The conversation around cryptocurrency security has been dominated for years by one word: hacking. Firewalls, cold wallets, multi-signature protocols, seed phrase management - the entire protective infrastructure was designed to defend against digital intrusion. But the threat landscape has shifted. And the shift is not digital. It is physical. Criminals have realized something that the industry has been slow to acknowledge: it does not matter how sophisticated your encryption is if someone can force you to unlock your wallet at gunpoint.
March 3, 2026
The Rise of Physical Attacks on Crypto Holders
2025 marked a turning point. According to blockchain security firm CertiK, verified physical coercion incidents targeting cryptocurrency holders rose 75% year-over-year - from 41 confirmed cases in 2024 to 72 globally. Physical assaults surged by 250%, and losses from these attacks exceeded $40 million - though the true figure is almost certainly far higher due to underreporting and silent settlements. Kidnapping remained the most common tactic, accounting for 25 incidents in 2025, a 66% increase over the prior year.
These are not abstract statistics. They represent families woken at night by armed intruders. Executives ambushed during their daily commute. Parents held at gunpoint in front of their children.
Recent incidents have taken place in France, the United States, the United Kingdom, Canada, Southeast Asia, and the UAE.
Canada Is Not Exempt
In November 2024, the CEO of WonderFi - Canada's largest regulated crypto trading platform - was kidnapped in broad daylight from downtown Toronto during rush hour. He was forced into a vehicle and released only after a $1 million ransom was paid electronically. It happened on the same day Bitcoin hit a record high.
In British Columbia, a cryptocurrency investor and his family were held overnight by masked intruders who subjected them to sustained violence, threats, and coercion - all to access approximately $2 million in Bitcoin. The attack was meticulously planned, reflecting detailed knowledge of their names, family structure, crypto holdings, children's schedules, and property locations.
Ontario's so-called "Crypto King," Aiden Pleterski, was kidnapped and tortured in 2022 by individuals who believed he owed them money. The case revealed how public visibility and perceived crypto wealth can create a target profile that attracts organized violence.
These are not isolated events. They are indicators of a pattern - one that is accelerating.
Why Crypto Holders Are Uniquely Vulnerable
There are structural reasons why individuals with cryptocurrency holdings face a different kind of risk than traditional wealth holders.
Transferability. Unlike a bank account or stock portfolio, cryptocurrency can be moved in minutes - irreversibly - from anywhere in the world. There is no bank to call, no freeze to request, no intermediary to block the transaction. This makes crypto an ideal target for coercion-based theft.
Visibility. The crypto ecosystem rewards public presence. Founders post about their ventures. Investors display their returns. Influencers build followings around their portfolios. Social media creates a map of perceived wealth that is freely available to anyone - including those with criminal intent.
Lack of institutional protection. A traditional financial executive has layers of corporate security infrastructure. Most crypto holders - even those managing millions - have none. No security team, no threat assessment, no access control, no emergency protocol. Their most valuable asset sits on a device in their pocket, often accessible with a single passcode.
Regulatory gaps. In Canada specifically, crypto holders face additional exposure. Concealed carry permits are functionally unavailable. Self-defence tools are tightly restricted. Law enforcement response to crypto-related crime is still developing its investigative capability. The burden of protection falls almost entirely on the individual.
The Anatomy of a Wrench Attack
The term "wrench attack" - named after a now-famous webcomic - describes a simple principle: no amount of cryptographic security can protect against physical force applied to the person holding the keys.
These attacks are increasingly sophisticated. They are not crimes of opportunity. Perpetrators conduct advance surveillance, study public records and social media, map daily routines, and identify family vulnerabilities before executing.
Common patterns include:
Home invasions. Armed intruders enter a residence at night, restrain family members, and use threats - sometimes against children or spouses - to compel wallet access. These are often pre-planned with detailed reconnaissance of the property and household.
Street-level abductions. Targets are grabbed in public, forced into vehicles, and held in secondary locations until payment is confirmed. The WonderFi case in Toronto followed this pattern precisely.
Social engineering to physical access. Some attackers pose as delivery drivers, ride-share operators, or service providers to gain proximity before attacking. In one documented case, a criminal posed as an Uber driver and drugged the victim before draining over $120,000 in cryptocurrency from their phone.
Family targeting. Increasingly, attackers go after not the crypto holder themselves, but their relatives - children, spouses, parents - using their safety as leverage. In France, multiple incidents in 2025 targeted family members of known crypto executives, including attempted abductions of children.
The Profile of a Target
It is critical to understand that attackers are no longer only targeting crypto billionaires or exchange founders. The net is widening.
Targets now include individuals with modest holdings who have made the mistake of public association with cryptocurrency - through social media posts, conference appearances, community forums, or even public spending patterns.
The qualifying criteria for a target is simple: perceived access to crypto assets, plus insufficient physical security, plus an identifiable routine.
In many cases, the attackers' estimate of their target's wealth is wildly inaccurate. But by the time that becomes clear, the violence has already occurred.
Wrench attacks on smaller crypto holders will likely increase further with crypto adoption and the expansion of crypto physical infrastructure - ATMs, in-person exchange offices, and payment terminals.
What Responsible Protection Looks Like
The standard advice in the crypto community - "don't talk about your holdings" - is a starting point, but it is not a security plan. Discretion reduces exposure. It does not eliminate risk.
For individuals and families in the crypto space, responsible protection requires a layered approach:
Threat and vulnerability assessment. Understanding what an attacker would see when they look at you - your digital footprint, your physical routines, your home's exposure, your family's patterns. This is the foundation of any credible security posture.
Operational security discipline. Managing what information is publicly available about your identity, location, holdings, and daily movements. This extends beyond social media to public records, corporate filings, event attendance, and personal networks.
Residential hardening. Physical security measures at the home level - access control, surveillance, intrusion detection, secure rooms, and rapid response protocols. The home is the most common attack site, and the one most often left unprotected.
Close protection and response capability. For higher-risk individuals, professional protection officers and structured response protocols are not a luxury. They are a baseline requirement proportional to the threat profile.
Family security awareness. The people closest to a crypto holder are often the most vulnerable. Spouses, children, and household staff need to understand the basics of situational awareness, communication protocols, and emergency response - without creating a climate of fear.
A New Category of Risk Demands a New Category of Response
The security industry has not yet fully caught up to this threat. Traditional residential security companies are designed around property protection - alarms, cameras, guard patrols. They are not designed to counter targeted, intelligence-driven attacks against individuals.
What is required is a protection model that integrates physical presence, technological surveillance, intelligence gathering, and rapid response into a single, coordinated system - one that is proactive rather than reactive, and one that understands the specific dynamics of crypto-related threats.
The threat to cryptocurrency holders is real, it is growing, and it has arrived in Canada. The question is no longer whether individuals in this space need professional protection. The question is whether they will act on that need before circumstances force the decision for them.
