from Hacker News

Wrench Attacks: Physical attacks targeting cryptocurrency users (2024) [pdf]

by pulisse on 5/25/25, 11:56 AM with 117 comments

  • by Adrig on 5/25/25, 6:33 PM

    Two instances of crypto kidnapping happened recently in France just a few weeks apart. The first was the father of a crypto milionnaire who was rescued after a few days, missing a finger. The second is the daughter of a crypto CEO who fended off a kidnapping in broad daylight in the center of Paris, while she was with her husband and baby. Insane stuff.

    This will only go worse and harder to protect from. Most of the instances I heard about were carried by "amateurs", which makes all this quite unpredictable.

  • by _tom_ on 5/25/25, 6:22 PM

  • by thasso on 5/25/25, 3:23 PM

    Why don't we hear about this happening to people who are equally wealthy in classical (non-crypto) assets? Are they more discreet and harder to make out or are there protections in place at, e.g., banks that limit the efficacy of these kinds of attacks? I guess most wealth people don't have enough of their wealth in liquid assets to be a good target but people with lot's of crypto assets can easily transfer it all.

  • by TheAmazingRace on 5/25/25, 1:35 PM

    This write up is very interesting to me for one main reason. It underscores how incredibly important it is for anyone dealing in this stuff to do the following…

    Keep. Your. Mouth. Shut.

    Pseudo-anonymity, with the emphasis on the pseudo part, is only as good as you. If you truly believe in Bitcoin and all that implies, it really is in your best interest to be quiet and keep it to yourself, and this knife cuts in more ways than you might expect. You don’t have layers of security like at a traditional bank. You are the weakest link wrt private keys and storage.

    Also, even talking about it amongst folks you think are your friends, like fellow Bitcoin users, isn’t wise either. Hypothetically, if you became exceedingly wealthy on paper, it would be in the interest of others to take you out of the equation so you can’t cash out. If that means a five dollar (or whatever they cost these days) wrench to the head so you stop moving… now that value is locked up in the blockchain! Could this happen to any given bitcoin users with just a few satoshi or whatnot? Very unlikely, but don’t forget that a decade and a half ago, a handful of bitcoins could cost you very little money. Now it has gone up exponentially in value and would make you a big fat target.

    There are those on /r/bitcoin that think a wrench won’t ever break their wills and spirits. That math is invincible. Don’t think they’ve ever been on the wrong side of one before. Math might be bulletproof, but wetware is very fragile.

  • by imaginator on 5/25/25, 12:17 PM

    Jameson Lopp maintains a comprehensive list at https://github.com/jlopp/physical-bitcoin-attacks

    Side joke: with inflation the XKCD $5 wrench attack (https://xkcd.com/538/) is no longer possible.

  • by lo0dot0 on 5/26/25, 6:56 PM

    It's pretentious to say something is "novel" when people have raided each other for valuables for centuries.

  • by akrymski on 5/25/25, 10:23 PM

    You mean there's a point to banks after all?

  • by jonfromsf on 5/26/25, 1:48 AM

    The obvious answer is to invest in ETFs that hold bitcoin, in a traditional brokerage account. Ironic that it comes to that (given that bitcoin was supposed to take down big finance). But it is the most straightforward and safe way for someone to own some amount of bitcoin.

  • by anigbrowl on 5/26/25, 2:24 AM

    How does this need an academic paper?!

      >Be rich
  >Don't have good personal security because you're nouveau-riche and socially naive
  >Boast about the size of your crypto wallet
  >Targeted by criminals
  >surprised pikachu.jpg

  • by pluto_modadic on 5/26/25, 12:53 AM

    Ah, and here I was hoping it would have parallels to attacks on yubikeys. not concerned with coins. or, journalists getting detained at the border.

  • by specialist on 5/25/25, 6:35 PM

    Mugging, larceny, robbery, assault & battery, a stick-up.

    Kids these days.... Always inventing new words for old ideas, amirite?

    More seriously: I'm still a little unclear how stealing crypto is feasible. There's a ledger, right? Tumblers are really that effective at hiding the chain of custody?

    At some point(s) the cyberspace "durable digital asset" (h/t a15z) has to emerge in meatspace, right? Even if it pops up in Russia, NK, or Golden Triangle, there's always some heads to bash, fingers to break. Right?

  • by margorczynski on 5/25/25, 12:17 PM

    I guess the name is in reference to https://xkcd.com/538/