Why wrench attacks continue to rock crypto industry just two months into new year

A version of this story appeared in The Guidance newsletter on February 9. Sign up here.

If violent attacks on crypto investors were a key trend in 2025, the new year suggests more of the same.

Not even two months into 2026, there have already been eleven so-called wrench attacks on investors and their inner circles, according to Jameson Lopp’s GitHub records.

Lopp is the co-founder and chief security officer of the self-custody crypto wallet, CasaHODL.

And the stories are gruesome.

In France, a couple and their two children were beaten and tied up by three individuals in January in order to extort them for their cryptocurrencies. Three teenagers disguised as Amazon couriers entered a man’s house in England and threatened him with knives until he handed over his crypto. A Chinese national in Pasay City, Philippines, was also kidnapped by four men who demanded he send them $1 million in cryptocurrency.

What’s more: All of these attacks occurred in January.

Wrench attacks on the rise

These attacks have haunted the crypto sphere for years, but a string of high-profile violent attacks over the past year has significantly raised the threat level for crypto investors.

Wrench attacks made headlines last year when crooks kidnapped David Balland, co-founder of crypto hardware wallet brand Ledger, and his wife in France.

Another particularly brutal attack shocked the crypto world after court documents only made public in November detailed a 2024 home invasion where criminals waterboarded a man and his wife in Vancouver, Canada, before sexually assaulting their daughter to steal over $1.5 million in Bitcoin.

So, what’s driving the violence?

In France, where most of the reported attacks this year have occurred, there are several key reasons.

French media reported that in June 2025, an employee with the country’s tax agency had been steadily providing other alleged criminals with the identities of different crypto investors in the country.

In January, it was revealed that Waltio, a service that lets investors calculate and report their crypto capital gains for tax reports, had been hacked. The attackers then gained access to 50,000 Waltio customers’ data, including email addresses and their 2024 tax reports.

Besides sensitive data leaks, crypto is also proving to be a much more convenient target for illicit actors simply because digital assets are becoming more ubiquitous.

“As cryptocurrency adoption grows and more value is held directly by individuals, criminals are increasingly incentivised to bypass technical defenses altogether and target people instead,” TRM Labs’ Global Head of Policy, Ari Redbord, told DL News in January.

Staying safe

Common solutions have cropped up in the wake of the attacks. Bodyguards, round-the-clock surveillance, and, of course, personal weapons.

But there are also technical solutions that are appearing in the crypto community to help protect users — or buy them a little more time for authorities to intervene.

Elliot Friedman, founder of the dev shop Solidity Labs and a member of the cybersecurity group Security Alliance, developed a timelock feature for crypto wallets called Kleidi.

It adds a time buffer for transactions

So, any onchain moves could take up a day or even a month to send, depending on your preferences.

“If someone forces you to move funds, physically, socially, or by any means, you can truthfully say: ’I can’t. My wallet won’t let me,’” he said.

Whether attackers understand you or not is another story, of course.

Liam Kelly is DL News’ Berlin-based DeFi correspondent. Have a tip? Get in touch at liam@dlnews.com.