Physical violence targeting cryptocurrency holders escalated sharply in 2025, with wrench attacks surging 75% year over year, according to blockchain security firm CertiK.
This rise marks a critical inflection point in crypto security, where technical safeguards are no longer sufficient against real-world violence.
From Code to Coercion: Wrench Attacks Expose Crypto’s Human Security Gap
A wrench attack is a form of theft in which attackers use physical force or threats to coerce someone into handing over crypto private keys or passwords, bypassing all technical security measures. It targets the person, not the technology.
Sponsored
Sponsored
CertiK noted that while these types of attacks were once regarded as an “edge-case risk,” they have transformed into “a structural threat to digital asset ownership.”
“2025 is officially the most violent year in the history of cryptocurrency,” the firm wrote.
In its Skynet Wrench Attacks Report, CertiK revealed that verified physical coercion incidents rose sharply in 2025, increasing to 72 cases worldwide from 41 in 2024. This marked a 75% year-over-year increase.
The trend accelerated early in the year. The first quarter of 2025 alone accounted for 21 incidents. Although the second quarter saw a slight slowdown with 16 cases, activity picked up again in the second half of the year.
17 incidents were recorded in Q3 and 18 in Q4. May 2025 stood out as the most violent month, with 10 reported attacks, followed by January 2025 with 9.
Kidnapping remained the most common tactic, accounting for 25 incidents in 2025. This represented a 66% increase compared to 2024, when 15 such cases were reported. Physical assaults also surged, rising from four incidents in 2024 to 14 in 2025, a 250% increase.
Losses linked to these attacks have grown alongside their frequency. In 2024, total losses from physical coercion cases were estimated at $28.3 million. In 2025, stolen funds exceeded $40.9 million, marking a 44% increase in value lost.
Sponsored
Sponsored
“Though this figure significantly understates the true impact due to under-reporting, silent settlements, and untraceable ransoms,” the firm stated. “The data indicates that attackers are no longer focused only on whales, but also on individuals with modest holdings, simply because they are known to own crypto.”
Europe Emerges as Epicenter With France Leading Attack Frequency
The report further highlighted that in 2025, Europe accounted for over 40% of global wrench attacks, making it the “most dangerous region” for crypto holders. France led this trend, recording 19 cases, more than any other country.
The data also pointed to a relative decline in North America’s share of wrench attacks. The region accounted for 12.5% of global incidents in 2025, down from 36.6% in 2024. Reported cases fell from 15 to 9.
“This does not necessarily imply that the US is a safer place, but rather that the global volume has expanded elsewhere,” the report stated.
Sponsored
Sponsored
Asia remained a “high-risk” region. Its share of global wrench attacks remained relatively stable, rising slightly from 31.7% in 2024 to 33.3% in 2025.
According to CertiK, the threat in Asia remains heavily concentrated on crypto tourists and expatriates, particularly in hubs such as Thailand and Hong Kong.
“The psychological fallout is perhaps the most damaging long-term effect. The rise in extreme violence has created a climate of fear that is driving high-net-worth individuals into hiding. Founders and early adopters are scrubbing their digital footprints, withdrawing from public events, or relocating to jurisdictions with lower crime rates,” CertiK mentioned.
Several high-profile cases in 2025 highlighted the escalating brutality of wrench attacks. In France, a highly organized transnational crew kidnapped Ledger co-founder David Balland and his wife in January and demanded a €10 million crypto ransom. After a two-day manhunt, authorities rescued both alive and arrested multiple suspects.
In December, the 21-year-old son of a Ukrainian politician, Danylo Kuzmin, was murdered in Vienna after being lured into a trap and tortured for access to his crypto wallets. Attackers stole about $200,000 before killing him. The authorities detained the suspects later.
In the UAE, crypto entrepreneur Roman Novak and his wife were killed after being ambushed during a staged business meeting. The attackers sought access to crypto holdings reportedly worth hundreds of millions, but executed the couple when the wallets failed to deliver the expected funds.
Sponsored
Sponsored
These are just some of the many incidents that occurred in 2025. They show that crypto crime has moved far beyond online theft. Physical violence, including torture, ambushes, and even murder, is now being used to target digital asset holders.
How Crypto Holders Can Reduce Real-World Risks Amid Rising Wrench Attacks
CertiK warned that wrench attacks are likely to become more sophisticated, shifting from purely physical coercion to psychologically driven and highly scalable threats.
The firm expects attackers to increasingly use deepfake extortion and AI-powered social engineering. This includes fake video calls and mass-produced honeypot schemes designed to pressure victims.
To reduce risk, CertiK recommends that individuals focus on minimizing their visibility and exposure. This includes avoiding sharing wallet addresses, portfolio screenshots, travel plans, or routine details linked to crypto activity. The firm also added that users could maintain decoy wallets alongside secure primary vaults.
“Never co-locate seed material and signing devices; avoid keeping recovery material at home. Use a travel phone with minimal accounts, disable lock-screen previews, and keep high-value wallets off daily devices,” CertiK said.
For institutions, CertiK emphasizes structural protections. These include adopting multi-signature or MPC systems with withdrawal limits and delays, adding friction to large transactions, and formalizing executive security and travel protocols.
The firm also urges companies to extend security training beyond executives to include family members, close associates, and employees. They are increasingly being targeted as proxy victims.
Go to Source to See Full Article
Author: Kamina Bashir
