Wrench attacks surged by 75% in 2025, with physical violence emerging as a critical threat in the crypto space
TechFlow Selected TechFlow Selected
Wrench attacks surged by 75% in 2025, with physical violence emerging as a critical threat in the crypto space
How to evolve from “protecting assets” to “protecting people”—by institutionalizing design to reduce the feasibility of coercive behavior—may become a pivotal question for the industry’s future development.
Navigating Web3 tides with focused insightsAuthor: CertiK
On February 2, Web3 security firm CertiK released its “Skynet Wrench Attack Report,” highlighting that physical violence targeting cryptocurrency holders has evolved from an extreme outlier into a structural risk. As security protections for crypto assets continue to strengthen, attacks bypassing technical defenses—directly targeting the “human” element—are rapidly proliferating.
The report states that globally, 72 verified wrench attacks were recorded in 2025—a 75% increase over 2024. A “wrench attack” refers to incidents where attackers use physical force, intimidation, or kidnapping to compel victims to surrender private keys or passwords. Such attacks do not rely on technical vulnerabilities but instead directly target the individuals behind crypto assets.
Significant Escalation in Violence; Europe Emerges as Highest-Risk Region
In terms of attack methodology, wrench attacks in 2025 showed a clear trend of escalating violence. According to the report, kidnapping remained the most common tactic, with 25 incidents recorded throughout the year; direct physical assaults surged by 250% year-on-year—one of the most alarming developments.
Geographically, Europe became the highest-risk region globally for the first time. In 2025, Europe accounted for over 40% of all known incidents worldwide, with France reporting the highest number of attacks—surpassing the United States. CertiK notes in the report that this shift does not imply reduced risk in North America, but rather reflects the spread of such crimes into jurisdictions with greater legal complexity and higher cross-border coordination costs.
Losses Exceed $40 Million; Actual Scale Likely Severely Underreported
Financially, confirmed losses linked to wrench attacks in 2025 exceeded $40.9 million—an increase of 44% year-on-year. However, the report warns that due to low victim reporting rates, fear of retaliation, and the involvement of assets tied to tax evasion or gray-area activities, this figure represents only the “tip of the iceberg.”
By comparing attack patterns, the report finds that wrench attacks in 2025 have fully departed from their earlier speculative and fragmented characteristics, entering a professionalized, industrialized operational phase. Perpetrators frequently operate as transnational criminal organizations, often spending weeks preparing before launching an attack—including open-source intelligence (OSINT) analysis of targets’ digital footprints, identification of vulnerable time windows, and deployment of specialized equipment such as signal jammers and Faraday bags to sever victims’ communication with the outside world.
Notably, attacker targeting is broadening. While industry executives and project founders remain high-value targets, attackers are now increasingly targeting individuals holding smaller amounts of crypto. Moreover, attackers are more frequently exploiting “associated targets”—exerting psychological pressure by threatening victims’ spouses, children, or parents.
How to Respond to Physical Threats? Security Recommendations for Individuals and Organizations
As technical security standards continue rising, “breaking into systems” is becoming increasingly difficult, whereas “coercing individuals” remains lower-cost and more efficient. This paradox renders personal safety the weakest—and most overlooked—link in today’s crypto ecosystem.
The report proposes a series of security recommendations for both individuals and organizations. At the individual level, it recommends using “decoy wallets” to limit coercion-related losses, geographically isolating mnemonic phrase storage, and removing encrypted apps from daily-use devices to reduce exposure. At the organizational level, it emphasizes adopting technical safeguards—including multi-signature mechanisms, timelock contracts, and transaction friction mechanisms—while also extending security training to employees’ family members.
In its concluding remarks, CertiK stresses that the 2025 landscape confirms wrench attacks have become a distinct category of crime within the crypto ecosystem. Relying solely on mnemonic phrase security is no longer sufficient to mitigate risk. The critical challenge facing the industry may now be shifting from “protecting assets” to “protecting people”—designing institutional frameworks that systematically reduce the feasibility of coercion.
Report link: https://indd.adobe.com/view/6399f4eb-e37c-485d-a225-a7a1fc68914f
Join TechFlow official community to stay tuned
Telegram:https://t.me/TechFlowDaily
X (Twitter):https://x.com/TechFlowPost
X (Twitter) EN:https://x.com/BlockFlow_News
CertiK
