Crypto thieves are getting more creative as digital asset prices hit new highs. In the United Kingdom, one of the more popular new tricks involves impersonating the police. A recent, sophisticated scam highlights this trend, leading to one victim losing £2.1 million, or about $2.8 million, in Bitcoin. The North Wales Police have now issued an urgent warning about the incident.
The scam, covered by both the BBC and Decrypt, shows how cybercriminals are using psychological tactics to fool even experienced users. It all started when the victim received a phone call from someone claiming to be a high-ranking British police officer. The scammer wove a tale, saying the victim’s personal details were found on a suspect’s phone. This story was designed to create fear and a sense of urgency. The fake officer then instructed the victim to “protect their assets” by logging into their hardware wallet.
Trusting the instructions, the victim clicked a phishing link provided by the criminal. The link led to a fraudulent website that looked identical to the real one. There, the victim entered their seed phrase. This was the critical mistake. A seed phrase is a master password that can restore a crypto wallet. With this information, the scammer was able to reconstruct the wallet and steal all the funds within minutes.
Scammers Target Experienced Bitcoiners
North Wales Police called the incident part of a “new and alarming trend.” These attacks are specifically aimed at experienced cryptocurrency owners who use cold storage devices. These devices, like hardware wallets from Ledger and Trezor, are normally considered very secure because they are not connected to the internet.
Police believe the victim’s data was likely compromised in a previous data leak. This allowed the scammer to launch a highly targeted attack. The cybercrime team is now trying to trace the stolen funds, but it is unclear if the Bitcoin can be recovered.
To prevent similar thefts, authorities have outlined some key precautions. They stress that neither the police nor any legitimate company will ever contact someone unexpectedly to discuss their crypto holdings. They will certainly never ask for a seed phrase. Officials advise people to ignore these types of suspicious calls. If you want to verify a call from the police, hang up and call the official 101 number yourself. They also urge crypto owners to only ever enter their passwords or seed phrases directly into their physical cold storage device, usually during setup or recovery.
This case shows how criminals are shifting their tactics. They are now using clever social engineering schemes to exploit even the most careful investors. Earlier this month, the FBI issued a similar warning. They noted scams where fraudsters pretend to be from law firms to target people who were already victims of crypto theft. The FBI’s advice is to adopt a “zero-trust model” for any and all unsolicited communications.