Summary
Criminals are increasingly bypassing technical defenses and attacking people directly. In a recent case near Paris, assailants impersonating police staged a fake raid, used violence to coerce a couple, and forced the husband to send nearly $1 million in Bitcoin. This was not a code or network breach but a high-risk physical coercion attack—often called a “wrench attack”—that exploits human vulnerability to defeat cryptographic protections.
What happened
Location: Le Chesnay-Rocquencourt, France. Victims: a couple in their late 50s. Sequence of events:
– Three individuals in police clothing gained access to the home.
– The couple was threatened at knifepoint and assaulted; the husband was tied up.
– The attackers forced the husband to authorize a Bitcoin transfer worth almost $1 million and then fled in a vehicle.
– Both victims were injured. French law enforcement is investigating, with possible charges including armed robbery and organized criminal conspiracy.
Why targeting the owner works
Impersonating police taps into psychological triggers that increase compliance:
– Authority: people are conditioned to obey officers.
– Urgency: a raid creates pressure to act immediately.
– Fear: victims may believe resisting will have legal or violent consequences.
Under stress, victims often stop verifying legitimacy. In crypto, a single coerced approval can send irreversible, high-value transfers within seconds.
Wrench attacks: the human weak point
A wrench attack means using threats or physical force to obtain private keys, devices, or transaction approvals. No matter how secure the wallet or encryption, human coercion can render it irrelevant. Attackers don’t need to break cryptography if they can force an owner to sign a transaction. Some high-net-worth holders mitigate this risk by keeping decoy wallets with small balances visible and protecting main holdings with multisignature setups or geographically distributed signers.
Why these incidents are growing
Multiple trends encourage a shift from remote hacking to physical coercion:
– More self-custody: individuals holding private keys make attractive, reachable targets.
– Public visibility: social media, property records and public profiles can reveal likely victims.
– Harder remote hacks: better cybersecurity pushes criminals to physical methods.
– Instant global liquidity: stolen crypto can be moved and laundered worldwide in minutes.
Reported wrench attacks rose sharply in 2025, with documented cases up about 75% from 2024. Europe—particularly France—has become a notable hotspot, with millions lost and an uptick in violent, targeted operations.
Why France is affected
High-profile cases in France include kidnappings for crypto ransom, targeted home invasions and coordinated group operations. Criminal networks surveil wealthy individuals, map routines and prefer direct ambushes that yield immediate, irreversible transfers.
Why coercion is chosen over hacking
Hardware wallets, multisig arrangements and cold storage have raised the bar for remote compromise. Coercion changes the threat model: attackers can simply force a person to unlock a device, reveal credentials, or approve transactions. For criminals, physically compelling a signing action is often faster and more reliable than exploiting software or networks.
Why Bitcoin is especially exposed under duress
Bitcoin’s features that make it attractive—permissionless global transfer, irreversibility and rapid settlement—also make it hard to recover stolen funds once transferred. Under duress, an owner can be made to move funds immediately; attackers can then quickly redistribute coins across many addresses or across chains, complicating tracing and recovery.
Law enforcement challenges and response
French authorities, including units that handle organized crime, are investigating. They face familiar obstacles: the speed at which assets move, cross-border laundering, and the pseudonymous nature of on-chain transactions. Coordinated international cooperation and blockchain analytics can help, but recovery success is limited once funds have been scattered.
Practical security measures for crypto owners
Protecting wallets is necessary but not sufficient. Pair technical defenses with real-world precautions:
– Avoid public disclosure of crypto holdings or linking your identity to wallet addresses.
– Keep personal and financial life private; limit social media sharing about wealth or purchases.
– Use multisignature wallets so no single person can authorize large transfers.
– Distribute signing authority geographically or among trusted, independent parties.
– Consider decoy wallets or accounts with small balances to show under duress.
– Improve physical security: home alarms, surveillance, secure storage for hardware wallets and professional security assessments if you’re a high-value target.
– Plan emergency procedures and practice responses with trusted advisors.
Final note
This incident underscores a shifting threat landscape: robust cryptography alone cannot defend against attackers who target the human controlling the keys. Owners must combine strong technical safeguards with careful operational security and personal safety measures.
Editorial note
This rewrite is informational and not financial, legal, or investment advice. Readers should perform their own research and consult qualified professionals where appropriate.