Renowned Bitcoin developer Jameson Lopp has issued an urgent warning to cryptocurrency holders after the discovery of a highly deceptive phishing campaign that exploits Google’s official infrastructure. The attack manipulates a legitimate Google form used for backup contact requests, allowing threat actors to send malicious emails from the company’s own domain — bypassing standard security filters.
Inside the email, attackers insert an oversized block of text into the name field, which visually pushes genuine system content far down the message. At the top, a fake security alert and a phishing link are displayed. Because the link leads to a site hosted on the trusted Google Sites platform, users are further misled into believing it is legitimate. Lopp emphasized that the technical literacy of new crypto users is declining, making them easy targets for such schemes.
In a tweet, Lopp declared five communication channels that should no longer be trusted for incoming messages: email, phone calls, SMS, chat messages, and any other external notifications. He stated: “Any message saying there is a security problem with an account that needs to be urgently fixed is a 🚩.”
The warning comes amid broader security concerns, including Lopp’s involvement in the controversial BIP‑361 proposal to protect Bitcoin from future quantum computers, and Google’s removal of privacy‑related language from Chrome AI feature descriptions — further eroding trust in centralized ecosystems.
