Insights from the Metropolitan Police, shared in a CryptoUK webinar led by Detective Constable Anastasia Bezanidou

As crypto has moved from a niche asset class into mainstream awareness, the security conversation has largely centred on exchanges, wallets, private keys and cybercrime. But a quieter, more dangerous trend has emerged: the growing use of physical force to obtain access to cryptoassets.

These incidents — often referred to as “wrench attacks” — reveal a fundamental truth: the strongest cryptography in the world cannot protect someone if an attacker chooses to target the individual rather than the technology.

In a webinar hosted by CryptoUK, Detective Constable Anastasia Bezanidou of the Metropolitan Police outlined how these attacks work, why they are increasing, how offenders identify victims, and what individuals and organisations can do to reduce their exposure. Her insight paints a picture of a rapidly shifting risk landscape, combining traditional crime with digital intelligence-gathering.

1. The Origin of the term “Wrench Attack” — And Why It Still Matters

The term “wrench attack” stems from a 2006 XKCD comic. It delivers a blunt message: instead of spending time and resources attempting to break cryptography, an offender could simply threaten the victim with a cheap wrench and demand their keys. In the crypto era, the analogy has become uncomfortably accurate.

Criminal groups increasingly recognise that:

• cyberattacks require skill, time and specialist knowledge;
• physical intimidation is low-cost and immediate;
• the reward — access to valuable, portable digital wealth — can be significant.

This low barrier to entry has made physical targeting a growing part of the threat landscape facing crypto users.

2. How Criminal Groups Have Evolved Their Methods

One of the most striking examples discussed in the webinar involved a long-running organised crime network operating over a number of years. The group initially specialised in SIM-swap attacks and online fraud — crimes that required technical ability but no physical confrontation.

But as the value of cryptoassets increased, their methods escalated:

• They shifted from online account takeovers to violent home invasions.
• Victims were threatened or assaulted to obtain access to wallets and seed phrases.
• At least 11 victims were identified across four US states.
• Offenders coordinated through encrypted messaging platforms.
• The conspiracy spanned multiple countries, involving both local and overseas accomplices.

This evolution demonstrates how crypto has become an attractive target for criminal groups that traditionally operated in the physical realm.

3. An Escalating Global Trend: What Case Data Reveals

Open-source datasets show a clear escalation in physical attacks targeting crypto holders since around the end of 2014. One of the most comprehensive public resources — a community-maintained repository of physical Bitcoin attacks, available here — compiles media-reported incidents from around the world.

This data highlights several important trends:

Increasing frequency: Incidents have risen in line with wider crypto adoption.

Greater sophistication: Offenders increasingly use reconnaissance, surveillance and coordinated operations.

Repeat victimisation: Some individuals have been targeted more than once, showing how information circulates within criminal networks.

International hotspots: Certain locations — most notably France — appear frequently as settings for these offences, though attacks occur globally.

Businesses now at risk: It is not only individual holders who face threats. Crypto exchanges, OTC brokers and employees involved in high-value transactions have also been targeted.

These patterns reinforce that physical attacks are not isolated events but part of a broader international trend.

4. Why Victims Are Often Already Known to the Offender

One of the most important insights from the webinar is this:
Crypto-related physical attacks often involve offenders who already know — or know of — the victim.

Victims may be identified through:

• friends-of-friends or acquaintances
• previous online conversations
• group chats and community spaces
• loose social connections
• business interactions
• dating apps
• visible lifestyle changes
• social media posts
• Prior offending either by being a victim i.e. robbery or a criminal associate

In one notable case, a crypto user posted a screenshot of their wallet balance on social media. Days later, their home was burgled by offenders specifically seeking access to those funds.

Visibility — even indirect visibility — can create significant vulnerability.

5. The Role of Social Media and Oversharing

Social media remains one of the strongest catalysts for crypto-related physical crime. Offenders actively monitor platforms for signs of:

• high-value holdings
• screenshots showing wallet balances
• large trading profits
• involvement in crypto businesses
• predictable routines or travel patterns
• device screens displaying wallet interfaces

Information spreads rapidly online and through social circles. Someone who sees a single post may mention it to someone else, who may then pass it on again — until it reaches someone willing to act on it.

Shoulder-surfing is also on the rise. Offenders observe screens in public spaces — cafés, pubs, trains — to see wallet access or balances, enabling them to identify high-value targets.

6. Public Records: An Overlooked Source of Risk

A growing number of incidents originate from information found in public registries, especially the UK’s Companies House database.

In some cases:

• home addresses of directors were publicly listed;
• offenders used this data to locate victims;
• individuals had no idea this information was accessible online.

Users are strongly encouraged to:

• review their Companies House filings;
• remove or restrict sensitive information where possible;
• ensure their home addresses are not tied to crypto-related activity.

Many people underestimate how easily criminals can construct a detailed profile using only public data.

7. Practical Steps to Reduce the Risk of Crypto-Related Physical Attacks

Detective Constable Bezanidou outlined a five-stage crime prevention approach centred on both digital and physical discipline. Key measures include:

A. Diversify Your Crypto Storage

Avoid keeping all assets in one place. Spread crypto across multiple wallets, authentication layers or storage methods.

This reduces the reward and limits the impact of any single breach.

B. Strengthen Wallet and Device Security

Technical security must be paired with behavioural security.

• Use multi-layer verification for high-value holdings.
• Keep long-term crypto on separate devices.
• Hide or mask wallet balances where possible.
• Avoid accessing wallets in public environments.

C. Be Cautious in In-Person Crypto Transactions

Many attacks take place during face-to-face meetings linked to crypto trading or business operations.

• Avoid isolated or private locations.
• Be wary of sudden venue changes.
• Bring a second trusted person to high-value meetings.
• Ensure transactions occur in safe, monitored spaces.

Some businesses have been targeted after conducting verification meetings in hotel rooms or other private settings.

D. Maintain a Low Profile About Your Crypto Activity

High-value crypto holdings should never be widely discussed.

Even sharing details with friends or colleagues can create a chain of information that reaches someone with malicious intent.

E. Strengthen Situational Awareness

Stay alert to your surroundings when handling crypto:

• Shield your screen in public.
• Be aware of anyone watching too closely.
• Avoid showing wallet apps or balances on devices around strangers.
• Recognise when someone may be trying to gather information.

Situational awareness is one of the most effective ways to prevent being identified as a potential target.

8. The Human Element: Crypto Security Is Not Only Digital

The rise of wrench attacks shows that crypto security is fundamentally a human issue. Offenders increasingly blend several tactics to bypass otherwise robust digital systems:

• social engineering,
• open-source intelligence,
• personal connections,
• location data, and
• physical force

Put simply: the weakest point in many crypto security setups is not the technology — it is the person.

9. Watch the Full Webinar

To help the crypto community better understand these emerging physical threats, CryptoUK invited Detective Constable Anastasia Bezanidou of the Metropolitan Police to share the latest intelligence, real-world case insights and practical steps to strengthen personal and organisational security.

The full session is available below and provides essential guidance for anyone managing, holding or working with cryptoassets. We encourage you to watch the discussion in full and share it with colleagues, clients or community members who may be exposed to similar risks.

Banning Crypto Donations Won’t Solve the UK’s Foreign Influence Problem

One Rule, Many Realities: Lessons From the UK’s Travel Rule Roll-Out

Why Financial Access Remains the Defining Challenge for UK Crypto Firms — and What Needs to Change

The UK’s Moment: From Innovation Enabler to Global Leader in Digital Finance

Don’t Let Stablecoin Limits Close the Door on the UK’s $18 trillion Tokenisation Opportunity

Casp Travel Rule Application: Key Challenges and Public/Private Sector Solutions

Unlocking Crypto’s Mainstream Potential: How Transparency Can Shape this Market

Insights on Crypto Accounting Evolution from CryptoUK’s Policy Advisor Suzanne Morsfield

CryptoUK collaborates with several industry bodies to publish the Digital Currency Glossary

Fidelity Digital Assets Institutional Investor Digital Assets Survey