CertiK Releases Skynet Report: "Wrench Attacks" Surge 75% in 2025, Physical Violence Emerges as Major Threat in Crypto Sector
- Core Insight: The CertiK report indicates that physical coercion attacks ("wrench attacks") against cryptocurrency holders have transitioned from isolated incidents to a structural risk. Their trend towards professionalization and industrialization is significant, establishing them as a distinct and increasingly severe type of crime within the crypto ecosystem.
- Key Findings:
- Globally, 72 wrench attack incidents were recorded in 2025, a 75% year-on-year increase, with confirmed losses exceeding $40.9 million. However, the actual scale is likely severely underestimated.
- Attack methods have escalated in violence, with kidnapping becoming mainstream. Direct physical assault incidents surged by 250% year-on-year. Europe has become a high-risk region, with France recording the highest number of incidents globally.
- Attack patterns show characteristics of professionalization and industrialization. Criminal organizations conduct meticulous planning using open-source intelligence and employ professional equipment to isolate victims from the outside world.
- Attack targets are broadening. They are not only aimed at high-value individuals like industry executives but also at individuals holding smaller amounts. There is also frequent exploitation of "associated targets" to apply psychological pressure.
- The report recommends individuals adopt strategies such as "decoy wallets" and geographically separating seed phrases. Institutions should deploy technical measures like multi-signature wallets and timelocks, and extend security training to employees' family members.
On February 2nd, CertiK, the world's largest Web3 security company, released its "Skynet Wrench Attack Report," highlighting that physical violence targeting cryptocurrency holders has evolved from isolated extreme cases into a structural risk. As security measures for crypto assets continue to strengthen, this attack method, which bypasses technical defenses to directly target the "person," is rapidly spreading.
The report indicates that 2025 saw 72 verified wrench attack incidents globally, a 75% increase from 2024. So-called "wrench attacks" refer to attackers using physical means such as violence, intimidation, or kidnapping to force victims to surrender private keys or passwords. These attacks do not rely on technical vulnerabilities but directly target the individuals behind the crypto assets.
Significant Escalation in Violence, Europe Emerges as High-Risk Region
In terms of attack patterns, wrench attacks in 2025 showed a clear trend of escalating violence. The report notes that kidnapping remained the primary attack vector, with 25 incidents throughout the year; direct physical assault incidents increased by 250% year-over-year, becoming one of the most concerning developments.
Geographically, Europe became the highest-risk region globally for the first time. In 2025, Europe accounted for over 40% of known global incidents, with France recording the highest number of attacks worldwide, surpassing the United States. CertiK's report points out that this shift does not mean risks have disappeared in North America but reflects the spread of such crimes to regions with more complex legal environments and higher costs for cross-border collaboration.
Losses Exceed $40 Million, True Scale Likely Severely Underestimated
Financially, confirmed losses related to wrench attacks in 2025 exceeded $40.9 million, a 44% year-over-year increase. However, the report warns that due to factors like low victim reporting rates, fear of retaliation, and some assets being tied to tax evasion or gray areas, this figure is likely just the "tip of the iceberg."
By comparing attack patterns, the report found that wrench attacks in 2025 have completely shed their earlier speculative and sporadic characteristics, entering a phase of professionalized, industrialized operation. Attackers often operate as transnational criminal groups, typically conducting weeks of preparation before an attack. They combine Open-Source Intelligence (OSINT) to analyze a target's digital footprint, identify weak defense periods, and even deploy professional equipment like signal jammers and Faraday bags to cut off the victim's communication.
Notably, attackers' targets are broadening. While industry executives and project founders remain high-value targets, attackers are now also targeting individuals with smaller holdings. Furthermore, attackers are increasingly leveraging "associated targets," applying psychological pressure by threatening the victim's spouse, children, or parents.
How to Counter Physical Threats? Security Recommendations for Individuals and Institutions
As technical security standards continue to rise, "cracking the system" is becoming increasingly difficult, while "coercing the individual" is lower-cost and more efficient. This paradox makes personal safety the weakest and most easily overlooked link in the current crypto ecosystem.
The report proposes a series of security recommendations for individuals and institutions. At the individual level, it suggests using "decoy wallets" to reduce potential losses from coercion, geographically isolating seed phrase storage, and removing crypto apps from daily-use devices to mitigate risk. At the institutional level, it emphasizes employing technical measures like multi-signature mechanisms, time-lock contracts, and transaction friction mechanisms, while also extending security training to employees' families.
In its conclusion, CertiK emphasizes that the 2025 landscape shows wrench attacks have become a distinct crime category within the crypto ecosystem. Relying solely on seed phrase security models is no longer sufficient to address the risk. The key challenge for the industry's future development may be evolving from "protecting assets" to "protecting people," using institutional design to reduce the feasibility of coercive acts.
Report link: https://indd.adobe.com/view/6399f4eb-e37c-485d-a225-a7a1fc68914f
