Why don't we hear about this happening to people who are equally wealthy in classical (non-crypto) assets? Are they more discreet and harder to make out or are there protections in place at, e.g., banks that limit the efficacy of these kinds of attacks? I guess most wealth people don't have enough of their wealth in liquid assets to be a good target but people with lot's of crypto assets can easily transfer it all.
topranks · 48m ago
Those people keep their money in banks.
Sure you can pressure people to transfer money from banks to you. But that will be easier to trace and the transactions could just be reversed. If moving all your wealth the bank is likely to ask some questions, maybe want to see you in person.
With crypto the philosophy is “be your own bank”. It’s like keeping your money under the mattress. So you are a much more promising target.
wslh · 43m ago
When you create your own keys, you essentially become the bank. Additionally, with exchanges or other custodial platforms, once you move funds, the transactions are irreversible and can be very difficult, or even impossible, to trace.
ls612 · 11m ago
Kidnapping for ransom used to be big business for US organized crime. Then the law changed to basically outlaw paying ransoms (all negotiations had to go through the FBI) and while a few people died, kidnapping for ransom in the US largely died as well after the 80s.
Horffupolde · 53m ago
Because the public doesn’t relate to these victims.
TheAmazingRace · 2h ago
This write up is very interesting to me for one main reason. It underscores how incredibly important it is for anyone dealing in this stuff to do the following…
Keep. Your. Mouth. Shut.
Pseudo-anonymity, with the emphasis on the pseudo part, is only as good as you. If you truly believe in Bitcoin and all that implies, it really is in your best interest to be quiet and keep it to yourself, and this knife cuts in more ways than you might expect. You don’t have layers of security like at a traditional bank. You are the weakest link wrt private keys and storage.
Also, even talking about it amongst folks you think are your friends, like fellow Bitcoin users, isn’t wise either. Hypothetically, if you became exceedingly wealthy on paper, it would be in the interest of others to take you out of the equation so you can’t cash out. If that means a five dollar (or whatever they cost these days) wrench to the head so you stop moving… now that value is locked up in the blockchain! Could this happen to any given bitcoin users with just a few satoshi or whatnot? Very unlikely, but don’t forget that a decade and a half ago, a handful of bitcoins could cost you very little money. Now it has gone up exponentially in value and would make you a big fat target.
There are those on /r/bitcoin that think a wrench won’t ever break their wills and spirits. That math is invincible. Don’t think they’ve ever been on the wrong side of one before. Math might be bulletproof, but wetware is very fragile.
jsheard · 2h ago
The tension is between needing to keep your mouth shut (for your own safety) and needing to loudly evangelize crypto at every opportunity (because its value is still mostly predicated on hype and FOMO, which must be maintained). For people to believe the narrative that buying crypto will make them rich, there has to be crypto-rich people shouting about how crypto-rich they are.
TheAmazingRace · 2h ago
That is quite a balancing act, isn’t it?
throwanem · 1h ago
Not before Miami slides into the Atlantic...
TheAmazingRace · 1h ago
Lol
dylan604 · 2h ago
> Keep. Your. Mouth. Shut.
The interesting thing to me about this is watching how we've changed over the past 40 years. As a kid, it was impressed up on kids to not talk to strangers. You don't tell people where you live. You don't tell people anything more than necessary. Now, people share the most intimate details of their daily lives. People share/invite random strangers to their accounts without any concerns about who they are or what they might do. People just do not think about how the most benign of posts can be used for nefarious purposes by someone else. So we've gone from share nothing to over sharing everything.
mattgreenrocks · 53m ago
It’s definitely changed from generation to generation.
During covid some SWEs had pretty sweet gigs due to lowered expectations and a rush on talent. And what do a small fraction of SWEs do? Make “life in the day of” videos that glamorize how cushy and easy-going it is, painting the whole group of SWEs as spoiled and entitled who make too much money. Point is they could’ve just realized they had it good and kept quiet.
But, no, they had to hustle for internet points, even risking their job inadvertently. It’s unbelievable to me how fast we flipped from the internet being an accessory to life to it being a surrogate for actual social interaction.
ummonk · 55m ago
Ehh, changes in privacy expectations have gone both ways. 40 years ago people also voluntarily listed their home address and telephone number in phone books that would be mailed to the whole community.
TheAmazingRace · 2h ago
So just another point on this… you are probably not as anonymous on the internet as you might think. You can brag about wealth in cryptocurrency. But use a handle long enough, or even across several accounts that can somehow be linked, and a fingerprint of you could be constructed. It really can be done with some forensic analysis.
And I think it all boils down to the fact that some humans need to make noise about their successes so they feel validated. Much like the cryptocurrency evangelists, they probably can’t help themselves because they want to ensure they defend “the mission” even if it comes at great personal cost in the long run.
throwanem · 1h ago
I've recently quoted on here something about learning to spend what's in your pocket. That is a special case of the same general principle evinced here, which is that if you don't put work into maintaining a broad perspective, you lose the ability to distinguish what you're used to and what's ordinary.
It's worth worrying about in the general case, too. There are subtler and much more noxious failure modes here than merely getting beaned with a Swedish nut rounder.
hibikir · 16m ago
This kind of works, until you have a medical issue that impairs your brain enough,an event that loses hardware keys or backups, or you care about possible inheritors when you die.
Everything you do to keep keys safe from some risks weakens your posture against other risks. Making sure most people don't know about your holdings is nice and all, but ultimately key management is a really hard problem. It's hard enough for companies, but I'd argue it's even worse for individuals.
TheAmazingRace · 10m ago
You are correct about key management being hard. I’ve been telling folks that absolutely insist on getting into Bitcoin that it’s best to leave out any notions of convenience at all, as convenience is the enemy of security. If you absolutely must have the stuff, stick to a cold wallet using pen and paper. It still has its own downsides, but it’s arguably one of the most simple ways to handle the keys problem.
throwanem · 1h ago
> Keep. Your. Mouth. Shut.
With events like the recent Coinbase breach, is this even enough?
TheAmazingRace · 1h ago
Nobody has to use Coinbase. That said, yes you aren’t wrong. The more intermediaries you deal with, the higher your exposure risk.
throwanem · 46m ago
That, and there's zero backward or forward secrecy by design. Avoiding intermediaries can't ameliorate the hazards of the protocol.
TheAmazingRace · 26m ago
Exactly. Hence why I don’t advocate for any cryptocurrency at all, personally. It’s fraught with peril and the juice really isn’t worth the squeeze to me. Others may have a different calculus, but I’d rather not be looking over my shoulder constantly.
throwanem · 20m ago
Oh, same, I've never touched the stuff. That was pure intuition 15 years ago; these days I think of it as a longterm investment paying major dividends in peace of mind.
Of course it would be easy to say one's never touched crypto, and not so easy to prove, as with any negative. I don't care. If I ever get bounced with a King Dick, it'll far more likely be because I said something someone didn't like - which seems to happen about as often as I open my mouth, these days.
In any case they better not let me hear them coming. Wiser to spin the block in a car, really. I've never been hit with a wrench before, but it did once take more than a hammer to get me off my feet.
Side joke: with inflation the XKCD $5 wrench attack (https://xkcd.com/538/) is no longer possible.
qoez · 3h ago
The alt text does say "Also, I would be hard-pressed to find that wrench for $5." so I guess even at the time without inflation it wasn't really possible
apples_oranges · 3h ago
For Americans now difficult. Rest of the world can still order cheaply in China ;)
cluckindan · 1h ago
Maybe those orders should be limited given how the tools have no other valid use than password extraction
grues-dinner · 3h ago
It could be a second-hand wrench. Or maybe smuggled in without tariffs: a 1-foot, 3-pound wrench is $3.45 on Taobao (including shipping, a pair of gloves and a roll of PTFE tape). It might not be Snap-On but it'll probably survive being hit with a few crypto speculator skulls.
krisoft · 3h ago
Or a stolen wrench. If you are already on the path of criminality.
lazide · 3h ago
Hey man, some of us have limits (/s)
Seriously though, most B&E’s will use tools stolen from some prior victim. Why spend money you don’t need to, or something.
dylan604 · 2h ago
Or tools from the current victim. Someone broke into my house using the utensils from my grill on the patio to try to pry open a rear window before just using them to break the glass.
grues-dinner · 1h ago
Also you can't be filmed at the hardware shop buying the weapon. Premeditation makes things worse if you do get caught.
Next they'll hit someone over the head with a shitcoin to try and steal their wrench!
gesman · 17m ago
TLDR:
The paper *"Investigating Wrench Attacks: Physical Attacks Targeting Cryptocurrency Users"* presents the first comprehensive study on wrench attacks—real-world physical attacks used to coerce cryptocurrency users into handing over their digital assets.
### Summary of the Paper:
#### *Definition & Origin*
* The term "\$5 wrench attack” originates from a webcomic and refers to using physical coercion (like a wrench) instead of complex hacking to obtain information such as crypto keys.
* The paper defines wrench attacks as *intentional physical attacks to unlawfully obtain cryptocurrencies* via coercion or violence, combining crimes against both persons and property.
#### *Methodology*
* *Data triangulation* from:
* 10 **interviews** with victims and experts
* 146 **news articles**
* 37 **online forums** (672 posts analyzed)
* *Crime script analysis* was used to map how such attacks are prepared, executed, and concluded.
#### *Key Findings*
* Attackers range from *organized crime groups* to *friends, family*, and *even corrupt law enforcement*.
* Victims are often *public figures, early adopters*, or participants in *peer-to-peer (P2P) crypto transactions*.
* Attacks include *robbery, kidnapping, murder, blackmail*, and a new category: *cryptocurrency-facilitated domestic economic abuse*.
* *No user is immune*, including security-savvy individuals.
* Attacks have *increased over time*, especially during market booms (e.g., 2017, 2021).
* Victims often *do not report attacks*, fearing revictimization or police inaction.
#### *Security Insights*
* Most victims had *used centralized exchanges* and undergone *KYC* processes, potentially exposing their identity and holdings.
* Wrench attacks *bypass digital security*—no software or hardware defense can prevent coercion under threat.
* Victim behaviors (e.g., displaying crypto apps in public, sharing wealth) can unintentionally increase risk.
#### *Recommendations*
* *For Users:*
* Keep a **low profile** about crypto holdings.
* Use **multi-signature wallets**, **distributed fund storage**, and **plausible deniability mechanisms**.
* Exercise caution during **P2P transactions** and avoid carrying large amounts of crypto assets.
* *For Industry & Regulators:*
* **Reevaluate KYC policies**—data leaks can serve as “shopping lists” for attackers.
* Implement **transaction delays** or **alerts** for large withdrawals to thwart coercion.
* Improve **wallet UI/UX** to prevent exposing sensitive information (e.g., display balance).
#### *Contributions*
* Introduces the first *formal legal definition* of wrench attacks.
* Identifies *seven forms* of wrench attacks.
* Provides *actionable policy and design recommendations* for reducing risk.
---
This research highlights the *growing intersection of physical crime and digital assets*, calling for urgent changes in user behavior, system design, and policy to mitigate this underreported but increasingly relevant threat.
Sure you can pressure people to transfer money from banks to you. But that will be easier to trace and the transactions could just be reversed. If moving all your wealth the bank is likely to ask some questions, maybe want to see you in person.
With crypto the philosophy is “be your own bank”. It’s like keeping your money under the mattress. So you are a much more promising target.
Keep. Your. Mouth. Shut.
Pseudo-anonymity, with the emphasis on the pseudo part, is only as good as you. If you truly believe in Bitcoin and all that implies, it really is in your best interest to be quiet and keep it to yourself, and this knife cuts in more ways than you might expect. You don’t have layers of security like at a traditional bank. You are the weakest link wrt private keys and storage.
Also, even talking about it amongst folks you think are your friends, like fellow Bitcoin users, isn’t wise either. Hypothetically, if you became exceedingly wealthy on paper, it would be in the interest of others to take you out of the equation so you can’t cash out. If that means a five dollar (or whatever they cost these days) wrench to the head so you stop moving… now that value is locked up in the blockchain! Could this happen to any given bitcoin users with just a few satoshi or whatnot? Very unlikely, but don’t forget that a decade and a half ago, a handful of bitcoins could cost you very little money. Now it has gone up exponentially in value and would make you a big fat target.
There are those on /r/bitcoin that think a wrench won’t ever break their wills and spirits. That math is invincible. Don’t think they’ve ever been on the wrong side of one before. Math might be bulletproof, but wetware is very fragile.
The interesting thing to me about this is watching how we've changed over the past 40 years. As a kid, it was impressed up on kids to not talk to strangers. You don't tell people where you live. You don't tell people anything more than necessary. Now, people share the most intimate details of their daily lives. People share/invite random strangers to their accounts without any concerns about who they are or what they might do. People just do not think about how the most benign of posts can be used for nefarious purposes by someone else. So we've gone from share nothing to over sharing everything.
During covid some SWEs had pretty sweet gigs due to lowered expectations and a rush on talent. And what do a small fraction of SWEs do? Make “life in the day of” videos that glamorize how cushy and easy-going it is, painting the whole group of SWEs as spoiled and entitled who make too much money. Point is they could’ve just realized they had it good and kept quiet.
But, no, they had to hustle for internet points, even risking their job inadvertently. It’s unbelievable to me how fast we flipped from the internet being an accessory to life to it being a surrogate for actual social interaction.
And I think it all boils down to the fact that some humans need to make noise about their successes so they feel validated. Much like the cryptocurrency evangelists, they probably can’t help themselves because they want to ensure they defend “the mission” even if it comes at great personal cost in the long run.
It's worth worrying about in the general case, too. There are subtler and much more noxious failure modes here than merely getting beaned with a Swedish nut rounder.
Everything you do to keep keys safe from some risks weakens your posture against other risks. Making sure most people don't know about your holdings is nice and all, but ultimately key management is a really hard problem. It's hard enough for companies, but I'd argue it's even worse for individuals.
With events like the recent Coinbase breach, is this even enough?
Of course it would be easy to say one's never touched crypto, and not so easy to prove, as with any negative. I don't care. If I ever get bounced with a King Dick, it'll far more likely be because I said something someone didn't like - which seems to happen about as often as I open my mouth, these days.
In any case they better not let me hear them coming. Wiser to spin the block in a car, really. I've never been hit with a wrench before, but it did once take more than a hammer to get me off my feet.
Side joke: with inflation the XKCD $5 wrench attack (https://xkcd.com/538/) is no longer possible.
Seriously though, most B&E’s will use tools stolen from some prior victim. Why spend money you don’t need to, or something.
$7.99
They also have an 8-inch wrench on sale for $3 but I'd spend the extra for the pipe wrench.
Better whackin' with an 18-incher.
The paper *"Investigating Wrench Attacks: Physical Attacks Targeting Cryptocurrency Users"* presents the first comprehensive study on wrench attacks—real-world physical attacks used to coerce cryptocurrency users into handing over their digital assets.
### Summary of the Paper:
#### *Definition & Origin*
* The term "\$5 wrench attack” originates from a webcomic and refers to using physical coercion (like a wrench) instead of complex hacking to obtain information such as crypto keys. * The paper defines wrench attacks as *intentional physical attacks to unlawfully obtain cryptocurrencies* via coercion or violence, combining crimes against both persons and property.
#### *Methodology*
* *Data triangulation* from:
* *Crime script analysis* was used to map how such attacks are prepared, executed, and concluded.#### *Key Findings*
* Attackers range from *organized crime groups* to *friends, family*, and *even corrupt law enforcement*. * Victims are often *public figures, early adopters*, or participants in *peer-to-peer (P2P) crypto transactions*. * Attacks include *robbery, kidnapping, murder, blackmail*, and a new category: *cryptocurrency-facilitated domestic economic abuse*. * *No user is immune*, including security-savvy individuals. * Attacks have *increased over time*, especially during market booms (e.g., 2017, 2021). * Victims often *do not report attacks*, fearing revictimization or police inaction.
#### *Security Insights*
* Most victims had *used centralized exchanges* and undergone *KYC* processes, potentially exposing their identity and holdings. * Wrench attacks *bypass digital security*—no software or hardware defense can prevent coercion under threat. * Victim behaviors (e.g., displaying crypto apps in public, sharing wealth) can unintentionally increase risk.
#### *Recommendations*
* *For Users:*
* *For Industry & Regulators:* #### *Contributions** Introduces the first *formal legal definition* of wrench attacks. * Identifies *seven forms* of wrench attacks. * Provides *actionable policy and design recommendations* for reducing risk.
---
This research highlights the *growing intersection of physical crime and digital assets*, calling for urgent changes in user behavior, system design, and policy to mitigate this underreported but increasingly relevant threat.