannot be verified.

“Bad actors use one sticker swap to risk dozens (if not hundreds) of participants in order to replace legal QR codes in their marketing materials with fake codes.”
Nick Percoco

The threat is no longer theoretical. In France, a series of violent attacks on crypto experts emphasize the very real danger that they are too visible in this space.

In January, David Balland, co-founder of Ledger, a company known for Secure Crypto Wallets, was lured from his home at a muzzle. His prisoner severed his finger and sent it to his business partner as proof, demanding a ransom of 10 million euros in code. His wife is later found to be tied to the trunk of a car. Both survived, but the ordeal shook the community.

You might like it too: France brings accusations against 25 with codes luring conspiracy

Attacker? She is young, organized, tech-savvy and reportedly familiar with Balland’s Holdings and Business Ties.

It’s not an isolated case. Other attacks in France have also targeted crypto holders, sometimes extending the threat to their families. These are not online scams. These are physical and intentional adductions. The old “don’t say you’re in the code” rule has become more literal.

Basic mistakes, big consequences

Percoco’s biggest concern isn’t necessarily the complicated hacks. It’s basic situational awareness. Cryptographic people know how to use refrigerated storage. But what if you don’t leave your MacBook Pro, which is locked in a crowded room? Apparently not that much.

“In today’s high-stakes environment, cryptography complacent is not just a personal risk, it is a threat to our wider movement.”
Nick Percoco

That sentiment reflects what A16Z Crypto has been telling the community for months, if not years. In Web3, the boundary is you. A phone number data breaches can be a snowball to full-scale identity theft.

A16Z Crypto security engineer Matt Gleason gathered in a blog post that all information attackers “will be easier and easier to get more.” When your personal data is there, it becomes a waiting game. Gleason advises freezing credits at the credit department, allows for multifactor authentication using hardware keys such as Yubikey, and locks down sensitive apps behind Face ID. SIM protection through a mobile carrier is also essential.

In addition to that, Gleason suggests rethinking your password. Use the manager, create a vault, and do not reuse your password. Also, beware of red flags such as unsolicited calls and unexpected login notifications. The goal is not just to respond, but to make yourself a more difficult target.

A cultural change may be needed

Back on the floor of the meeting, Percoco urged participants to adopt a more security-oriented mindset. He particularly emphasized the importance of verifying identity, avoiding sensitive discussions in public areas, keeping an eye on personal belongings and avoiding free charging stations where malware can be installed via a method known as “juice jacking.”

According to Percoco, attackers don’t work randomly. They often evaluate visible details such as strap name and company affiliation to quickly identify high-value targets such as developers, DAO contributors, and startup teams. Once a target is selected, you may receive a phishing link disguised as a calendar invitation or zoom call designed to establish footing on the victim’s device. As Percoco says, the first step could be “everything you need to violate the device and move laterally from it.”

This is not about paranoia. It’s about catching up to reality. As the crypto industry gains legitimacy, it has gained its enemies, from state-sponsored hackers to opportunistic criminals. Security culture needs to evolve with that.

Percoco also believes there is no silver bullet to completely eliminate scammers from industry events. However, he noted that he has already collected important attendance data, including names, emails and phone numbers, for legitimate logistics purposes. In the wrong situation, the same data can be “utilized by malicious actors under the right circumstances,” he added.

The A16Z Crypto emphasizes that cybersecurity is “no longer an option,” and moves forward what has become “need.”

read more: Crypto Wallet Maker Ledger regains control after a phishing attack