Blockchain security firm CertiK found a sharp rise in so-called “wrench attacks” in 2025, where criminals use physical force or threats to seize crypto assets or extort owners and their relatives. In a report published Sunday, CertiK verified 72 wrench-attack incidents worldwide last year — about a 75% increase compared with 2024 — and said physical assaults and kidnappings can no longer be treated as rare exceptions.
The auditor tied $40.9 million in confirmed losses to these attacks in 2025, while cautioning that the real figure is likely higher due to under-reporting, private settlements and ransoms that cannot be traced on-chain. Geographically, France recorded the most confirmed cases (19), and Europe accounted for roughly 40% of the global total.
CertiK warned that beyond direct financial damage, the growing threat of violence is changing industry behavior. Many founders and wealthy crypto holders are increasingly seeking operational anonymity, relocating geographically, or adopting tighter personal security practices to avoid becoming targets. The firm framed 2025 as an inflection point in which physical violence has become a core risk vector for crypto participants.
High-profile incidents highlighted in the report include the January abduction and ransom of Ledger founder David Balland and his wife, Amandine, and a May case in which an Italian crypto holder visiting New York City was reportedly kidnapped and tortured. Alena Vranova, founder of SatoshiLabs, said kidnappings and extortion are common and vary widely in scale, noting cases where attackers demanded as little as $6,000 in crypto and others where victims were killed over sums around $50,000.
Suggested defenses range from technical to personal. Some developers and security experts propose “panic wallet” features that can silently summon help, erase keys under duress, or move funds to decoy addresses. Security guidance also emphasizes prudence in public discussions about holdings, stronger physical protection for high-net-worth individuals, and measures to preserve operational anonymity.
CertiK urges the industry to treat physical coercion as an established attack vector and to combine technological safeguards with practical personal-security measures to reduce exposure and deter would-be attackers.