The phrase “wrench attack” was coined to describe the simplest possible failure mode of cryptographic security: someone shows up at your door with a wrench and demands your seed phrase. In 2026 the phrase feels almost quaint – because the attackers are no longer working alone, and the wrench is usually the smallest thing they bring.
The data so far
The longest-running open dataset of physical attacks against cryptocurrency holders now records 291 publicly reported incidents between December 2014 and February 2026, with 75 in the most recent 12 months – up 42% year over year. Jurisdictions most affected: United States, France, United Kingdom, Netherlands, and a rapidly-growing category of cross-border operations targeting visiting investors.
Three patterns we track
1. Reconnaissance-led home invasions
Attackers increasingly pre-select targets via on-chain analysis, conference appearances, and open social media. The attack itself is preceded by days or weeks of passive surveillance.
2. Hostile detentions disguised as friendly meetings
A pattern we’ve seen twice in 2025 in the UAE: a “mentor” or “investor” offers a private villa meeting; the guest is detained on arrival until they produce transfers. This is why we discourage villa-based first meetings.
3. Family-targeted extortion
Several high-profile 2025 cases involved kidnappings of founders’ spouses or parents rather than the founders themselves. Family protection isn’t optional above a certain threshold of public exposure.
Practical measures
- Compartmentalise what’s publicly visible from what’s actually held.
- Establish duress protocols with household staff, drivers, and family members.
- Run a residence threat assessment before you publish your next major announcement.
- Avoid villa-based first meetings with anyone not vouched for by a tier-1 introducer.
If any of the above prompts a question – we offer a no-obligation threat and risk assessment. Reach out on WhatsApp or email.