Jameson Lopp, one of Bitcoin’s most recognized developers, is urging digital asset holders to treat every unsolicited communication as hostile. The warning comes after a phishing scheme was discovered that exploits Google’s backup contact request forms, turning the tech giant’s own trusted infrastructure into a weapon against unsuspecting users.
The attack works by manipulating the name field in Google’s contact forms to display what look like legitimate security alerts. Those alerts contain phishing links designed to harvest credentials. In other words, the phishing emails aren’t just pretending to come from Google. They’re actually routed through Google’s systems, making them nearly impossible to distinguish from the real thing at first glance.
How the attack works, and why it’s different
By abusing Google’s backup contact request feature, attackers can generate messages that appear to originate from Google itself. The manipulation happens in the name field of the form, where attackers insert fake security alert text complete with phishing URLs. When the target receives the notification, it looks like a standard Google security warning.
Lopp’s advice is blunt: adopt a zero-trust approach. That means independently verifying any communication before clicking links or providing information, even when the message appears to come from a source you trust.
This isn’t the first time Google’s infrastructure has been turned against its users for crypto-related scams. In April 2025, Nick Johnson, the lead developer of Ethereum Name Service, flagged similar tactics where attackers were abusing Google’s platforms to create convincing phishing campaigns.
The AI factor is making things worse
In February 2026, Google’s own Threat Intelligence Group discovered AI-developed zero-day exploits capable of bypassing two-factor authentication.
The numbers tell a grim story. Approximately $17 billion worth of Bitcoin was stolen globally in 2025, with AI-enhanced scams contributing significantly to that figure. The average scam payout jumped by 253% from 2024 to 2025.
What this means for crypto holders
Zero trust, in plain English, means you never assume a message is safe based on where it appears to come from. Got an email from Google about suspicious activity on your account? Don’t click the link. Open a new browser tab, navigate to Google directly, and check your account settings manually.
The 253% increase in average scam payouts also suggests that attackers are increasingly targeting higher-value wallets rather than casting wide nets for small fish.
