Cryptocurrency has transformed the financial landscape. It offers freedom, accessibility, and the potential to generate significant wealth. This has created new risks – not only to systems, but to people, says Gavin Wilson, Director of Physical Security and Risk at the consultancy, Toro Solutions
As security systems improve, criminals have changed their focus. Instead of hacking platforms, they’re targeting the people who control the assets. Executives, traders, content creators, and even family members have become high-value targets. It’s often easier to pressure a person than to break through an encrypted system.
People are the path of least resistance
Strong passwords, multi-factor authentication, and encrypted wallets all help, but they don’t matter if someone with access can be intimidated or manipulated. Attackers know this. They study routines, track social media posts, and monitor public appearances. They look for vulnerabilities in human behaviour. For criminals, targeting an individual is faster, cheaper, and more effective than trying to breach a secured exchange.
Over the past 18 months, reports show a sharp increase in kidnappings and physical attacks involving crypto holders. At least 231 incidents have been documented worldwide, including abductions, home invasions, and violent coercion. Six of those attacks were fatal. This surge demonstrates a clear shift in criminal tactics. As platforms have grown more secure, attackers are now going after the people who control the assets.
Rise of human targeted attacks
Across the globe, attacks against crypto holders increasingly involve physical coercion, often in the form of wrench attacks, in which victims are threatened with immediate violence to force them to surrender access to their digital assets.
In Cambridge, Canada, a young man was abducted at gunpoint and forced to transfer cryptocurrency to an attacker. In Paris, a CEO’s daughter and grandson were targeted in a failed abduction attempt. In Manhattan, New York, a 28-year-old Italian crypto investor was lured to a luxury Soho townhouse and held captive for 17 days. During this period, the victim endured electrical shocks, pistol-whipping, and cuts from a saw. The attackers used physical coercion to force him to reveal his Bitcoin password – however, the victim ultimately escaped and alerted authorities.
Each of these cases shares a common theme. Criminals are targeting people rather than systems because it provides the most direct route to the assets. This approach is now a significant risk factor for executives and staff alike. Executives are obvious targets because of their public profiles, media exposure, and company affiliations. Staff with access to wallets or trading accounts are also at risk. Attackers may attempt to bypass internal controls by manipulating employees or exploiting predictable behaviours. Laptops and cold wallets are portable and vulnerable. Even minor lapses, such as leaving a laptop logged in while stepping away, can provide attackers with immediate access.
Family members are another area of vulnerability. Spouses, parents, and children may be targeted to apply emotional pressure. Criminals know that people will often act to protect loved ones, making coercion far more effective than hacking a secure system.
How criminals exploit path of least resistance
Modern attacks combine digital reconnaissance with physical surveillance and coercion. Criminals gather information from social media, public events, and online information. They then apply pressure where it will be most effective. Common tactics include:
- Kidnappings and coercion: Victims are compelled to disclose wallet credentials, grant account access, and transfer their digital assets.
- Social engineering and spiking: Not all attacks rely just rely on violence. Criminals impersonate trusted contacts or service providers to incapacitate victims and access devices.
- Opportunistic theft: Laptops and wallets are stolen from public spaces such as cafes, co-working offices, or airports.
- Online manipulation: Fake exchange websites, phishing, address spoofing, and scam giveaways trick victims into transferring funds.
Between 2022 and 2025, physical attacks on cryptocurrency holders resulted in over $166 million in losses, with kidnappings alone accounting for $128 million, according to TRM Labs. The rising value of cryptocurrency makes these attacks increasingly lucrative and is continuing to encourage attackers to refine their methods and not push at all angles until they succeed.
Layered security
Protecting cryptocurrency now requires more than technical safeguards. Security must be layered. Digital controls, operational practices, physical protection, and managing digital footprints must work together to reduce risk.
Technical Controls:
- Use multi-signature wallets that need multiple approvals before transactions can go through.
- Consider multi-party computation (MPC) to spread private keys across multiple devices or people.
Operational Practices:
- Avoid publicly linking your real identity to crypto holdings.
- Separate wallets for different uses – personal, professional, high-value.
- Change travel patterns and workspace routines to stay unpredictable.
Physical Protection:
- Don’t access wallets in public places.
- High-risk individuals should consider professional security or protective measures.
- Secure homes and offices with layered defences and safe storage.
Your online presence is now one of your biggest vulnerabilities.
Criminals gather information from social media, public events, online forums, and even seemingly harmless posts about hobbies, travel, events or routines. This intelligence allows them to plan kidnappings, coercion, or wrench attacks with precision.
Family members are especially at risk. A single public post showing a child’s school, a spouse’s workplace, or a vacation plan can be exploited. Threats against loved ones dramatically increase the likelihood a crypto holder will comply, regardless of how secure the wallet is.
Key practices for managing your digital footprint
- Conduct a thorough digital footprint review: Examine social media, blogs, forums, and any public mentions. Identify information about routines, locations, relationships, and crypto involvement.
- Remove sensitive information: Delete posts or metadata revealing schedules, addresses, family details, or device use patterns.
- Assess family exposure: Ensure family members understand what they share online. Avoid publicly disclosing identifiable information such as addresses, crypto holdings or routines.
- Limit public-facing crypto associations: Avoid sharing wallet addresses, transaction histories, or platform affiliations.
- Use digital pseudonymity: Separate identities for crypto activity help prevent attackers from linking assets to you or your family.
- Think like an attacker: Always ask yourself – If someone wanted to target me, what could they learn from this post?
Digital footprint management should now be core component of layered crypto security, to protect both you and your family.
The rise in attacks targeting crypto holders is a wake-up call – securing your digital assets isn’t just about wallets and passwords anymore. Criminals are going after the people behind the assets and anyone with access, from executives to family members, can be a target.
Staying safe means thinking beyond technology. It means layering protections – strong digital security, careful operational habits, physical safeguards, and managing what you share online. Each layer reduces risk and makes it harder for attackers to find an easy way in. The real risk isn’t the wallet it’s the person who controls it.
