(Getty Images)

Cyber insecurity

The alarming surge of “wrench attacks” in crypto puts owners on edge

“The main problem is that cryptocurrency turns every holder into a walking bank vault. And being your own bank means accepting that you can be robbed like one.”

Yaël Bizouati-Kennedy

6/10/25 9:31AM

Crypto owners and executives have always had to watch out for hackers, but now face a new and rapidly increasing threat: physical attacks.

The uptick in these targeted attacks has been making headlines, and these incidents are happening globally, from Paris to New York to Buenos Aires.

Data from Galaxy Digital and Casa cofounder and Chief Security Officer Jameson Lopp, who has been monitoring these developments for several years, indicates that there have been at least 25 documented attacks this year.

This would put 2025 “on track to be the most dangerous year ever for crypto owners,” Alex Thorn, Galaxy’s head of firm-wide research, posted. The previous record was set in 2021, with about 36 attacks.

Lopp told Sherwood News that as there’s a rough (lagging) correlation between bitcoin’s exchange rate and the rate of physical attacks, he’s not surprised that this year is on track for an all-time high.

“I predicted last year that we’d see at least an average of one per week in 2025. And that’s just the publicized attacks. There’s good reason to believe that only 10% to 30% of actual attacks end up being publicized,” he said.

Global Crypto Extortions by Year and Country — (Source: Galaxy)

“We are seeing a brutal convergence of the speed of cybercrime with the violence of street crime.”

To put this in context, in 2015, there were five attacks documented, the data shows.

“This is one of the most harrowing things I have seen in my time, both as a prosecutor and at TRM Labs. We are seeing a brutal convergence of the speed of cybercrime with the violence of street crime,” Ari Redbord, global head of policy and government affairs at TRM Labs, told Sherwood.

Redbord added that as crypto becomes more valuable and self-custody of those assets grows, the threat is no longer just digital; it’s also physical.

“Criminals are adapting fast, shifting from phishing emails to physical force,” he said. “In this world, the human has become the attack surface, and crypto security now means personal security.”

The so-called “wrench attacks,” where physical force or intimidation is used to compel a victim to surrender access to their cryptocurrency holdings, per TRM Labs, are also becoming increasingly gruesome and bolder, involving kidnappings and torture.

In recent weeks, John Woeltz, “the crypto king of Kentucky,” was arrested after having sequestered and tortured an Italian tourist in New York in an attempt to get their bitcoin password.

So far this year, a significant number of these “wrench” attacks have occurred in France, Galaxy data shows.

Paris specifically has been struggling with a string of crypto attacks in recent months. In May, the pregnant daughter of crypto exec Pierre Noizat, CEO of Paymium, and her toddler were almost snatched in broad daylight. In two different disturbing incidents, a family member and a crypto exec were abducted and had fingers severed.

Ogle, the pseudonymous cofounder of the blockchain ecosystem Glue and a cybersecurity adviser to WLFI, has been extremely vocal about these threats for years.

“I’ve never understood how people with meaningful amounts of crypto wealth don’t take basic precautionary measures such as having personal security, not telling people where they live unless they’re very trusted, etc. It’s some of the most cost-effective life and wealth insurance you can buy,” he told Sherwood.

He added that the difficulty is that even folks in the crypto industry don’t quite consider cryptocurrency to be “real money” yet.

“The purely digital nature of it, I think, has a psychological effect on some people where they don’t have the realization that the worst can happen to you is not just losing your money digitally, but is in fact losing a lot more than that physically. The two worlds are connected now. People need to act accordingly,” he said.

Ogle told Sherwood only three people have ever been to his secondary residence and zero have ever been “to my primary.”

“No mail goes to either,” he added.

A perfect storm for these attacks

David Carvalho, an ex-systems hacker who has advised NATO on cyberwarfare and is the founder of Naoris Protocol, said the uptick in these attacks was inevitable.

“Unlike traditional wealth protected by institutional infrastructure, crypto can be instantly transferred under duress.”

Bitcoin reaching new highs and mainstream adoption of crypto creates perfect conditions for physical attacks, he said.

“The main problem is that cryptocurrency turns every holder into a walking bank vault. And being your own bank means accepting that you can be robbed like one,” he said. “Unlike traditional wealth protected by institutional infrastructure, crypto can be instantly transferred under duress.”

Interestingly, he added that the seemingly cryptographically perfect systems fail completely when someone puts a gun to your head. Until wallet infrastructure includes duress codes and emergency protocols as standard, this will only get worse.

How people can protect themselves

Carvalho said that the number one rule is: shut up about your wealth.

“Stop posting portfolios and conference photos,” he said. In addition, consider geographic key distribution, such as multi-signature security across trusted parties in different locations.

And finally: accept you’re a target.

“Bank-level wealth requires bank-level security thinking,” he added.

“Many victims are selected simply because they’ve mentioned their holdings, posted about them online, or worn crypto-branded gear in public.”

Another issue is that once an attack method proves successful and repeatable, it tends to spread quickly, and 2025 has already been a devastating year for many crypto holders, Walter Gaya, executive and dignitary protection consultant at International Security Consulting Group, told Sherwood.

Gaya said that while these types of assaults carry higher personal risk for the attacker, the potential payoff is enormous.

He echoed Carvalho’s sentiment, saying that the opportunity often stems from the victim’s lack of discretion. Crypto “has a certain cool factor” and people want to brag about it, potentially making themselves targets, “particularly if they are posting about their wealth and travel plans on social media,” he added.

“Many victims are selected simply because they’ve mentioned their holdings, posted about them online, or worn crypto-branded gear in public,” Gaya said.

His tips for crypto owners? In addition to being discreet, he recommends completing high-value trades in vetted, surveilled environments, ideally with a second person or trusted security contact aware of the meeting.

More Crypto

See all Crypto

$290M

Sage D. Young22h

On Saturday, ethereum-based protocol KelpDAO, known for liquid restaking, was exploited for $290 million, the largest hack of 2026 in the decentralized finance ecosystem.

“Preliminary indicators suggest attribution to a highly-sophisticated state actor, likely DPRK’s Lazarus Group,” LayerZero said in its statement explaining the attack. KelpDAO issues rsETH, while LayerZero provides network infrastructure that allows users to move KelpDAO’s rsETH between blockchains.

The configuration of KelpDAO’s exploited application, powered by LayerZero, relied on a single decentralized verifier network (DVN), responsible for verifying the integrity of cross-chain messages.

The industry best practice is for protocols to use a multi-DVN setup to prevent a unilateral point of trust or failure. “A properly hardened configuration would have required consensus across multiple independent DVNs, rendering this attack ineffective even in the event of any single DVN being compromised,” LayerZero stated, essentially placing the blame on the restaking protocol for using a single-DVN setup.

The exploiters executed an RPC-spoofing attack and performed DDoS attacks to manipulate the single DVN instance into confirming transactions “that never in fact took place.” The LayerZero team said, “Operating a single-point-of-failure configuration meant there was no independent verifier to catch and reject a forged message.”

Meanwhile, KelpDAO is preparing to dispute LayerZero’s account and place the blame on the latter, per a CoinDesk report.

Spilling over

The exploit has since impacted the wider crypto landscape.

The attackers successfully drained 116,500 rsETH from KelpDAO’s bridge, allowing them to deposit $249.7 million of the token to DeFi’s largest lending protocols and withdraw $228.2 million worth of different cryptocurrencies, wETH and wstETH, on-chain data from Arkham Intelligence shows.

Aave, the largest lending protocol, has frozen several markets and is now facing a liquidity crunch.

On Aave’s v3, the ETH, USDT, and USDC markets, which have a combined reserve size of $10.7 billion, have each reached a 100% utilization rate, as total borrowed equals total supplied. When borrows are maxed, users cannot withdraw their supplied liquidity.

The pseudonymous head of strategy at DeFi lending platform Spark, @MonetSupply, wrote on X, “There has been a ~$300 million increase in borrowing with USDT collateral in just the past day since the rsETH exploit.”

On-chain folks are spooked

The attack comes in the same month that Drift, a solana-based trading venue, suffered from an over $270 million hack. Saturday’s attack also follows worries stemming from Anthropic’s unreleased AI model Mythos, which “is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system.”

Even though the major cryptocurrencies have not seen their prices move substantially in the last 24 hours, crypto participants have been spooked, evident by the capital exiting the decentralized finance ecosystem.

DeFi saw its total value locked decrease by $13 billion over the weekend to $85.64 billion at the time of writing, its lowest point since April last year, data from DefiLlama shows.

“OK — Kelpdao hacker, how much you want? Let’s just talk. With KelpDAO’s help, of course. It’s simply not worth it to sacrifice both Aave and KelpDAO and let them go down over this hack. You can’t spend $300 million anyway,” said Justin Sun, founder of the Tron blockchain, who has been beefing with the President Trump-backed World Liberty team.

Yaël Bizouati-Kennedy

DATS the Question

23h

Strategy overtakes BlackRock in bitcoin holdings as digital treasury landscape weakens

With its latest acquisition of 34,164 bitcoin, Strategy now holds 815,061 bitcoin — about 4% of the total bitcoin supply.

Yaël Bizouati-Kennedy4/17/26

Bitcoin jumps to highest level since February, boosted by optimism over reopening of Strait of Hormuz

Bitcoin finally broke out of the tight range it’s been stuck in for weeks, rising to just below the $78,000 mark, a level not reached since early February, as risk-on sentiment floods back into the market.

The jump comes on the heels of Iran and the US announcing the reopening of the Strait of Hormuz on Friday morning, which sent oil prices down and the stock market higher.

The renewed optimism for a deal with Iran and the end of the Middle East conflict also sent crypto stocks jumping, with Strategy, the largest corporate bitcoin holder, up more than 13% late Friday morning.

Wave Digital Assets’ head of international portfolio management, Rajiv Sawhney, told Sherwood News that it’s all about the Strait of Hormuz. “Markets are interpreting it as a win. It’s a knee-jerk reaction given positioning and expectations. As such, while bitcoin was able to tick higher, the $80K level will be the real barometer we need to cross for me to feel confident that this relief rally has legs,” he said, adding that until then, he’s remaining cautiously optimistic that risk assets can close at these levels.

Nic Puckrin, cofounder of Coin Bureau, told Sherwood that we’re seeing a classic short squeeze as heavy short positions in bitcoin are being liquidated, adding that the next resistance level to watch is $79,000.

“If we get past that and close the week above this level, $90k becomes a real possibility in the medium term. However, if the rally gets rejected at this level, we could remain stuck in the range between $65k and $75k that held bitcoin hostage for months,” Puckrin added.

Underscoring the cautious comeback, Bloomberg reported that from a derivatives market perspective, “traders remain largely defensive.”

“Funding rates for perpetual futures contracts, a key measure of whether leveraged traders are betting on higher or lower prices, were negative. Hefty premiums are also being paid for put options providing downside protections at $60,000 and $50,000, respectively,” Bloomberg reported.

Bitfinex analysts told Sherwood that the liquidation heat map shows dense shorts leverage stacked between $76,000 and $78,000.

“Clearing this range opens a substantial air gap in the unspent realized price distribution up to $82,000,” they said, adding that the next level they are watching is $83,000, a “significant wall at the short-term holder realized price.”

Yaël Bizouati-Kennedy

4/16/26

Bitcoin nears key level that capped previous January rally

A CryptoQuant report noted that $76,800 is a break-even point for many traders, which has “acted as a powerful bear market resistance level.”

Sage D. Young4/15/26

OP token rises after payments card provider Ether.fi finalizes migration to the layer 2 network

OP, the governance token for OP Mainnet, has increased as much as 5% since Tuesday night following news that Ether.fi, a decentralized finance protocol known for providing noncustodial crypto payment cards, completed its migration to the ethereum layer 2 blockchain network.

Ether.fi’s move resulted in around $220 million in total value locked coming to OP Mainnet, the largest single TVL event in the network’s history, as well as over 70,000 payment cards and more than 300,000 accounts, according to a blog post from Ether.fi.

Originally on alternative layer 2 network Scroll, Ether.fi made the switch to OP Mainnet due to lower median transaction fees of $0.00001 and sub-250-millisecond finality times.

“To ship what comes next, we needed infrastructure that could handle real-time payments at consumer volume,” Ether.fi CEO Mike Silagadze told Sherwood News. “OP Mainnet delivered on every dimension. Three days to migrate $220M with no downtime answered the question. Now we get to build.”

The migration comes about two months after Coinbase-incubated blockchain Base announced moving away from Optimism’s OP Stack.

Latest Stories

Sherwood Media, LLC produces fresh and unique perspectives on topical financial news and is a fully owned subsidiary of Robinhood Markets, Inc., and any views expressed here do not necessarily reflect the views of any other Robinhood affiliate, including Robinhood Markets, Inc., Robinhood Financial LLC, Robinhood Securities, LLC, Robinhood Crypto, LLC, Robinhood Derivatives, LLC, or Robinhood Money, LLC. Futures and event contracts are offered through Robinhood Derivatives, LLC.