Digital Assets
Why the $5 Wrench Problem Is Crypto’s Biggest Threat
As cryptocurrency prices experience a meteoric rise, so do the crimes targeting the holders of these digital assets.
While crypto boasts superior security compared to traditional finance (TradFi) systems thanks to the foundation of decentralized blockchain technology and cryptography, it is just as, if not more, vulnerable to hacks, thefts, and attacks. In fact, wrench attacks in particular have been growing significantly over the last few years.
A recent CertiK report claims a total loss of nearly $41 million across 72 crypto wrench attacks in 2025, making it the record year for the number of incidents and total losses. These figures highlight a fundamental weakness in security systems; while digital protections can be extremely robust, the human element remains highly vulnerable.
What is a Wrench Attack?
A wrench attack, often called a “$5 wrench attack”, is a real-world attack on a crypto holder that’s used to steal their digital assets by forcing them to give up their access credentials or transfer funds.
In these attacks, criminals use physical force, threats, and violence to obtain sensitive information such as passwords and private keys to digital wallets that grant them access to the victim’s crypto.
The term ‘wrench attack’ comes from a famous satirical XKCD comic that illustrates a simple idea: instead of breaking complex encryption, the attacker simply threatens someone with a cheap wrench until they reveal their password. Wrench here is just a metaphor; criminals are using knives, firearms, and other weapons to get their victims to do their bidding. Rather than breaking sophisticated systems, perpetrators break people in this attack.
The harsh reality is that criminals prefer this method of extracting funds from their victims, as they don’t have to spend months on cyber work, such as developing malware to hack a system. They can simply scare the owner into handing over the keys, gaining instant access.
While cryptocurrencies are built on sophisticated blockchain technology, attackers don’t need to use resources or advanced techniques to break crypto wallets or devices. Instead, they exploit human vulnerability by using intimidation or violence to force victims to reveal their PIN or seed phrase or transfer funds.
In this low-tech threat, attackers completely bypass digital infrastructure to target the crypto holder directly, so no matter how secure the wallet or device is, a crypto owner is almost always at risk of a wrench attack.
Why Does Wrench Attack Happen?
Wrench attacks happen because crypto’s unique characteristics make holders attractive targets. Funds are controlled solely by private keys, transactions are irreversible and pseudonymous, and there’s no central authority to freeze or recover stolen assets. Criminals know that one successful attack means instant, lasting financial gain.
Cryptocurrency is a digital currency that operates on decentralized networks, using distributed ledgers to record transactions. Unlike the traditional financial system, which relies on banks and other intermediaries to verify transactions, crypto eliminates these third parties and allows anyone from around the world to send and receive payments.
There is no centralized authority either. A crypto network isn’t controlled by an individual, corporation, central bank, or government; it is governed by a network of computers that utilize blockchain technology to transparently record, verify, and maintain transactions. This decentralized network ensures that the system is immutable and secure.
Crypto is entirely digital. The coins exist only as data on a blockchain and have no physical form, unlike paper money. Cryptocurrencies are created, stored, and transferred electronically using cryptographic algorithms and peer-to-peer networking.
Their decentralized, trustless, and permissionless nature offers many advantages over the TradFi system, which is characterized by centralized, regulated, and often slow processes.
Digital currencies offer 24/7, transparent, cost-effective, and rapid global transactions. These same characteristics make crypto holders vulnerable to physical attacks.
“The promise of the technology itself is this idea of cross-border value transfer at the speed of the internet,” Ari Redbord, head of global policy at blockchain intelligence company TRM Labs, said in an interview. However, “bad guys also want to move funds, and transactions are irreversible, which makes it very ripe for this type of activity,” he added.
Unlike traditional bank accounts, crypto is stored in digital wallets that individuals often control directly. By allowing people to control large amounts of their wealth without intermediaries through private keys or seed phrases, it enables them to become their own banks and makes them solely responsible for their wealth.
If these keys are obtained by criminals, the funds can be transferred instantly. Unlike banks, which set limits on the amounts that can be transferred in one day and flag suspicious activities, crypto has no such restraints.
With crypto having no central authority, there’s no one to appeal to for freezing or recovering funds either.
The immutable nature of crypto ensures that every transaction is final, so once funds have been transferred, they can’t be reversed or recovered. One can lose their crypto wealth permanently.
Crypto transactions are pseudonymous, which makes them attractive to criminals. As Bitcoin and altcoins gain legitimacy, mainstream adoption, and value, many have accumulated crypto wealth in a relatively short time. All this wealth is usually held outside traditional oversight, making it vulnerable to wrench attacks.
While wallet addresses keep their holders’ identities anonymous, they often expose themselves by showcasing their wealth on social media or by sharing wallet balances, making them targets.
A successful wrench attack requires low effort but offers criminals quick, untraceable gain.
How Does a Wrench Attack Happen?
Wrench attacks are increasingly popular among criminals for stealing cryptocurrency. They allow criminals to bypass sophisticated digital security through physical coercion while being fast and low-cost.
But wrench attacks aren’t random; they involve planning. The process generally starts with identifying a target. To find their next victims, criminals turn to publicly available information, such as social media posts, forums, interviews, or blockchain data, which is accessible to everyone.
Those who publicly discuss their crypto wealth at industry events or on social media become attractive targets. It is also possible that the victim’s close associates, who are aware of their crypto holdings, may betray them by either planning the attack themselves or leaking sensitive information to criminals.
Data leaks are another source utilized by criminals. If a crypto holder uses recycled passwords that were compromised in a data breach, they become a potential target for an attack.
Using these digital sources, criminals identify who holds significant digital assets and choose their next victim in the real world.
Once they have selected their target, the attackers move on to the next step: conducting surveillance. In this step, they try to understand the victim’s routine and gather data about their residence, places they frequent, and the level of security.
Then comes the physical attack, which involves direct confrontation. Some of the common attack methods used in wrench attacks are home invasion, abduction, or street assault.
Sometimes, criminals disguise their attacks through deception, such as fake delivery scams. A detective working on a crypto wrench attack ring told the San Francisco Chronicle:
“They figure out your trends, your life cycle, what do you normally order online, what do you normally order for takeout?”
In some cases, criminals target spouses, children, or elderly parents to compel cooperation.
Under duress, victims are forced to unlock their phone and/or wallet, reveal their private keys, or transfer funds right on the spot. Because the victim is physically present and being coerced, even the strongest cryptographic safeguards become irrelevant here.
How Wrench Attacks Differ from Digital Schemes
Wrench attacks are different from traditional cyberattacks. Digital schemes such as hacking, phishing, or malware attacks are designed to exploit weaknesses in software systems or human error in digital environments. These attacks often require technical expertise, time, and careful execution.
The targeting of technical infrastructure, such as exploiting wallet vulnerabilities, phishing for seed phrases, or hacking exchanges, is often done from remote locations.
In contrast, wrench attacks do not even deal with technological systems; they bypass them by targeting the individual directly through physical means. While a hacker may spend weeks trying to crack encryption or trick a user into revealing credentials, a wrench attacker goes for immediate coercion to achieve the same outcome.
Unlike digital schemes, which require specialized knowledge of blockchain systems for a successful attack, these kinds of attacks require minimal technical knowledge, making them popular among criminals.
As digital security improves, increasing the costs of digital attacks, criminals are turning to the weakest link, the human user, leading to a rise in physical attacks.
Besides the attack itself, the difference between the two lies in the nature of their defenses. One can mitigate a digital attack by using strong passwords, two-factor authentication (2FA), encryption, and security awareness. But wrench attacks render these measures ineffective by forcing cooperation. All digital defenses, no matter how strong, are of no use here because the wrench attacker compels the victim to voluntarily override their own protections.
This way, wrench attacks highlight a critical limitation of cybersecurity: systems are only as secure as the physical safety and resilience of their users.
| Key Area | Current Situation | System Focus | Why It Matters |
|---|---|---|---|
| Attack Method | Cyberattacks rely on exploiting software flaws or network vulnerabilities. | Use physical threats to force victims to reveal access credentials. | Bypasses even the most advanced cryptographic protections instantly |
| Target Focus | Security systems are designed to protect devices and digital infrastructure. | Directly target individuals rather than their technological systems. | Exploits the weakest link in security: human vulnerability |
| Execution Speed | Hacking campaigns often take time, planning, and technical expertise. | Coerce victims into transferring funds within minutes. | Enables immediate and irreversible financial loss |
| Transaction Nature | Banks can flag suspicious activity and reverse fraudulent transfers. | Crypto transfers are final and cannot be undone. | Leaves victims with little to no recovery options |
| Risk Exposure | Wealth is typically distributed across regulated financial institutions. | Individuals directly control large sums through private keys. | Makes holders attractive targets for physical attacks |
| Defense Strategy | Digital defenses focus on encryption, passwords, and authentication layers. | Combine operational secrecy with physical security measures. | Protects both assets and personal safety in real-world scenarios |
The Explosive Growth of Wrench Attacks
Wrench attacks aren’t new, though they’re becoming more common. These violent, physical assaults on crypto holders go back to the early days of Bitcoin (BTC ), before the smart contract pioneer Ethereum (ETH ) was even launched.
About a decade ago, though, these attacks were few and far between. It has only been in recent years that both the frequency and intensity of these attacks have increased. That’s because of the rise in the price and popularity of crypto.
In 2021, Bitcoin prices surged to a high of $69,000, up from the low of $3,800 the asset reached in March 2020 due to the black swan event of the COVID-19 pandemic.
Then, during the 2022 bear market, BTC fell under $16,000 before making a strong recovery over the next few years. During this recent bull run, Bitcoin reclaimed previous highs and saw increased adoption from TradFi and nation-states, gaining legitimacy and mainstream acceptance.
(BTC )
In October 2025, BTC price made a new all-time high at $126,000. Over the past thirteen years, Bitcoin’s price has rallied 100,000% while altcoins like Ethereum (ETH), Solana (SOL ), Dogecoin (DOGE ), and Shiba Inu (SHIB ) have experienced even greater percentage increases in shorter time periods.
These massive increases in digital asset prices made many millionaires overnight, attracting criminals and leading to a surge in violent crimes against cryptocurrency holders.
In the past couple of years, kidnappings, torture, blackmail, robbery, and home invasions have become common.
In 2025, 72 different wrench attacks took place worldwide, up 75% from the previous year, as per a new report from blockchain security firm CertiK titled “Wrench Attacks Report,” which says wrench attacks are no longer an edge case but a real threat to crypto holders.
As for the losses from these physical attacks, they amounted to $40.9 million in 2025, up from $28.3 million in 2024, due to 41 incidents. The real numbers, however, are expected to be much higher.
Geographically, about 40% of these incidents occurred in Europe, with France the most dangerous, experiencing 19 distinct crypto-wrench attacks. It was followed by the US, which recorded eight such incidents.
The report also documents a 250% increase in physical assaults, including kidnappings, home invasions, and even murder. These figures show that wrench attacks are becoming more organized, targeted, and violent, with CertiK warning that personal safety is now an essential part of the crypto risk equation.
The Most Shocking Wrench Attacks
Several high-profile physical attacks have occurred in the crypto space, especially over the last couple of years.
In one incident in San Francisco, attackers posed as delivery personnel to gain unlawful entry into a victim’s home, where they restrained and assaulted the individual before forcing the transfer of millions of dollars in cryptocurrency.
U.S. authorities recently arrested and charged three individuals suspected of conducting the attack. The group allegedly infiltrates delivery accounts like Uber Eats and DoorDash to track victims’ routines and has been suspected of being linked to similar cases in Los Angeles, San Jose, and Sunnyvale.
In another case in Manhattan, an Italian man was kidnapped and held captive for weeks. After the victim refused to give his attackers access to his crypto wallet, he was shocked with a Taser, had a firearm pointed at his head, and was suspended over a ledge. The police arrested three people in the case.
In France, one of the brutal cases involved the kidnapping of David Balland, one of the eight co-founders of hardware wallet Ledger, and his wife. The kidnappers severed one of Balland’s fingers and sent it to his associates, demanding a ransom of EUR 10 million.
Both Balland and his wife were rescued, and several suspects were arrested.
Separately, the father of a crypto entrepreneur was found in the trunk of a car covered in gasoline, while a masked gang made an attempt to kidnap the daughter of a crypto businessman in broad daylight in another violent attack targeting rich crypto individuals last year.
In a recent case, a Canadian crypto entrepreneur survived a kidnapping attempt last month on a busy street of Madrid. The plan was to abduct him and extract his crypto passwords to gain access to his digital assets.
The victim was leaving a restaurant when three men pepper-sprayed him and pushed him into a van. But witnesses called authorities, who tracked the vehicle and arrested two of the attackers, both of whom had no prior criminal record, while one suspect remains on the loose. As per the authorities, the perpetrators tracked the victim from Barcelona to Madrid, where he had gone to complete a crypto deal.
These incidents show that wrench attacks are no longer isolated events but part of a broader and increasingly organized criminal trend.
How to Stay Safe from Wrench Attacks
Good operational security (OpSec) is essential. It’s a proactive, risk management process that prevents the exploitation of critical data by analyzing patterns and potential threats and limiting access to only what is necessary.
In practical terms, this means maintaining a low profile and avoiding public discussions about your crypto holdings, especially online.
“In general, the best thing Bitcoiners can do to stay safe is to remain private. The goal should be to avoid becoming a target,” Jameson Lopp, an early Bitcoiner and co-founder of Bitcoin security provider Casa, told Fortune last year. “Don’t go around telling anyone about your Bitcoin holdings. Don’t flaunt your wealth online or in meatspace. Don’t engage in risk activities such as high-value face-to-face trades.”
Anonymity and discretion are critical in reducing risk. This makes it difficult for potential attackers to identify a target in the first place.
“Remove crypto-related apps from your primary smartphone used in public, and use a dedicated laptop for high-value transactions that never leave your secure perimeter,” noted CertiK in its report.
It also suggested keeping a decoy wallet with a “small but plausible amount of funds that can be surrendered” if attacked by bad actors. Hardware wallets often offer plausible deniability, a feature that allows the owner to create secret or dummy accounts to protect main holdings under duress.
Never keep your hardware wallet and the seed phrase, 12–24 random words that back up the wallet and allow users to recover their funds on a new device if the original is lost, stolen, or damaged, in the same location.
To secure large holdings, consider using institutional custody solutions, which often include insurance and off-site storage, thereby minimizing the risk of physical coercion.
Crypto holders can also use multi-sig wallets that require more than one private key to authorize a transaction, making it harder for attackers to force immediate transfers. Crypto owners should also explore wallets that enable time locks, which enforce a delay before funds can be moved. Even if threatened, funds can’t be transferred immediately.
Physical security is just as important and can be ensured through measures like secure housing, surveillance systems, secure transport arrangements, and awareness of suspicious activity. High-net-worth individuals can look into hiring private security or investing in home protection systems.
On the insurance side, industry heavyweight Lloyd’s of London now provides policies that cover wrench attacks.
Conclusion
As crypto rises in value and gains mainstream adoption, wrench attacks are becoming more common, serving as a stark reminder that even the strongest technological defenses cannot eliminate all risks. This necessitates extending security beyond devices and software to encompass human behavior and physical safety. In a world where individuals can hold vast amounts of wealth independently, they also bear the responsibility of protecting themselves.
So, don’t flex your wealth, invest in a decoy wallet, and enhance your physical security to protect both your wealth and yourself!
