What Happened
You can run the most elaborate multisig setup on the planet. Air-gapped hardware wallets. Shamir’s Secret Sharing. Geographically distributed backups. None of it matters if someone puts a wrench to your kneecap and tells you to move the funds.
In 2025, that scenario stopped being theoretical. According to CertiK’s annual security report, 1 physical attacks against cryptocurrency holders (known as “wrench attacks”) jumped 75% year over year. There were 72 confirmed incidents globally, with confirmed losses exceeding $40.9 million. CertiK calls this figure a significant undercount, citing unreported cases, silent settlements, and untraceable ransoms.
The violence escalated too. Physical assaults increased 250%. Kidnappings rose 66%. 4 In January 2025, Ledger co-founder David Balland 3 and his wife were kidnapped from their home in France and held for 24 hours before police intervened. In Canada, court documents revealed a 2024 home invasion where attackers waterboarded a couple to steal $1.5 million in Bitcoin. In the UAE, a crypto entrepreneur and his wife were murdered during a staged business meeting when their wallets didn’t contain the expected funds.
And 2026 isn’t slowing down. According to Jameson Lopp’s public tracking database, 2 11 wrench attacks have been documented in just the first seven weeks of this year.
Why It Matters
For years, the Bitcoin security conversation focused on digital attack vectors — phishing, SIM swaps, malware, exchange hacks. Those threats haven’t gone away. But as CertiK put it plainly, wrench attacks have moved from “edge-case risk” to “structural threat to digital asset ownership.”
The logic is simple: as Bitcoin’s value grows and more individuals hold meaningful amounts through self-custody, the incentive to bypass all technical defenses and go directly after the person holding the keys increases proportionally.
Most wrench attacks don’t start with a random home invasion. They start with identification. Attackers are finding targets through social media posts revealing holdings, conference appearances and podcast interviews, blockchain forensics linking wallet addresses to real identities, and leaked KYC databases from exchanges and service providers.
In France, which led the world in wrench attacks in 2025, a tax agency employee was caught systematically feeding crypto investors’ identities to criminal networks. Then in January 2026, Waltio, a French crypto tax reporting service, was hacked, 5 compounding the exposure. The pattern is clear: the data you submit to comply with regulations becomes the intelligence that gets you targeted.
These aren’t random muggings. CertiK’s data shows organized crime groups increasingly outsourcing physical attacks to local gangs, reducing their own exposure while enabling a wider range of offenders. The professionalization of this threat is reflected in the insurance market — Lloyd’s of London 6 has begun offering coverage specifically for wrench attacks. When a 300-year-old insurance market starts underwriting this risk, the threat has been actuarially validated.
What This Means for You
Operational discretion is your first line of defense. Don’t discuss your holdings publicly — not on social media, not at meetups, not in group chats. The phrase “I’m into Bitcoin” is fine. The phrase “I hold X amount” is an operational security failure. Every detail about your holdings is targeting data.
Build a physical security posture. This means different things at different wealth levels, but the basics apply universally: be aware of who knows what you hold, vary your routines, secure your home entry points, and have a plan for duress situations. Consider a decoy wallet — a small, accessible amount you can surrender under threat while your primary holdings remain in time-locked or geographically distributed custody.
Separate your identity from your Bitcoin. Use privacy-focused tools for transactions. Minimize KYC exposure where legally possible. Understand that every database containing your identity and crypto activity is a potential target list.
What to Watch
The intersection of KYC database breaches and physical attacks. As more exchanges and tax platforms get compromised, the pipeline from “name on a list” to “target for violence” is shortening. If your data has been in any breach, elevate your physical awareness now — not after an incident.
France’s regulatory response will also signal broader trends. Whether governments respond with victim protection or with more data collection requirements will shape the threat environment for every Bitcoin holder globally.