‘A record year for wrench attacks’: How crypto holders can maintain physical security amid rising risks
While the frequency of crypto protocol exploits has yet to regain the record pace set during the pandemic-era bull market, 2025 stands out for crypto security experts on at least one front: the frequency of so-called “$5 wrench attacks.”According to Ari Redbord, the global head of policy and government affairs at crypto analytics firm TRM Labs, “2025 was a record year for wrench attacks,” with roughly 60 reported physical assaults on crypto holders.“The true number is likely significantly higher,” Redbord added. “Many incidents are logged simply as robberies or burglaries, with the crypto element omitted, while others are never reported due to victim hesitation or uncertainty about how law enforcement will handle crypto-related crimes.”A “wrench attack” is a type of cybersecurity risk that derives its name from the idea that even the most sophisticated forms of encryption and data security can be undone by physical coercion — like being threatened by a “$5 wrench.” Crypto exploits in general tend to rise in frequency alongside prices — 2025 also saw a rebound in protocol exploit losses close to pandemic-era highs. However, wrench attacks not only put assets at risk but also lives, upping the ante for maintaining proper OPSEC beyond wallet management best practices. “No matter how many technical precautions you take or how many factors you authenticate with, no individual is immune to human attack vectors,” Tor Bair, CEO of Hybrid Minds Advisory and former president of the Secret Foundation, told The Block. Some sources, like the log maintained by OG Bitcoiner and security expert Jameson Lopp, who for over a decade has tracked media reports of known attacks against crypto holders “that occurred in meatspace,” place the figure closer to 70 wrench attacks. This is compared to approximately 41 assaults recorded in 2024 and 36 in 2021, the years with the next-highest levels of known wrench attacks, according to Lopp’s data. Although the true number of wrench attacks is difficult to quantify, there appears to be either a higher risk of victimization or, at least, a greater awareness of the threat.For instance, earlier this year, French Interior Minister Bruno Retailleau commented on the rise of crypto-related assaults in the country, which at the time had experienced about one-third of wrench attacks in 2025, including the high-profile kidnapping and torture of Ledger co-founder David Balland and his wife in January.Staying safeMany crypto security experts have anecdotally confirmed that wrench attacks are on the upswing. Nick Bax, founder of Ump.eth and member of SEAL, attributed many attacks to “poor privacy” at a personal level — like people “flexing their net worth in group chats” — as well as corporate data breaches. This year, for instance, Coinbase disclosed a major data breach where rogue customer service representatives accessed many customers’ KYC details — including addresses, phone numbers, government IDs, and other sensitive info — in an attack that could have long-lasting implications. Though it is far from the only firm — crypto-native or not — to leak sensitive information.The website Have I Been Pwned estimates that over 17 billion email accounts alone have been exposed in data leaks, including by leading crypto exchanges and service providers.“The most effective mitigation is reducing exposure and strengthening key management — limiting public signals of crypto ownership on social media, using multisignature or passphrase-protected wallets, and separating everyday wallets from long-term holdings,” TRM’s Redbord said. Pablo Sabbatella, co-founder of security firm Opsek, echoed this by recommending crypto holders maintain different levels of wallet protection for their long-term and medium-term savings and funds needed for daily use. “You can’t have direct access to long-term funds,” Sabbatella told The Block. “Design systems that do not allow you to move your long-term funds alone,” like setting up a 2-out-of-3 multi-sig and 72-hour time lock. Users can also set up whitelisted addresses and protocols for their long-term storage, ensuring that funds cannot be moved to unapproved accounts. Odysseas of security protocol Phylax also suggested setting up a decoy account with “a substantial but not deadly amount” of a user’s holdings that could be forfeited under duress. In addition to those digital security measures, Sabbatella recommends “physical security training,” which teaches potential targets best practices for high-risk events like conferences and social media hygiene. Users should not only come up with a “plan and procedures” but also do live simulations, he added. “There is no such thing as perfect security, only better security, and it always comes at a cost,” Bair said. Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.