Casa Blog - Bitcoin Security Made Easy
Featured Bitcoin Security AI cryptography Deepfakes Product Updates

Nice try, AI: Introducing new deepfake-resistant verification codes

by Jameson Lopp 4 min read

As bitcoiners, we often say “don’t trust, verify,” but in an age of AI-generated content, it’s becoming increasingly difficult to verify anything you see or hear on a computer, and this impacts how you secure your bitcoin.

Casa has long taken proactive measures to try and detect when a client is being spoofed, but the time has come to take those precautions one step further. Recently, Casa rolled out deepfake-resistant verification codes aimed at protecting our clients’ bitcoin from imposters. This new feature is available for Premium, Enterprise, and Private Clients.

The reality of deepfakes

Deepfakes are a form of AI-produced media that closely resemble real-life subjects and settings. They can be in the form of audio and/or video.

As a concept, deepfakes have been around for a long time, dating back to celebrity soundboard calls in the 2000s. But the technology has grown much more nuanced in recent years through deep learning algorithms and generative AI. 

While there continue to be humorous examples on social media, bad actors have begun to use deepfakes in phishing and social engineering schemes targeting individuals and businesses. Recently, an employee at an international financial firm was scammed out of $25 million after thinking he was having a video call with the chief financial officer. We’ve observed a similar trend with bad actors spoofing crypto industry employees.  

Not much data is required to produce a deepfake. A bad actor can use a clip of a few seconds to mimic your voice, and they can do the same with your appearance with just a profile picture from a social media platform. 

How deepfakes affect your bitcoin

Scammers can deploy deepfakes against you in a number of ways. They can call you over the phone and impersonate a loved one’s voice. They can send a DM with a fake video. And there are sophisticated tactics where deepfakes can simulate a live encounter.

At Casa, we provide live support via video for our Premium, Enterprise, and Private Clients. This option is a vital lifeline during sensitive actions performed upon significant wealth. When you’re setting up hardware or transacting, we want to ensure we’re talking with the real you, and you should know you’re talking with the real Casa.

What Casa is doing about it

It takes a trained eye to know how to spot a deepfake, and this can be expected to grow more difficult with time as text-to-video generation becomes more polished.

The best way to combat a deepfake is simple: verify using an out-of-band form of communication. This means verifying using a method of communication separate from the one in question. It’s a good security practice to adopt in general, even outside of deepfakes.

So, we built a feature for verifying out of band. Our deepfake-resistant codes provide a two-way verification that you’re speaking with a real Casa team member, and Casa is speaking with you.

casa-advisor-verification-code
You and your Casa Advisor can protect against imposters through verifying a set of six-digit codes.

How it works

Imagine this scenario. You’re replacing a key for a 5-key vault, for which you’re receiving live guidance on a video verification call, but you don’t know if your eyes are deceiving you. You can’t tell if the person on the other end is really from Casa and vice versa. 

With the verification codes, we establish shared cryptographic keys between your account and Casa’s systems. This allows your Casa app and authorized Casa employees to deterministically generate codes in real time to confirm the authenticity of their counterparty.

In practice, you can navigate this within the Casa app. Under Settings, go to Verification Codes. 

When prompted on a call, select My Verification Code and read it aloud to the Casa Advisor. 

This code is time-based so it will refresh once the allowable time has elapsed.

If the code matches what the Casa Advisor has on their end, they will offer you the Casa Advisor Verification Code. This process works similarly to the above, only this time you’re the one verifying. If the Casa Advisor gives you a code that matches the six-digit code you see in your app, feel free to proceed.

However, if the Casa Advisor reads you an incorrect code, assume you’re dealing with an adversary. Abort the call. Avoid any further contact with the person in question and contact our team immediately at viphelp@team.casa. 

For more detail about this feature, read more at our Support Center. 

In conclusion

Looks can be deceiving, and they’re only going to get more deceiving as deepfakes grow in their capability. We can all take action now to stay ahead. Casa’s deepfake proofing PIN verification is one small way our team is working to keep you and your bitcoin. For real.

Want to learn more about Premium, its advanced features, and other maximum security plans? Book a consultation here for a live demo.

Never miss a Casa update

Want to ensure you're staying current with your protection? Our weekly Security Briefing is free to join. Sign up below for bitcoin security news, special offers, and other analysis delivered right to your inbox.

Read more posts by this author

Jameson Lopp

Jameson Lopp is co-founder and Chief Security Officer of Casa. He is passionate about creating tools to empower individuals; he has been building bitcoin wallets since 2015.

The link has been copied!