Loading summary
A
Today, we want to start with something contemporaneous that just happened with regard to Unchained, to explain to people exactly how things are still working in crypto and how to keep yourself safe, which is somebody tried to spearfish Laura earlier today. So, Laura, can I have you tell the story of what we were talking about before we went live and what happened?
B
Yeah, so it wasn't today, it was last week. But I had agreed to do a podcast with somebody, and when I logged in, the link wasn't working. And I was getting this notice saying that I had to download some software. And so it's so funny, because they did actually convince me to download the software. And I even got to the point where I even executed a terminal command. And here's the crazy part. The whole time, like, if you look at the screenshots of my conversation with this person, the whole time, I kept saying, oh, this is how people get hacked. And I. Because initially, I kept refusing to do all the things. And I have covered hacks. I've covered, you know, phishing attempts. I've covered just all kinds of scams in crypto. I was, I think, the first person to write about sim swaps back in 2016. And even before crypto, I covered personal finance, I covered identity theft. I covered so much about scams and social engineering. Like, I interviewed the main social engineering people well before I ever got into crypto. So it's just so funny because I keep saying to this person, oh, but, you know, I, like, I would refuse them, and then I would be like, this is how people get hacked. But so here's the thing. Like, now I realize, okay, here is how this person got me to override all of my internal alarm bells and all my learnings. They said, oh, well, it's a special crypto podcasting platform. And they sent me the link to the X account. And I looked at this, you know, x account, and 153 people that I follow are following this account. And I was like, oh, I guess it's a crypto podcasting platform I've never heard of. And so then the notion that, like, maybe I actually needed to download some special software was no longer so strange. But I also remember that I had this moment where I was like, I feel like I should tweet to ask my followers if this is, you know, like, I. But then, because this person kept messaging me that. And so I just kind of, like, didn't do these things that floated through my head. And then when. When the software, of course, didn't Work. Then he was like, oh, well, there is these like terminal instructions. And even that, I was like, what the hell? Like, I just was. And I think I said no again multiple times. But then they were like, no, no, no, I swear, like all these people use it and I think they again, use the X account. So anyway, point is, the good news is I don't think I lost anything. I didn't have, like, I have to. There's a lot of things I have to do because I had to reset my computer to factory settings. I had to take it offline. Like, there were just a lot of things I had to do. And so even today, I'm still downloading apps that I use, I'm still logging into them. Like, there's, I'm still changing passwords. There's kind of like a lot that's going on. But yeah, it's just funny and embarrassing because, like, I knew all the things. I knew I had so much knowledge. I'm literally trying to teach the guy about social engineering and, and how, you know, and anyway, so yeah, I still, I still didn't listen to myself. And that's exactly how social engineering works. It's exactly. It preys upon your desire to be a nice person. And oh, and by the way, you know this quote unquote podcast, like, of course, you know, I looked it up on YouTube and yeah, it's a legit podcast, but is that account that was trying to get me to do all those things, were they really connected to, you know, that group? Probably not. In fact, like 99.999. Not so. Yeah. Last thing I'll say is just Seal 911. They've been on the show so many times, everybody always talks about them, but they truly are an amazing resource and they helped me, you know, over the weekend. And yeah, they yelled at me a little bit too, but I deserved it. So that's, that's basically, that's the story.
A
No, and I think you raised some interesting threads in there, which is if you think about like this is something the banking industry struggles with as well. Right. If you think about the threat vector of social engineering attacks, even people who are informed about how they work do fall for them because the attackers are trying to prey on you at the exact moment where your mind is occupied with other things and you are not fully aware. And that's one reason they always try to create time pressure. Like, we need you to log in for this podcast. Oh, the cutoff is coming at 4pm oh. So rule number one for anybody when you have somebody on any form of social communication or even texts applying time pressure to you and you're not certain about something, the first question you ask is, is this truly catastrophic if I don't do it? And if the answer is no, just don't do it, it'll be fine. Like, let that go number two from some of the good security researchers. I've been told the easiest rubric to not fall for these things is have a set of rules that you never, ever, ever violate, ever. Like, sorry, I don't download programs or click links like at all. If that is what your podcast requires, I cannot do it. Go tell everybody right now. The answer is never. And then, by the way, always blame your infosec people. If you want to be a nice person, you don't need to own this decision. You could be like, I'm not allowed to. I don't have the authority to like punt it. But like, don't ever for that reason. Because once you create a rule with yourself that you're internally consistent on that you cannot violate, it makes those tactics work less well. 3. One thing I do individually because like, there have been a bunch of compromised, like Telegram attacks recently where I have people trying to get me to click on things and download things and join meetings and whatever, Just always put the link into an AI model and ask, is this a scam? You'd be shocked at how good they are being like, yeah, I don't trust that. Like, that's definitely never real. And don't copy the text, copy the actual link and put it in there. And very frequently they will shut you down. But like, I want to raise one other thing that I was saying that Rahm reacted to Rahm, I was telling people, part of the way that I've become semi immune to these attacks now is I looked at the value of self custody compared to the risk and I hold all of my crypto in ETF flow now. Like, what would you have to say to that? What do you Advise people?
C
Yeah, 100%. 100% ETFs are safe, secure, you've got the implicit backing of BlackRock and their net equity. You get liquidity, you get cross margining, you get convenience of an integrated statement. So yes, the vast majority of people should be using ETFs to manage their digital asset exposure.
D
Is it only BlackRock? I digress. Anyway, you know, I think there's a couple other hygiene things you can do. To the extent that you want to have self custody, that's fine. Know, really advise people to use a hardware wallet where you can, and there's some amazing ones out there. I'm going to admit something to you guys, never told anybody before, but I got hacked. I got hacked a couple years ago, it was a Friday, had a couple beers and the good news was that I kept good hygiene. I'd put most of the stuff that was that I wanted to on that hardware wallet, but I was messing around, clicked on something and they stole my Snoop Dogg nft. And you know, it still hurts to this day, but it was, it was, I'm glad it happened because it was such a stark reminder like you're in the big leagues, you cannot mess around. I also think that this is going to get much worse going forward. On the social engineering we need solutions, we need tech solutions. You know, every time you're on the, anytime you're, you're, you know, your voice is out there, they've got your voice, they've got your likeness and it's going to get much, much tougher. And so while I do think security across crypto is actually going to exponentially improve as we start finding age old vulnerabilities, I do worry about the social engineering attack vector. That's why I'm bullish on like proof of human type solutions out there that can really identify humanness. So lot to take away from this one.
C
Guys, last one on that. The read through could be negative for crypto brokerage firms because ETFs are an implicit form of competition because the security benefits they confer.
D
Well yeah, with an ETF you're outsourcing a lot of the security, the cyber. I'm seeing this in real time right now with my transition. And when you look at crypto, decentralization is something we all believe in, we all think is wonderful and, and, and it's really important that that persists. But that doesn't mean intermediaries are going away. And the question is, is do you want to pay them? Do you want to hand over some of that sovereignty for some of the value that they can give you? And for many people the answer is yes. And that's fine that I think that's what we're talking about here.
B
I mean I think for anybody prominent like, you know, where you have a public Persona that is associated with crypto, it makes a lot of sense to have somebody else in charge of your. And so that's why, yeah, like for me, like I don't know why they were targeting me. Maybe they don't know that. I just don't really Even have that much. But, yeah, I would say, you know, I. I know people who, you know, they'll like. Well, I don't. I don't know how public they are about this. I don't want to get into too much detail, but. But there are people that you all know in crypto who go to extremely great lengths to not have anything, even if their face is known. They try to not have anything with their name that would identify, like, where they live or what other accounts they have. Like, you know, so just, there's so many ways, you know, to. To kind of get around this. Like, you don't have to just become a hermit, but these are things that if you are publicly affiliated with crypto, you should definitely be thinking about.
A
And I think that has broader implications, Laura, to bring this all the way back around to where you started with fraud and identity theft writ large. Because these same tactics are going to be happening with banks, right? With payments companies, with. You get that phone call that is using the perfect AI voice of your kid, like, hey, I had a car crash. I need money. Right? Like, we've all heard these stories, and I would just remind people we're in a threat space where this stuff gets more intense. They're going to try to use your own emotions and, like, behaviors against you. And awareness really matters. Recovery matters. But this is one area where, as Ram was saying, there's going to be a market opportunity for people who figure out how to interdict these things as well. Like, that might be a positive use case of AI for the world, but we will see.
D
So, speaking of interdictions, we are coming up on the 250th anniversary in the United States, and I do still think there's a strong policy response that we should see, which is to allow the private sector to recover, to recover these assets. And so I'll keep speaking about it till I'm blue in the face, but give me the privateers.
A
So whoever recovers Laura's money that was lost in this crypto, I don't think
B
I lost, if any.
A
We'll have you on this show to explain how you did it. There we go. We could promote our privateering right there. But no, joking aside, Laura, we were talking about that. I just think it's good for the world to occasionally get the reminder on security and, like, how sophisticated these schemes are and what can happen. So thank you very much for explaining that. Remember, everybody assume the account is compromised. Do not click the link.
B
Yeah, well, thanks for inviting me last minute. Just pop in and Talk about my pie tail. Which, yeah, is definitely a lesson for everyone.
A
It really does matter though, like every incremental gain we get here. Like, I want to remind people of the scale of this problem is tens of billions of dollars are scammed like annually just out of America. If you look at like the taxonomy of the pig butchering scammers who are operating out of Cambodia or like some of the Russian scam farms and things like that, this is a very severe problem that's destroying lives. So if you're in this space at all, you need to think about this. You need to act on this stuff. You need to take it seriously.
D
Yeah.
A
All right.
B
All right. Well, have a great show. Thanks so much and I will catch you later.
A
If you like this segment, please, like subscribe and tune in every Monday at 4:30pm Eastern Time. I'm Austin Campbell, the host of Bips and Bips, along with my friends Rahm Alawalia and Chris, Chris Perkins and our slate of exceptional guests. Every week we're going to discuss macro, crypto and the collision of worlds, covering topics that move markets and shape the financial landscape.
E
If you hold crypto on your phone, your biggest vulnerability isn't your wallet, it's your carrier. AT&T Verizon and T Mobile have been breached again and again, and SIM swaps are still one of the easiest ways for attackers to drain accounts. That's where Kape comes in. America's privacy first mobile carrier, same premium service, but Kape rotates the identifier on Your Sim every 24 hours, deletes your call and text metadata after a day, and protects against SIM swaps with a 24 word recovery phrase that only you control. You also get two middle to end encrypted secondary numbers for banking and signups, so you stop handing your real number to every app that asks. Go to Cape Co Unchained and use code unchained for 33% off your first six months.
Date: July 2, 2026
Host: Laura Shin
In this special episode of Unchained, Laura Shin shares a firsthand account of a recent, highly sophisticated spearphishing attempt where she was nearly compromised by a fake podcast invite. The conversation delves into the realities of modern social engineering schemes in crypto, why even experienced professionals are vulnerable, actionable security advice, and the broader implications for both individuals and industries. The panelists—Austin Campbell (A), Rahm Alawalia (C), Chris Perkins (D), and Laura Shin (B)—reflect on lessons learned, offer personal anecdotes, and emphasize the urgent need for better hygiene and emerging solutions in security.
(00:24–04:25)
The Incident:
Laura describes how she was targeted with a fake podcast invite, which requested she download unfamiliar software and even execute a terminal command. Despite her expertise in covering scams and social engineering, she found herself talking through the exact steps she knew to avoid, succumbing to the attacker’s persuasion.
Psychology of Social Engineering:
The attacker created urgency ("special crypto podcasting platform"), leveraged trust by referencing a well-followed X account, and used persistence. The legitimacy of the supposed platform and social proof lured even a trained journalist.
Aftermath & Recovery:
Laura reset her computer to factory settings and went through a comprehensive recovery process—changing passwords, re-installing apps, and seeking help from SEAL 911.
(04:25–06:56)
Exploiting Time Pressure:
Austin comments on how attackers strike when victims are distracted, using urgency as a weapon:
Immovable Security Rules:
He recommends having inviolable personal security rules—such as never downloading software for a call or clicking unknown links.
Use Blame Shifting to Infosec:
To deflect pressure, blame your organization’s infosec policy as the reason for refusal.
Practical AI Checks:
Austin suggests putting suspicious links into AI models to double-check legitimacy, an emerging practical tool.
(06:56–09:36)
Pro-ETF (Exchange Traded Funds) Arguments:
Rahm advocates for crypto ETFs as a safer, more convenient option for most people, with benefits like security, backing from major institutions, and liquidity.
Balance With Self-Custody:
Chris admits to being hacked and losing an NFT after clicking something he shouldn’t have, reinforcing the stakes.
Hardware Wallets & Operational Security:
For those choosing self-custody, hardware wallets remain highly recommended, especially for public figures in crypto.
Future Challenges:
Chris forecasts social engineering will get worse with AI-powered voice and likeness spoofing. He’s optimistic about ‘proof of human’ solutions to help.
(09:36–11:08)
Security Practices for Public Figures:
Laura describes how prominent crypto personalities go to extreme lengths to obfuscate personal ties and assets, and suggests others consider similar precautions.
General Threat Landscape:
The risks extend beyond crypto: banks, payments, and even personal interactions are susceptible to AI-enabled scams (e.g., fake calls mimicking loved ones in distress).
Market & Policy Opportunities:
The panel notes that robust security could become a market differentiator and that both private (recovery services) and policy (possibly allowing private sector asset recovery) responses are needed.
(11:08–13:08)
Scale of the Problem:
Austin underscores that scams siphon tens of billions annually in the U.S. alone, naming “pig butchering” and international scam rings as notable threats.
Simple Advice:
“Assume the account is compromised. Do not click the link." (Austin, 12:09)
Laura’s Closing Thought:
“It really does matter though, like every incremental gain we get here... if you're in this space at all, you need to think about this. You need to act on this stuff. You need to take it seriously.” (Austin/Laura, 12:34)
This summary captures the core messages, personal wisdom, and practical advice delivered with the panel’s candid and sometimes self-deprecating tone, aiming to equip both crypto veterans and newcomers with actionable awareness.