CertiK Warning: Cryptocurrency wallets become kidnapping targets, wrench attacks surge by 75%

CertiK’s report indicates that in 2025, there were 72 confirmed violent attacks targeting cryptocurrency wallet holders worldwide, representing a 75% increase compared to 2024, resulting in losses of approximately $40.9 million. France accounted for the highest number with 19 incidents, making up 40% of all attacks globally. The Ledger founder was kidnapped in January, an Italian holder was tortured in New York in May, and the founder of SatoshiLabs reports that at least one attack occurs every week, making this a core threat.

Wrench Attacks Shift from Occasional Incidents to Systemic Threats

The so-called “Wrench Attack” refers to criminals using violence or threats to force cryptocurrency wallet owners to surrender their private keys or transfer assets. The term originates from a classic XKCD comic illustrating that even the strongest encryption cannot withstand physical violence with a wrench. As the value of cryptocurrencies skyrockets and the number of holders increases, this once-extreme attack method is evolving into a systemic threat.

CertiK emphasizes in its report: “Beyond direct financial losses, the psychological and reputational impacts are reshaping industry behavior, compelling founders and high-net-worth individuals to operate anonymously and relocate. 2025 marks a clear turning point: physical violence has now become one of the core threats within the crypto ecosystem.” This highlights the seriousness of the issue—it’s no longer just a tragedy for individual victims but a structural crisis affecting the entire industry’s operations.

A 75% annual growth rate is astonishing. This means that in 2024, there were about 41 confirmed cases, which surged to 72 in 2025. This growth far exceeds the increase in crypto market users, indicating that criminals are systematically targeting cryptocurrency wallet holders as high-value targets. Even more concerning, CertiK admits that the $40.9 million loss figure is only “confirmed,” and the actual amount could be several times higher due to “underreporting, silent settlements, and untraceable ransom payments.”

Many victims choose not to report or disclose incidents, fearing exposure of more wealth information, distrust of law enforcement, or private settlements with kidnappers. This dark figure makes it difficult to assess the true scale of wrench attacks, but it’s clear that public data only represents the tip of the iceberg. For crypto wallet holders, this is no longer a “possible” risk but a “current” reality.

Europe Becomes a Major Hub for Wrench Attacks

According to CertiK’s statistics, France recorded the highest number of attacks last year, with 19 confirmed cases, while Europe overall accounts for about 40% of all global attacks in 2025. This regional concentration warrants in-depth analysis. Why has Europe become a hotspot for wrench attacks? Possible reasons include high cryptocurrency adoption rates, relatively lax gun control laws that weaken victims’ resistance, and the ease of cross-border criminal networks within the Schengen Area.

Among the 19 cases in France, some involved high-profile crypto entrepreneurs and investors. Criminals track targets’ lifestyles, addresses, and schedules via social media, meticulously planning kidnapping operations. This “social engineering + violence” combination makes even security-conscious crypto wallet owners vulnerable. More alarmingly, some cases reveal that criminal gangs possess technical expertise, enabling them to force victims to authorize multi-signature wallets or unlock hardware wallets.

Some of the most notable attacks in 2025 highlight escalating threats. Ledger founder David Balland and his wife Amandine were kidnapped in January and ransom was demanded—shocking the industry, as the victims are top experts in hardware wallet security. Additionally, a report states that in May, an Italian crypto holder was kidnapped and tortured in New York City, demonstrating that these threats cross borders and even in well-ordered countries like the US, victims are not immune.

SatoshiLabs founder Alena Vranova stated in August: “Every week, at least one Bitcoin holder worldwide is kidnapped, tortured, extorted, or worse.” She added, “We’ve seen cases where crypto worth only $6,000 led to kidnapping, and others where $50,000 worth resulted in murder.” This reveals a frightening reality: the threshold for wrench attacks is rapidly lowering, targeting not just million-dollar whales but also ordinary users holding just a few thousand dollars.

Emergency Wallets and Protective Strategies

In response to threats of physical assault or intimidation, the industry is exploring technical solutions. The most discussed is the “Duress Wallet,” a crypto wallet designed with multiple protective features. When under threat, users can input a special “duress PIN” that triggers functions such as silently alerting contacts or law enforcement, displaying a fake small-balance wallet as bait, or automatically transferring assets to a pre-set secure address.

While theoretically feasible, practical implementation faces challenges. First, timing issues: blockchain transactions require confirmation time, and criminals might detect anomalies before the transfer completes. Second, trust issues: if the bait wallet shows too little, it could provoke violence. Third, complexity: emergency mechanisms need pre-configuration and simple operation but must avoid accidental triggers, demanding high standards in product design.

Five Key Protective Principles for Crypto Wallet Holders

Stay Low-Profile: Avoid publicly discussing holdings or transaction gains on social media to prevent becoming targets.

Enhance Physical Security: Consider relocating to safer areas, installing home security systems, and hiring professional security personnel.

Diversify Assets: Do not store all assets in a single wallet; use multi-signature setups and time locks.

Maintain Anonymity: Use pseudonyms in community participation, avoid revealing real identities and addresses.

Prepare an Emergency Plan: Develop response procedures with family members and pre-assign emergency contacts.

However, many experts advise that the most fundamental protection is: never publicly discuss your wealth or holdings. This simple principle is often overlooked; many victims later realize that attackers targeted them based on boastful posts on Twitter, Reddit, or Discord. While crypto’s anonymity is an advantage, it only works if holders keep a low profile.

Some high-net-worth individuals have taken extreme measures. Some prominent founders operate completely anonymously, using pseudonyms and hiding their identities. Others relocate to countries with strong legal systems and security, such as Singapore, Switzerland, or the UAE. Some hire private security teams for 24/7 monitoring. These measures are effective but costly and significantly impact quality of life, illustrating that wrench attacks have already materially changed how the crypto ecosystem functions.

Industry Response and Law Enforcement Challenges

CertiK’s report raises an alarm about crypto wallet security, but solving this problem requires cooperation across multiple sectors. Hardware wallet manufacturers need to embed stronger coercion protections; software wallet developers should provide emergency modes; exchanges and custodians must enhance privacy protections to prevent data leaks that could expose holders.

Law enforcement faces significant hurdles. The cross-border nature of crypto crimes allows kidnappers to operate across jurisdictions—demanding transfers to wallets in other countries, then laundering funds through mixers and decentralized exchanges. Such transnational crimes are extremely difficult to trace and prosecute. Victims often hesitate to cooperate, fearing further exposure or secondary attacks.

In the long term, the threat of wrench attacks may push the crypto wallet industry toward innovation. Future solutions could include biometric and geofencing-based authorization (auto-triggering alerts if unlocking occurs in abnormal locations), delayed transfers (large transactions requiring a 24-hour cooling-off period), and social recovery mechanisms (requiring multiple trusted contacts to confirm emergency actions). While these may sacrifice some convenience, they can greatly enhance security.