Imagine you’ve just gotten off a 16-hour flight. You’re red-eyed and irritable, but you need to shift some crypto funds in a hurry. The SIM-card shops are closed, so you use the provided “free airport WiFi” to get connected.
Hours later, your crypto has shifted to an unidentified wallet. Unfortunately, you may have been hit with an “Evil Twin” WiFi attack.
Evil Twins clone legitimate WiFi networks
It’s an often-overlooked attack vector, security experts told Cointelegraph. The process involves bad actors cloning legitimate WiFi networks, tricking devices into connecting, and allowing the hacker to intercept network traffic or steal sensitive data.
The Australian Federal police charged a man last year for allegedly establishing fake free WiFi access points at an airport, which mimicked legitimate networks, to capture personal data from unsuspecting victims.
Speaking to Cointelegraph, Steven Walbroehl, co-founder of cybersecurity firm, Halborn said “Evil Twins” are most common at airports, cafes, hotels, transit hubs, conference venues, and high-traffic tourist areas, where many people look for free WiFi.
23pds, the chief information security officer at SlowMist, said Evil Twins are “more common than people think,” and there are still plenty of people who “absolutely fall for it.”
Source: Winston IghodaroAn Evil Twin network alone won’t drain crypto
However, Walbroehl said just joining a fraudulent WiFi network doesn’t always mean losing crypto, provided a user doesn’t send their private key, seed phrase, or sensitive information while connected.
“Even if someone doesn’t see your private key, capturing your exchange credentials, email, or 2FA codes can let attackers drain centralized crypto accounts quickly,” he added.
Beware of fake login pages and prompts
23pds said this type of attack will nudge victims to reveal their information after joining the network through fake login pages, updates, prompts to install a helper tool, or “worse case, tricked into typing their seed phrase,” which “still happens way too often.”
23pds said the most practical ways to stay safe are by avoiding high-risk crypto actions like transfers, changing security settings, or connecting to new dApps while on public WiFi.
Related: Social engineering cost crypto billions in 2025: How to protect yourself
It’s also best practice to never enter a seed phrase even when asked and to use bookmarks for exchanges or type the domain manually, avoid clicking search ads and manually check all addresses rather than just copying and pasting, they added.
Using your own mobile hotspot, private networks, and disabling auto-connect on devices can help avoid falling prey to an Evil Twin attack as well, according to Walbroehl.
However, if there is no other option but to use public WiFi, a trusted VPN should be used to encrypt traffic, while one should only join networks verbally confirmed by a venue staff member as being legitimate.
In January, an X user with the handle The Smart Ape revealed that their crypto wallet was drained after using a public WiFi network at a hotel and a series of “stupid mistakes.”
While the attack didn’t involve an “Evil Twin” network, it did show how bad actors can use a public network to trick users and steal crypto using similar tactics.
Source: The Smart ApeOther security tips for crypto while traveling
Kraken’s security chief, Nick Percoco, sounded the alarm in June about the lack of security awareness at crypto events such as conferences.
23pds said a good approach to protecting your crypto while traveling is to adopt a simple 3-layer setup. Don’t touch your main holdings while out. Create a separate travel wallet with a limited amount of funds, and use a small unconnected hot wallet for daily use, payments, small swaps, or minor dApp interactions.
Magazine: When privacy and AML laws conflict: Crypto projects’ impossible choice
Source: https://cointelegraph.com/news/evil-twin-wifi-attacks-crypto-security?utm_source=rss_feed&utm_medium=feed&utm_campaign=rss_partner_inbound
