The number of violent “wrench attacks” targeting cryptocurrency holders has escalated alarmingly in 2025, as reported by Alena Vranova, founder of SatoshiLabs, a hardware wallet manufacturer. During her address at the Baltic Honeybadger 2025 conference held in Riga, Latvia, she highlighted the alarming frequency of these attacks, which encompass kidnappings, physical assaults, and extortion aimed at extracting private keys from victims. Vranova stated that on average, at least one individual involved in cryptocurrency is subjected to such threats each week, irrespective of their wealth. These incidents range from theft involving as little as $6,000 in crypto to severe cases where victims have lost their lives for holdings worth up to $50,000 in digital assets.
The surge in physical attacks is closely tied to a rise in data breaches affecting centralized services, especially cryptocurrency exchanges and wallet providers that are subject to Know Your Customer (KYC) regulations. Vranova disclosed that more than 80 million identities of cryptocurrency users are currently exposed online, with approximately 2.2 million cases including home addresses. This data availability plays a critical role in enabling criminals to identify and target specific individuals.
Recent high-profile data breaches have only intensified these risks. In May 2025, Coinbase, a leading U.S.-based cryptocurrency exchange, acknowledged a breach involving sensitive customer information, including names and addresses. Following this, a report by Cybernews in June revealed databases containing over 16 billion stolen credentials from major tech companies such as Apple, Facebook, and Google. Such leaks supply criminals with the necessary information to cross-reference blockchain data, making it easier for them to track affluent cryptocurrency holders.
Once potential victims are identified, they face various threats, including phishing schemes and SIM-swapping attacks, with the most extreme scenarios resulting in physical violence. Vranova emphasized that the ongoing bull market is drawing in inexperienced investors who may lack adequate operational security (opsec), making them more vulnerable to exploitation by criminal organizations, which are seizing the opportunity to expand their activities through theft and extortion.
Data from Chainalysis underscores the gravity of the situation, indicating that the number of wrench attacks recorded in 2025 is on pace to match the highest figures on record from previous years. Should this trend persist, the total number of such incidents could potentially double by the end of the year.
In light of these escalating threats, the cryptocurrency community is ramping up efforts to bolster both physical and digital security measures. Prominent investors are increasingly opting for private security services, enhancing home security systems, and utilizing privacy tools to safeguard their asset information. Meanwhile, everyday investors are adopting recommended best practices, such as minimizing public exposure, utilizing non-custodial wallets, and diversifying assets across multiple secure locations.
Security experts continue to advocate for improved opsec hygiene, which includes implementing unique passwords, multi-factor authentication, and conducting regular assessments for potential data leaks. Given the rising value of digital assets, the likelihood of targeted attacks appears set to increase, highlighting a critical need for comprehensive security measures among all cryptocurrency holders.
This issue also illuminates a broader conversation regarding the balance between regulatory compliance and user privacy within the cryptocurrency ecosystem. While KYC regulations aim to combat money laundering, they inadvertently create vulnerabilities by necessitating the storage of private and sensitive personal information. As long as this data remains centralized and accessible, the risk of wrench attacks and other forms of criminal exploitation is likely to persist.
In assessing the potential methods involved in these attacks, several tactics outlined in the MITRE ATT&CK framework could be relevant. Techniques related to initial access, such as phishing, might be employed by assailants to gather personal data. Tactics related to privilege escalation could further enable attackers to maximize their control over compromised accounts. The persistence of these cyber threats necessitates a continuous reassessment of security protocols and strategies to safeguard against emerging risks.
Source:
[1] Bitcoin exec warns violent wrench attacks on crypto holders have increased alarmingly in 2025
