Crypto Millionaires Are Now Hiring Bodyguards Physical Attacks on Holders Are Getting Worse

Cryptocurrency holders used to receive threats online, but these days there are more cases of physical attacks directed at cryptocurrency executives, founders, and very wealthy investors than there were just a year ago. The procedures used by the attackers are similar: they find someone that they know has large amounts of cryptocurrency, learn when and where their target is going to be, and then they physically intimidate or use violence against their target to obtain wallet credentials or steal from them. This is sometimes referred to as "wrench attacks" in the cryptocurrency community, as no amount of encryption will protect you from someone who is threatening you with violence until you hand over your keys.

Unlike many random mugging-type events, these are organized and usually involve significant surveillance, research, and sometimes even insider information regarding the victim's cryptocurrency holdings. Individuals carrying out these types of warranted assaults know exactly what they are looking for and have enough knowledge of how cryptocurrency works to know that any forced transfer made once the transaction is confirmed on-chain cannot be undone.

The Attacks Are Getting Bolder

The crypto industry has been rocked by a series of high-profile incidents throughout the year 2024 and into the year 2025. Some executives have been tracked to conferences, family members have been threatened and targeted, and in some instances, attackers have broken into their homes in a coordinated group, tied them up, and demanded access to their hardware wallets or exchange accounts while they monitored the transaction in progress.

These events are spread across a large geographic area, and have occurred throughout Europe, Latin America, Southeast Asia, and North America, and all of the regions with a significant amount of crypto wealth have experienced these types of issues. In France, a father of a crypto entrepreneur was kidnapped for ransom in Bitcoin NPR, and in the Philippines, Chinese-Filipino businessman Anson Que and his driver were kidnapped and later found dead, with a ransom partially paid in cryptocurrency. BitPinas The similarities from country to country with different laws and regulations tell you how far the organization of these attacks has come.

What has changed in the last few months is not just the amount of times they have happened, but also the level of audacity demonstrated by the attackers. They are attacking people in broad daylight, near theives offices (eg. near the office of the executive who was attacked), and outside of restaurants. The belief that these types of physical threats were associated with developing countries, is over. There have been many reports of wealthy crypto holders in virtually all of the bigger cities in Europe and America currently existing, who are under ongoing surveillance, and are subject to credible threats. CertiK's Skynet Wrench Attack Report recorded 72 verified cases worldwide in 2025 — a 75% increase from 41 cases in 2024 — with Europe accounting for over 40% of incidents and France alone recording 19 attacks.

Why Crypto Is a Uniquely Attractive Target

Cash is easy to trace; banks can undo or halt transferred funds. But that is not the case for cryptocurrency. The fundamental aspect of cryptocurrency is also the reason it is so desirable in a wrench attack.

When an attacker successfully executes a wrench attack against you, they will gain immediate access to funds that they can send anywhere in the world. A successful execution of a wrench attack will also yield funds that cannot easily be returned to their rightful owner once the funds have been moved. There is no fraud department to contact; and there are no 48-hour holds on large withdrawals from accounts. If someone destroys your seed phrase or transfers your wallet, the transaction will occur within a matter of minutes — and your funds will be lost forever.

The public nature of the blockchain also presents a major disadvantage to individual users of the blockchain. Wallet addresses that are linked to individuals — either by KYC/KYB compliance at the exchange, by public donation or sponsorship, or simply by careless social media activity — can be searched and identified at will. Thus, an attacker could search a blockchain for a wallet address with 8-figures of value, and then, using the blockchain, identify the person behind that address by tracing backwards through the transactions. Chainalysis analysis reveals a clear correlation between violent incidents and Bitcoin's price movements, suggesting that rising asset values may trigger additional opportunistic physical attacks against known crypto holders. So while the transparency of the blockchain creates its value as an accurate, reliable ledger, it also creates a high level of danger as a personal financial disclosure.

What Executives Are Actually Doing About It

The security response within the industry has transitioned from simple security measures to implementing a much more active security culture across the board. Private security firms such as Infinite Risks International, based in Amsterdam, report a sharp increase in demand from crypto professionals seeking round-the-clock protection. Several have relocated; some to lower public profile jurisdictions and/or gated communities with a professional security infrastructure to protect them.

Operational approaches to securing oneself against a breach have also changed. Cryptocurrency executives are removing their home addresses from public records, taking their family members' names off their online presence, and constraining what they disclose publicly about their holdings and/or net worth. The desire to publicly post gains or show off online — which is prevalent in crypto culture — is being actively discouraged by the security consultants retained by high-profile clients.

Hardware wallet usage is evolving. The use of multisignature set-ups where approval from keys is required and those keys are kept at different physical locations makes it more challenging to have forced transfers under duress. The use of time-locked transactions adds another layer to this. Some holders are purposely keeping only smaller amounts of accessible cryptocurrency in any single wallet and are distributing their cryptocurrency above the different wallets they have so that there are separate barriers to get to their cryptocurrency.

Panic wallet setups — decoy wallets holding small amounts that an attacker could find quickly and believe is the full stash — have become more common. The logic is that someone under physical threat needs something plausible to hand over.

The Problem Nobody Has Solved

None of these measures are perfect. A determined, well-resourced attacker who has done their homework and knows approximately what someone holds will not be deterred by a decoy wallet. Physical security is expensive and wrench attacks are forecast to keep rising in 2026, with experts warning that law enforcement's inability to deal with these crimes and a growing pool of crypto holders means more targets than ever.

The industry built sophisticated tools to secure assets from remote hackers. Physical threat protection is a different problem entirely, and it's one that crypto's infrastructure — decentralized, trustless, irreversible — makes structurally harder to solve.

Wrench attacks work because the assets are real, the transfers are final, and the victims are findable. That combination isn't going away.