On February 2, CertiK, the world's largest Web3 security company, released the "Skynet Wrench Attack Report," pointing out that physical violence against cryptocurrency holders has evolved from extreme isolated cases into a structural risk. As the security protection of crypto assets continues to strengthen, this method of attack, which bypasses technical defenses and directly targets the "person," is spreading rapidly.
The report shows that in 2025, a total of 72 verified wrench attack incidents were recorded globally, an increase of 75% compared to 2024. So-called "wrench attacks" refer to attackers using physical means such as violence, intimidation, or kidnapping to force victims to hand over private keys or passwords. These attacks do not rely on technical vulnerabilities but directly target the individuals behind the crypto assets.
Significant Escalation in Violence, Europe Becomes High-Risk Region
In terms of attack patterns, wrench attacks in 2025 showed a clear trend of escalating violence. The report notes that kidnapping remains the primary attack method, with 25 incidents occurring throughout the year; direct physical assault incidents increased by 250% year-on-year, becoming one of the most noteworthy changes.
Geographically, Europe became the highest-risk region globally for the first time. In 2025, Europe accounted for over 40% of known global incidents, with France recording the highest number of attacks worldwide, surpassing the United States. CertiK noted in the report that this change does not mean that risks in North America have disappeared but reflects that such crimes are spreading to more regions with complex judicial environments and higher cross-border collaboration costs.
Losses Exceed $40 Million, True Scale Likely Severely Underestimated
In terms of financial impact, confirmed losses related to wrench attacks in 2025 exceeded $40.9 million, a 44% increase year-on-year. However, the report warns that this figure is only the "tip of the iceberg" due to factors such as victims' low willingness to report incidents, fear of retaliation, and some assets being involved in tax evasion or gray areas.
By comparing attack patterns, the report found that wrench attacks in 2025 have completely moved away from the early opportunistic and fragmented characteristics and entered a stage of professionalized and industrialized operation. Attackers mostly exist as transnational criminal groups, often preparing for weeks before an attack, using open-source intelligence (OSINT) to analyze the target's digital traces, identify weak defense periods, and even deploy professional equipment such as signal jammers and Faraday bags to cut off the victim's contact with the outside world.
Notably, the targets of attackers are broadening. Although industry executives and project founders remain high-value targets, attackers are now also targeting individuals with smaller holdings. Additionally, attackers are increasingly leveraging "associated targets," applying psychological pressure by threatening the victim's spouse, children, or parents.
How to Respond to Physical Threats? Security Recommendations for Individuals and Institutions
As technical security standards continue to improve, "cracking the system" is becoming increasingly difficult, while "coercing the individual" is cheaper and more efficient. This paradox makes personal safety the weakest and most overlooked link in the current crypto ecosystem.
The report proposes a series of security recommendations for individuals and institutions: At the individual level, it is recommended to reduce coercion losses through "decoy wallets," geographically isolate seed phrase storage, and remove encryption applications from daily devices to minimize risk; at the institutional level, it emphasizes the use of technical measures such as multi-signature mechanisms, time-lock contracts, and transaction friction mechanisms, while extending security training to family members and employees.
CertiK emphasized in the report's conclusion that the situation in 5 indicates that wrench attacks have become an independent type of crime within the crypto ecosystem, and the security model relying solely on seed phrases can no longer cope with the risks. How to upgrade from "protecting assets" to "protecting people" and reduce the feasibility of coercive behavior through institutional design may become a key proposition for the industry's future development.
Report link: https://indd.adobe.com/view/6399f4eb-e37c-485d-a225-a7a1fc68914f
