Skip to main content

The Rise of Wrench Attacks: A New Threat to Cryptocurrency Holders

· 8 min read
Dora Noda
Dora Noda
Software Engineer

In January 2025, Ledger co-founder David Balland was kidnapped from his home in central France. His captors demanded EUR 10 million in cryptocurrency—and severed one of his fingers to prove they meant business. Four months later, an Italian investor was held captive for 17 days, subjected to severe physical abuse while attackers tried to extract access to his $28 million in Bitcoin.

These aren't isolated incidents. They're part of a disturbing trend that security experts are calling a "record year for wrench attacks"—physical violence used to bypass the digital security that cryptocurrency was designed to provide. And the data reveals an uncomfortable truth: as Bitcoin's price climbs, so does the violence targeting its holders.

What Is a Wrench Attack?

The term "wrench attack" comes from an xkcd webcomic illustrating a simple concept: no matter how sophisticated your encryption, an attacker can bypass it all with a $5 wrench and the willingness to use it. In crypto, this translates to criminals who skip the hacking and go straight to physical coercion—kidnapping, home invasion, torture, and threats against family members.

Jameson Lopp, chief security officer at Bitcoin wallet company Casa, maintains a database of over 225 verified physical attacks on cryptocurrency holders. The data tells a stark story:

  • 2025 saw approximately 70 wrench attacks—nearly double the 41 recorded in 2024
  • About 25% of incidents are home invasions, often aided by leaked KYC data or public records
  • 23% are kidnappings, frequently involving family members as leverage
  • Two-thirds of attacks succeed in extracting assets
  • Only 60% of known perpetrators are caught

And these numbers likely understate reality. Many victims choose not to report crimes, fearing repeat offenses or lacking confidence in law enforcement's ability to help.

The Price-Violence Correlation

Research by Marilyne Ordekian at University College London identified a direct correlation between Bitcoin's price and the frequency of physical attacks. Chainalysis confirmed this pattern, finding "a clear correlation between violent incidents and a forward-looking moving average of bitcoin's price."

The logic is grimly straightforward: when Bitcoin hits all-time highs (surpassing $120,000 in 2025), the perceived payoff for violent crime increases proportionally. Criminals don't need to understand blockchain technology—they just need to know that someone near them has valuable digital assets.

This correlation has predictive implications. As TRM Labs' global head of policy Ari Redbord notes: "As cryptocurrency adoption grows and more value is held directly by individuals, criminals are increasingly incentivised to bypass technical defenses altogether and target people instead."

The forecast for 2026 isn't optimistic. TRM Labs predicts wrench attacks will continue rising as Bitcoin maintains elevated prices and crypto wealth becomes more widespread.

The Anatomy of Modern Crypto Violence

The 2025 attack wave revealed how sophisticated these operations have become:

The Ledger Kidnapping (January 2025) David Balland and his partner were taken from their home in central France. The attackers demanded EUR 10 million, using finger amputation as leverage. French police eventually rescued both victims and arrested several suspects—but the psychological damage and security implications for the entire industry were profound.

The Paris Wave (May 2025) In a single month, Paris experienced multiple high-profile attacks:

  • The daughter and grandson of a cryptocurrency CEO were attacked in broad daylight
  • A crypto entrepreneur's father was abducted, with kidnappers demanding EUR 5-7 million and severing his finger
  • An Italian investor was held for 17 days of severe physical abuse

The U.S. Home Invasion Ring Gilbert St. Felix received a 47-year sentence—the longest ever in a U.S. crypto case—for leading a violent home-invasion ring targeting holders. His crew used KYC data leaks to identify targets, then employed extreme violence including waterboarding and threats of mutilation.

The Texas Brothers (September 2024) Raymond and Isiah Garcia allegedly held a Minnesota family hostage at gunpoint with AR-15s and shotguns, zip-tying victims while demanding $8 million in cryptocurrency transfers.

What's notable is the geographic spread. These aren't just happening in high-risk regions—attacks are concentrated in Western Europe, the U.S., and Canada, countries traditionally considered safe with robust law enforcement. As Solace Global notes, this "illustrates the risks criminal organizations are willing to take to secure such valuable and easily movable digital assets."

The KYC Data Problem

A troubling pattern has emerged: many attacks appear facilitated by leaked Know Your Customer (KYC) data. When you verify your identity on a cryptocurrency exchange, that information can become a targeting mechanism if the exchange suffers a data breach.

French crypto executives have explicitly blamed European cryptocurrency regulations for creating databases that hackers can exploit. According to Les Echos, kidnappers may have used these files to identify victims' places of residence.

The irony is bitter. Regulations designed to prevent financial crime may be enabling physical crime against the very users they're meant to protect.

France's Emergency Response

After recording its 10th crypto-related kidnapping in 2025, France's government launched unprecedented protective measures:

Immediate Security Upgrades

  • Priority access to police emergency services for crypto professionals
  • Home security inspections and direct consultations with law enforcement
  • Security training with elite police forces
  • Safety audits of executives' residences

Legislative Action Justice Minister Gérald Darmanin announced a new decree for rapid implementation. Lawmaker Paul Midy submitted a bill to automatically delete business leaders' personal addresses from public company records—addressing the doxing vector that enabled many attacks.

Investigation Progress 25 individuals have been charged in connection with French cases. An alleged mastermind was arrested in Morocco but awaits extradition.

The French response reveals something important: governments are beginning to treat crypto security as a matter of public safety, not just financial regulation.

Operational Security: The Human Firewall

Technical security—hardware wallets, multisig, cold storage—can protect assets from digital theft. But wrench attacks bypass technology entirely. The solution requires operational security (OpSec), treating yourself with the caution typically reserved for high-net-worth individuals.

Identity Separation

  • Never connect your real-world identity to your on-chain holdings
  • Use separate email addresses and devices for crypto activities
  • Avoid using home addresses for any crypto-related deliveries (including hardware wallets)
  • Consider purchasing hardware directly from manufacturers using a virtual office address

The First Rule: Don't Talk About Your Stack

  • Never discuss holdings publicly—including on social media, in Discord servers, or at meetups
  • Be wary of "crypto friends" who might share information
  • Avoid displaying wealth indicators that could signal crypto success

Physical Fortification

  • Security cameras and alarm systems
  • Home security assessments
  • Varying daily routines to avoid predictable patterns
  • Awareness of physical surroundings, especially when accessing wallets

Technical Measures That Also Provide Physical Protection

  • Geographic distribution of multisig keys (attackers can't force you to provide what you don't physically have access to)
  • Time-locked withdrawals that prevent immediate transfers under duress
  • "Panic wallets" with limited funds that can be surrendered if threatened
  • Casa-style collaborative custody where no single person controls all keys

Communication Security

  • Use authenticator apps, never SMS-based 2FA (SIM swapping remains a common attack vector)
  • Screen unknown calls ruthlessly
  • Never share verification codes
  • Put PINs and passwords on all mobile accounts

The Mindset Shift

Perhaps the most critical security measure is mental. As Casa's guide notes: "Complacency is arguably the greatest threat to your OPSEC. Many victims of bitcoin-related attacks knew what basic precautions to put in place, but they didn't get around to putting them into practice because they didn't believe they'd ever be a target."

The "it won't happen to me" mindset is the riskiest vulnerability of all.

Maximum physical privacy requires what one security guide describes as "treating yourself like a high-net-worth individual in witness protection—constant vigilance, multiple defense layers, and acceptance that perfect security doesn't exist, only making attacks too costly or difficult."

The Bigger Picture

The rise of wrench attacks reveals a fundamental tension in crypto's value proposition. Self-custody is celebrated as freedom from institutional gatekeepers—but it also means individual users bear full responsibility for their own security, including physical safety.

Traditional banking, for all its flaws, provides institutional layers of protection. When criminals target bank customers, the bank absorbs losses. When criminals target crypto holders, the victims are often on their own.

This doesn't mean self-custody is wrong. It means the ecosystem needs to mature beyond technical security to address human vulnerability.

What needs to change:

  • Industry: Better data hygiene practices and breach response protocols
  • Regulation: Recognition that KYC databases create targeting risks requiring protective measures
  • Education: Physical security awareness as standard onboarding for new users
  • Technology: More solutions like time-locks and collaborative custody that provide protection even under duress

Looking Ahead

The correlation between Bitcoin price and violent attacks suggests 2026 will see continued growth in this crime category. With Bitcoin maintaining prices above $100,000 and crypto wealth becoming more visible, the incentive structure for criminals remains strong.

But awareness is growing. France's legislative response, increased security training, and the mainstreaming of operational security practices represent the beginning of an industry-wide reckoning with physical vulnerability.

The next phase of crypto security won't be measured in key lengths or hash rates. It will be measured in how well the ecosystem protects the humans holding the keys.

Security is foundational to everything in Web3. BlockEden.xyz provides enterprise-grade blockchain infrastructure with security-first design across 30+ networks. For teams building applications where user safety matters, explore our API marketplace and start building on infrastructure you can trust.

Share on Twitter