Travelers who use public internet hotspots can expose crypto accounts to “Evil Twin” WiFi attacks, according to security experts cited by Cointelegraph. The threat matters because victims often connect when tired, rushed, or without mobile service.
In an Evil Twin scenario, attackers clone a trusted network name and lure devices onto the fake connection. From there, scammers can push victims toward credential theft and account takeovers.
Security experts told Cointelegraph that criminals often clone legitimate WiFi networks in crowded places. They target airports, cafes, hotels, transit hubs, conference venues, and tourist areas where people seek free access.
Steven Walbroehl, co-founder of cybersecurity firm Halborn, said these crypto attacks thrive in high-traffic locations. Many venues also run multiple access points with similar names, which can confuse users.
Authorities have linked the tactic to real-world cases. The Australian Federal Police charged a man last year for allegedly setting up fake free WiFi at an airport that mimicked legitimate networks to capture personal data.
An Evil Twin network does not automatically empty a crypto wallet, Walbroehl told Cointelegraph. The bigger risk starts when users share sensitive data while connected.
Attackers can intercept traffic and harvest Exchange logins, email credentials, or two-factor authentication (2FA) codes. This access can let criminals drain centralized exchange accounts quickly, even without a seed phrase.
The chief information security officer at SlowMist, known as 23pds, said Evil Twins succeed through mistakes, not “magic” decryption. Fake captive portals, login pages, update prompts, or “helper tools” can pressure victims into handing over credentials, and some users still type seed phrases.
Experts urged travelers to avoid high-risk crypto actions on public hotspots, including transfers, security changes, or new dApp connections. In addition, users should never enter a seed phrase, even if a page asks for it.
Safer habits include typing exchange domains manually, using bookmarks, and verifying addresses before sending funds. The guidance also recommends disabling auto-connect, since devices may join familiar-looking networks without warning.
When travelers lack alternatives, a Virtual Private Network (VPN) can encrypt traffic. Still, experts said users should confirm the correct network name with venue staff before connecting.
Additional travel hygiene can reduce damage if something goes wrong. 23pds recommended a three-layer setup: keep main holdings untouched while traveling, use a separate travel wallet with limited funds, and keep a small hot wallet for daily payments and minor swaps.
Cointelegraph also cited a January post from an X user called The Smart Ape, who said a public hotel WiFi session preceded a wallet drain after “stupid mistakes.” Separately, Kraken Security Chief Nick Percoco warned about weak security awareness at crypto conferences in June, underscoring how travel and events can amplify risk.
With more travelers relying on free connectivity, experts expect scammers to keep refining cloned hotspot traps. Consequently, travelers may lean more on mobile hotspots, verified networks, and tighter wallet separation while on the move.
Also Read: Crypto Market Update: $330M Bitcoin Theft, 50% Monero Price Jump & Strategy's Massive BTC Buy