Crypto Wrench Attacks: Physical Security for Crypto Holders

Crypto wrench attacks rose 75% in 2025, with 72 confirmed incidents globally resulting in over $40 million in losses. As more holders move assets into self-custody, the physical security of that setup has become as important as the digital side. This article covers how these attacks work, how targets are selected, and what concrete steps reduce exposure.

What Wrench Attacks Are and Why They Are Rising

The term "wrench attack" comes from a cryptography thought experiment: no amount of digital security stops a determined attacker who can simply threaten the holder in person. In practice, these incidents range from street robberies and home invasions to kidnappings where victims are held until they transfer assets under duress.

CertiK tracked 72 confirmed incidents in 2025, up from approximately 41 in 2024, with total losses exceeding $40.9 million (CertiK, 2026). Physical assaults within those incidents rose 250% year-over-year. January 2026 alone recorded 11 incidents, suggesting the pace has not slowed. Europe now accounts for over 40% of global cases, with France reporting the highest concentration, including a surge in kidnappings and home invasions in early 2026 (CoinDesk, 2026).

Rising asset prices increase the incentive. The deeper factor is structural: self-custody removes the institutional barrier that stands between an attacker and someone's assets at a traditional bank or exchange. Once an attacker controls your device and knows your credentials, the transfer is final and irreversible.

How Attackers Build a Target List

Most incidents do not begin with a random encounter. Research by TRM Labs found that attacks typically start with digital surveillance, with attackers using multiple data sources to identify worth-targeting individuals.

Public social media. Posts on X, Instagram, or LinkedIn that reference holdings, hardware wallet purchases, or recent trades signal both wealth and the fact that assets are held personally. Appearing at crypto conferences or in media adds to the visible footprint.

On-chain data. Blockchain transactions are public. If a wallet address can be linked to a real identity through an exchange withdrawal, an ENS name, or a tagged address, its current balance is visible to anyone willing to look.

Data breach records. Exchange breaches have exposed customer records including email addresses and approximate holdings. Attackers correlate that data against social media profiles. The intersection of "person with a large balance" and "person with a findable home address" is a workable target list.

Attack values in verified 2025 cases ranged from $5,000 to $50 million, meaning the risk is not limited to high-net-worth holders (CertiK, 2026).

What to Check in Your Own Setup

Reducing exposure to physical theft comes down to two things: reducing your visibility as a target, and limiting what a single confrontation can access.

Lower your public footprint. Remove references to holdings, hardware wallets, or transactions from public-facing social media. Use pseudonymous wallet addresses for on-chain activity where practical. Most attacks begin with digital research, so reducing what is visible reduces the likelihood of being identified.

Distribute assets across locations. Concentrating all holdings on a single device in one place creates a single point of failure. Spreading assets across multiple devices or accounts stored in separate locations means no single robbery gives an attacker complete access. Review how your current setup is distributed at /app.

Use duress features where available. Some hardware wallets, including Coldcard, offer a secondary PIN that opens a decoy wallet rather than the main one. Software wallets including Edge and Deus Wallet offer a similar "Duress Mode." Keeping a small amount in the decoy account makes it more convincing. It is one mitigation layer, not a complete solution.

Consider multi-signature for larger holdings. A multi-signature setup requiring a co-signer in a separate location limits what a single coerced session can drain. Paired with distributed seed phrase storage, it reduces the value accessible from any single confrontation.