- Instead of spending months attempting to crack encryption, an attacker can simply threaten a victim with a wrench until they hand over access credentials.
- CertiK documented 72 verified physical coercion incidents globally during 2025, representing a 75% increase from the previous year.
The cryptocurrency industry has spent years strengthening digital defenses. Smart contract audits have become more sophisticated, hardware wallets have improved security standards, and exchanges now invest millions into cyber protection systems. Yet despite these advances, a darker reality is emerging in parallel. Criminals are increasingly abandoning keyboards and malware in favor of something far more primitive: physical violence.
According to a new report from CertiK, so-called “wrench attacks” are rapidly becoming one of the most dangerous threats facing crypto holders in 2026. These attacks involve criminals physically coercing victims into surrendering private keys, seed phrases, or wallet access through kidnapping, assault, intimidation, or extortion.
The term itself comes from a long-running joke in cybersecurity circles. Instead of spending months attempting to crack encryption, an attacker can simply threaten a victim with a wrench until they hand over access credentials. What was once considered an unlikely edge-case scenario has now evolved into an organized criminal trend targeting cryptocurrency investors, executives, traders, and even their family members.
CertiK’s latest findings suggest that the problem is accelerating at an alarming pace. The firm documented 72 verified physical coercion incidents globally during 2025, representing a 75% increase from the previous year. Financial losses linked to these attacks exceeded $40 million, although researchers believe the real figure is likely far higher because many incidents go unreported.
The trend appears even more severe in early 2026. CertiK reported 34 verified wrench attacks within the first four months of the year alone, with estimated losses already surpassing $100 million globally.
Unlike traditional crypto hacks, wrench attacks target people rather than code. Victims are selected based on visible wealth, leaked personal information, public social media activity, or associations with crypto companies. Criminals often use open-source intelligence gathering techniques to identify targets before executing physical attacks.
Europe has emerged as the epicenter of this growing threat. According to CertiK, more than 40% of global wrench attacks recorded in 2025 occurred in Europe, with France becoming one of the most heavily targeted countries worldwide.
Researchers believe several factors contributed to this concentration. France hosts numerous cryptocurrency firms, executives, and wealthy digital asset investors. At the same time, data leaks and oversharing on social media have made it easier for criminal groups to identify potential victims.
One of the most concerning revelations from the report involves the role of leaked financial data. CertiK described cases where sensitive information regarding crypto holders was allegedly accessed or sold to organized criminal networks. In one example highlighted by the report, a French tax official allegedly exploited government systems to identify individuals with crypto-related assets before the information was passed to criminal organizations.
This shift toward “data-driven targeting” marks a major evolution in crypto-related crime. Instead of conducting lengthy surveillance operations, attackers can now build profiles using breached databases, social media posts, and leaked financial records. Once a target’s home address, financial background, and online identity become accessible, physical attacks become easier to organize.
The report also revealed that criminals are increasingly targeting family members and close associates rather than the primary crypto holder directly. Elderly parents, spouses, and children are now frequently used as leverage in ransom or extortion attempts. Several high-profile incidents in 2026 illustrate how brutal these attacks have become.
One case involved a Chinese entrepreneur in Turkey who was reportedly kidnapped and murdered following a dispute involving crypto assets. Investigators later discovered evidence that wallet extraction had occurred before the victim’s death.
Another incident involved an elderly American woman who was abducted during a multimillion-dollar Bitcoin ransom attempt aimed at her family. CertiK described the attack as part of a growing trend in which criminals deliberately pressure relatives to force crypto transfers.
Perhaps one of the most disturbing cases involved a well-known crypto figure in the United Kingdom who was reportedly threatened, assaulted, and forced to surrender millions of dollars worth of digital assets. According to the report, the stolen funds were rapidly laundered across multiple blockchain networks before being converted into privacy-focused cryptocurrencies.
CertiK’s analysis suggests many of these operations are surprisingly decentralized. The individuals carrying out attacks on the ground are often loosely connected groups recruited through messaging applications like Telegram or Snapchat. Many are inexperienced criminals paid relatively small amounts to participate in kidnappings or home invasions.
Meanwhile, the masterminds coordinating the attacks are frequently located in different countries, making law enforcement investigations significantly more difficult. Criminal organizers reportedly purchase stolen databases, recruit local operators, and manage laundering operations remotely.
The rise of wrench attacks reflects a broader transformation happening within crypto security. As blockchain protocols, exchanges, and wallets become harder to exploit technically, attackers are increasingly shifting toward the “human layer” of security. In many cases, threatening an individual directly is viewed as faster and more profitable than attempting to hack advanced systems.
This creates a unique challenge for the cryptocurrency industry because blockchain transactions are generally irreversible. Once stolen assets are transferred and mixed across multiple networks, recovering funds becomes extremely difficult.
Security experts now argue that crypto holders must think beyond digital cybersecurity alone. Personal privacy, operational security, and physical safety are becoming equally important parts of asset protection. Many investors are reducing public exposure, hiding wallet ownership details, and avoiding displaying wealth online altogether.
Some experts recommend additional safeguards such as multisignature wallets, withdrawal delays, geographically distributed storage systems, and emergency duress accounts designed for high-risk situations.
At the same time, regulators and law enforcement agencies are facing mounting pressure to address the problem. The combination of leaked data, organized criminal networks, and increasingly violent attacks has transformed wrench attacks from isolated incidents into a growing international security concern.
For years, the cryptocurrency sector focused primarily on defending against digital intrusions. CertiK’s latest report suggests the battlefield is changing. The greatest vulnerability may no longer be hidden inside code or software. Instead, it may lie in the very real people who control the keys.