French prosecutors recently charged 88 people in connection with 12 violent robberies targeting cryptocurrency holders. Investigators found that some suspects were involved in multiple incidents — suggesting organized criminal networks, not opportunistic one-offs.
These are what the security community calls "wrench attacks." The name comes from an uncomfortable truth: no encryption algorithm protects you from a physical threat. A criminal doesn't need to crack your seed phrase. They just need to threaten you until you hand over your wallet.
This isn't a French problem. It's a crypto problem — and one the industry still hasn't adequately addressed.
---
What a Wrench Attack Actually Looks Like
The term is darkly simple. Where a hacker breaks through your firewall, a wrench attacker breaks through your front door.
These are home invasions, kidnappings, and armed confrontations where victims are coerced — through violence or the credible threat of it — into transferring their digital assets on the spot. Crypto's core feature, irreversibility, becomes the attacker's greatest advantage. Once those funds move, they're gone.
The French investigation illustrates how professionalized this threat has become. Eighty-eight charged individuals across 12 attacks means these weren't random crimes of opportunity. Suspects were linked to multiple incidents, pointing to coordinated networks with repeatable playbooks. The targets weren't selected randomly either — they were people known, or strongly suspected, to hold significant crypto.
Which raises the obvious question: how did attackers know?
---
The OPSEC Problem No One Talks About
Operational security — OPSEC — is the discipline of controlling what information you reveal about yourself. In crypto, most OPSEC advice focuses on digital hygiene: don't reuse passwords, use a hardware wallet, enable two-factor authentication. That advice is sound. It also misses half the threat model.
Physical attackers typically learn about targets through a small set of channels:
Social media and public forums. Posting about gains, showing off hardware wallets, discussing holdings in Discord or Telegram, or even using a recognizable username across platforms all create trails. Screenshots circulate. Metadata leaks. Someone is always watching.
Exchange and platform data breaches. When exchanges are compromised, KYC records — including names, addresses, and in some cases account balances — can end up in criminal marketplaces. If your home address is linked to a large holding, it may exist somewhere you don't control.
Real-world visibility. Talking about crypto holdings at local events, with acquaintances, or in professional settings creates word-of-mouth exposure. In tight communities, word travels.
On-chain analytics. Wallet addresses linked to public identities — through ENS names, Twitter bio links, or forum posts — can be traced by anyone willing to spend an afternoon on a block explorer. Large balances sitting in transparent wallets are visible to the entire world.
None of these are hypothetical. They're documented vectors in real attacks.
---
How to Reduce Your Physical Attack Surface
The goal is not paranoia. It's asymmetry — making yourself a harder target than the next person without disrupting your life.
Don't disclose holdings publicly. This seems obvious. It isn't practiced. The impulse to share wins, losses, and portfolio milestones is powerful. Resist it on any platform where your real identity is attached, or where pseudonymity can be peeled back. Your financial life is not a content strategy.
Separate your on-chain identity from your real identity. If you use ENS names, link wallets in public profiles, or post wallet addresses for donations or payments, those addresses can be analyzed. Keep wallets you use for public activity separate from wallets where you hold significant assets.
Use multi-signature custody for large holdings. A multisig setup requires multiple keys — stored in multiple locations — to authorize a transaction. Under physical duress, handing over one key or one seed phrase isn't enough for an attacker to clean you out. This is meaningful structural protection, not just a technical nicety.
Hardware wallets with passphrase layers. A strong passphrase on top of your seed phrase creates a hidden wallet. An attacker who gets your seed phrase without the passphrase sees a near-empty account. The real holdings stay protected. This is a legitimate defensive technique — but it requires discipline, because losing the passphrase means losing access yourself.
Consider geographic distribution. Keeping backup seed phrases or secondary keys in different physical locations — a safe deposit box, a trusted family member's home, a fireproof safe at a separate property — reduces the risk that a single event compromises everything.
Don't answer the door on holdings. If you're asked by anyone — service providers, new acquaintances, people at crypto meetups — whether you hold crypto and how much, the answer is nothing specific. "A little" is a full sentence. "None, actually" is also fine.
---
The Institutional Custody Parallel
This threat isn't limited to individuals. Ripple recently highlighted that institutional adoption is moving from pilots to production — stablecoins entering treasury workflows, real-world assets being tokenized, banks building digital asset platforms. Alongside that, custody has become a formal business requirement.
For institutions, the wrench attack risk manifests differently: it's insider threats, social engineering against staff with key access, and physical security of data centers and key management hardware. The same discipline applies — minimize who knows what, distribute key control, ensure no single person can be coerced into authorizing a transfer alone.
The French crackdown is notable because law enforcement is taking these attacks seriously at scale. That's a positive development. But the 88 people charged didn't prevent the 12 robberies from happening. Deterrence after the fact isn't protection before it.
---
The Grounded Takeaway
Crypto's decentralization means there's no bank to call, no dispute resolution process, no fraud department. That freedom comes with a corresponding responsibility that most holders underestimate: you are your own security perimeter, physical as well as digital.
The attackers targeting crypto holders in France weren't sophisticated hackers. They were people who identified targets, showed up, and applied pressure. Your hardware wallet is irrelevant if someone is standing in your living room.
Review your OPSEC. Reduce your public surface area. Structure your holdings so that no single point of access — physical or digital — puts everything at risk. The technology to protect yourself exists. The habits are what most people skip.
---