According to blockchain security firm CertiK, physical violence targeting crypto holders will rapidly escalate in 2025, with wrench attacks surging 75% year-on-year.
This rise marks an important turning point in crypto security, where technological safeguards are no longer sufficient against real-world violence.
From cryptography to enforcement: Wrench attacks expose gaps in human security in cryptocurrencies
A wrench attack is a form of theft in which an attacker uses physical force or intimidation to force someone to hand over a cryptographic private key or password, bypassing all technical security measures. It targets humans, not technology.
Sponsored Sponsored
CertiK noted that these types of attacks were once considered an “edge case risk” but have now turned into “a structural threat to the ownership of digital assets.”
“2025 will officially be the most violent year in crypto history,” the company wrote.
In its Skynet Wrench Attacks report, CertiK revealed that confirmed incidents of physical force soared in 2025, with 72 incidents worldwide, up from 41 in 2024. This marked a 75% increase over the previous year.
This trend accelerated earlier this year. There were 21 incidents in the first quarter of 2025 alone. After a slight slowdown in the second quarter with 16 cases, activity picked up again in the second half of the year.
In the third quarter, 17 incidents were recorded and in the fourth quarter, 18 incidents were recorded. May 2025 stands out as the most violent month, with 10 attacks reported, followed by January 2025 with nine.
Kidnapping remains the most common tactic, with 25 incidents in 2025. This was a 66% increase compared to 2024, when 15 similar incidents were reported. Physical assaults also skyrocketed, increasing by 250% from 4 incidents in 2024 to 14 incidents in 2025.
The losses associated with these attacks are increasing with their frequency. In 2024, total losses from physical force incidents are estimated at $28.3 million. In 2025, stolen funds exceeded $40.9 million, with losses increasing by 44%.
Sponsored Sponsored
“However, this number significantly underestimates the true impact due to underreporting, anonymous settlements, untraceable ransom payments, etc.,” the company said. “The data shows that attackers are no longer focused solely on whales, but also on individuals with modest holdings simply because they are known to own cryptocurrencies.”
Europe emerges as the epicenter, with France leading in attack frequency
The report further highlighted that Europe will account for over 40% of global wrench attacks by 2025, making it the “most dangerous region” for crypto holders. France led the trend, recording 19 cases, more than any other country.
The data also shows a relative decline in the rate of wrench attacks in North America. The region accounted for 12.5% of global incidents in 2025, down from 36.6% in 2024. Reported incidents decreased from 15 to nine.
“This does not necessarily mean that the United States is a safer place, but rather that global shipping has expanded elsewhere,” the report states.
Sponsored Sponsored
Asia remained a “high risk” region. Its share of global wrench attacks remained relatively stable, rising slightly from 31.7% in 2024 to 33.3% in 2025.
According to CertiK, threats in Asia remain focused on crypto tourists and foreigners, particularly in hubs such as Thailand and Hong Kong.
“The psychological impact is perhaps the most detrimental long-term effect. The rise in extreme violence is creating a climate of fear that is driving the wealthy into hiding, with founders and early adopters erasing their digital footprints, withdrawing from public events, or relocating to jurisdictions with lower crime rates,” CertiK said.
Several high-profile incidents in 2025 highlighted the escalating brutality of wrench attacks. In France, a highly organized cross-border gang kidnapped Ledger co-founder David Balland and his wife in January and demanded a €10 million crypto ransom. After a two-day search, authorities rescued two people alive and arrested several suspects.
In December, the 21-year-old son of Ukrainian politician Danilo Kuzmin was murdered in Vienna after being trapped and tortured to gain access to his cryptocurrency wallet. The attackers stole about $200,000 before killing him. Authorities later took the suspect into custody.
In the United Arab Emirates (UAE), cryptocurrency entrepreneur Roman Novak and his wife were killed in an ambush during a planned business meeting. The attackers reportedly sought access to hundreds of millions of worth of crypto assets, but executed the couple when the expected funds did not arrive in their wallets.
Sponsored Sponsored
These are just a few of the many incidents that will occur in 2025. These show that cryptocurrency crime goes far beyond online theft. Physical violence, including torture, ambushes, and even murder, is currently being used to target digital asset owners.
How crypto holders can mitigate real-world risks as wrench attacks increase
CertiK warned that wrench attacks are likely to become more sophisticated and move from purely physical coercion to psychologically driven and scalable threats.
The company expects attackers to increase their use of deepfake extortion and AI-powered social engineering. This includes fake video calls and mass-produced honeypot schemes aimed at putting pressure on victims.
To reduce risk, CertiK recommends that individuals focus on minimizing their visibility and exposure. This includes avoiding sharing wallet addresses, portfolio screenshots, travel plans, and everyday details related to cryptocurrency activity. The company also added that users can maintain a decoy wallet alongside their secure primary vault.
“Never put your seed material and your signature device in the same place. Don’t store your recovery materials at home. Use your travel phone with minimal accounts, disable lock screen previews, and keep expensive wallets away from your everyday devices,” CertiK says.
For institutions, CertiK focuses on structural protection. These include adopting multi-signature or MPC systems with withdrawal limits and delays, adding friction to large transactions, and formalizing executive security and travel protocols.
The company also urges companies to extend security training beyond executives to family members, close associates, and employees. They are increasingly targeted as vicarious victims.
