A dramatic armed robbery in San Francisco underscores a growing global threat to cryptocurrency holders: violent “wrench attacks,” where attackers use force to seize digital assets.
In the latest incident, an assailant posing as a delivery worker stole $11 million in Bitcoin (BTC) and Ethereum (ETH) from a home linked to tech investor Lachy Groom’s former partner. The ordeal lasted approximately 90 minutes, and the victim suffered minor injuries. No arrests have yet been made.
“This wasn’t a random smash-and-grab,” said security consultant Mario Nawfal.
According to police reports and local media, the suspect arrived at a $4.4 million Dorland Street residence under the guise of a UPS delivery. After requesting a pen, the attacker drew a firearm, restrained the victim with duct tape, and forced him to unlock wallets containing crypto assets, along with seizing a phone and laptop.
“It was an organized crime extraction targeting wealthy crypto holders. Self-custody works until someone comes to your door with a fake delivery label and a gun.” added Mario Nawfal
Robber posing as a delivery driver steals $11,000,000 in crypto after pulling a gun and duct-taping the victim in San Francisco pic.twitter.com/Jny8HfVvGC
— BAY AREA STATE OF MIND (@YayAreaNews) November 24, 2025
A rising global trend
France has seen multiple cases, including abductions of individuals to gain access to hardware wallets. In Israel, a Tel Aviv resident was tortured for passwords, losing $600,000 in crypto and valuables. Russian crypto trader Roman Novak and his wife were reportedly murdered in the UAE following an abduction aimed at accessing his holdings.
Australian crypto billionaire Tim Heath of Yolo Group narrowly escaped a kidnapping in Tallinn by biting off part of his attacker’s finger, allowing him to flee.
These attacks exploit the irreversible nature of blockchain transactions, which criminals see as a low-risk method to convert digital assets quickly. Public displays of wealth and easily accessible personal information online further increase vulnerability.
The San Francisco case is part of an alarming rise in violent crypto thefts worldwide. Experts have documented over 60 wrench attacks in 2025 alone, nearly doubling incidents from the previous year.
The last crypto wrench attack is not looking good
— StarPlatinum (@StarPlatinum_) November 25, 2025
Here’s what happened:
november 23, 2025: san francisco
- tech investor known as “Joshua” lives in a $4.4M house
- Mission Dolores, one of the richest zones in the city
- area known for founders, visible money and public… pic.twitter.com/mKTMYmg8Mr
Phil Ariss, Director at TRM Labs, noted:
“A common thread is victim profiling via social media. Attackers analyze posts and transactions to identify likely targets, focusing on peer-to-peer trades or public displays of wealth.”
Why wrench attacks work
Physical coercion allows attackers to bypass standard security measures. Unlike digital-only hacks, forced transfers can move crypto within minutes, often routed through privacy-focused services to prevent tracing. Investigators respond by targeting hardware devices, tracking wallets in real-time, and securing remaining assets in exchanges, but recovery remains challenging.
Data leaks compound the risk.
Reports from the Baltic Honeybadger 2025 conference points to over 80 million crypto user identities exposed online, with 2.2 million including home addresses. These breaches originate from exchange hacks, phishing campaigns, and careless public sharing, providing criminals the information needed to target victims.
Industry and regulatory response
The crypto sector is increasingly aware of these threats. Alena Vranova, founder of SatoshiLabs, highlighted the urgent need for better security following revelations of exposed personal data. Hardware wallets, multi-signature setups, and private custody solutions are being recommended to mitigate physical risks.
Regulatory frameworks are also evolving. The EU’s Markets in Crypto-Assets (MiCA) law, effective December 2024, mandates licensing, anti-money laundering protocols, and consumer protection standards for exchanges and wallet providers.
While designed primarily to prevent fraud, such measures indirectly strengthen security against coercive attacks.
Crypto insurers have begun offering policies covering kidnapping, extortion, and theft, signaling market adaptation to new physical threats.
Oleksii Shumak
Disclaimer: All materials on this site are for informational purposes only. None of the material should be interpreted as investment advice. Please note that despite the nature of much of the material created and hosted on this website, HODL FM is not a financial reference resource, and the opinions of authors and other contributors are their own and should not be taken as financial advice. If you require advice. HODL FM strongly recommends contacting a qualified industry professional.
