A Tennessee Crew Just Got Indicted for $6.5M in Home Invasions. The U.S. Wrench Attack Wave Has a Federal Docket Now.

On May 12, 2026, a U.S. federal grand jury indicted three men from the Nashville area — Elijah Armstrong, 21; Nino Chindavanh, 21; and Jayden Rucker, 25 — for a multi-city home invasion spree that targeted cryptocurrency holders across California between November 22 and December 31 of last year. The alleged take: more than $6.5 million in digital assets, extracted across San Francisco, San Jose, Sunnyvale, and Los Angeles in a little over five weeks. Prosecutors say the crew posed as delivery workers to gain entry, then used firearms, duct tape, and zip ties to restrain victims while demanding access to wallets and seed phrases. Two of the defendants appeared in federal court on the day of the indictment for appointment of counsel. The third is scheduled for a June status hearing.

The indictment landed as the latest data point in a story that has accelerated sharply through the first half of 2026. CertiK's mid-year wrench attack overview, published earlier this month, tallies $101 million in losses to physical coercion attacks on cryptocurrency holders in just the first four months of the year — a 41 percent increase over the same period in 2025. Thirty-four verified incidents globally so far, with the United States increasingly figuring alongside France, Spain, and Sweden as a serious flashpoint. The trajectory puts 2026 on pace for an estimated 130 attacks for the full year and several hundred million dollars in losses.

What makes the current wave structurally different from earlier years is the operational professionalism. The Tennessee defendants are alleged to have spent more than five weeks running a coordinated cross-country campaign — researching targets, traveling between victims, using consistent tactics. The "delivery worker" entry vector is particularly clean: it exploits a routine that nearly every American household participates in dozens of times a year. By the time the victim realizes the person at the door isn't bringing food, the entry is already made and the firearm is already drawn. This is not a smash-and-grab. It is a planned operation designed around the fact that the most valuable item in the house can be moved by typing a small number of words into a phone.

The Tennessee crew is one of several cases that have moved wrench attacks from a primarily European story to an American one. The 2025 SoHo kidnapping in Manhattan — in which a victim was held in an eight-bedroom townhouse for more than two weeks, allegedly tortured, and pressed to give up a Bitcoin password before he escaped — was the case that first broke through to general U.S. news coverage. At the time, it read as an exceptional incident. The May 2026 indictment of the Tennessee crew is the evidence that what looked like an outlier was actually a leading indicator. The pattern is now in the federal court system, with named defendants, multi-jurisdictional reach, and discovery that will produce a documented playbook for future cases to study.

The conventional self-custody response to physical attacks is operational: don't talk about your holdings, scrub social media, vary your routines, install cameras, vet anyone who knows your address. All of that advice is sound. It is also addressing the wrong layer of the problem. The vulnerability that wrench attacks exploit is not, fundamentally, that some people know you own Bitcoin. It is that there exists, somewhere in your possession or accessible to you under duress, a complete representation of the secret that controls your coins. If that representation exists in a single location that you can reach, then sufficient physical pressure on you can extract it. Cameras and discretion raise the cost of the attack. They do not change its eventual feasibility against a determined adversary who has already decided you are the target.

The architectural answer is to make the secret non-extractable from any single person, including you. With Shamir's Secret Sharing, your encrypted seed phrase is split into shares distributed to threshold custodians in geographically and organizationally distinct locations. Any threshold of shares — for example, 3 of 5 — can reconstruct the secret. Fewer than the threshold reveals provably nothing: not statistically nothing, not computationally nothing, but information-theoretically nothing. With fewer shares than the threshold, every possible secret is equally consistent with what an attacker has. There is no signal to extract, no partial leak to exploit, no foothold for an interrogator who is patient or brutal enough. The mathematics is the security guarantee, not a policy or a promise.

In a wrench attack scenario, this property is sometimes described as "credible inability to comply." If you genuinely cannot reconstruct your seed phrase alone — because the cryptographic shares are held by other people in other locations, and you have no immediate way to compel those people to cooperate on demand — then no amount of pressure applied to you can produce what you cannot produce. A rational adversary who understands this calculus has no incentive to continue the attack. There is no extraction path through the person they are holding. The geometry of the threat collapses, and the attacker's only options are to leave or to escalate into something that doesn't yield anything for them either.

In practice, the architecture looks unremarkable. A 3-of-5 split distributed across, for example, a spouse in another household, an attorney in another state, a sibling on another coast, a sealed envelope in a safety deposit box, and a printed share in a home safe. An attacker who has gained entry to one residence and is holding one person at gunpoint cannot reach the threshold of those shares without coordinating multiple independent, organizationally distinct compromises across jurisdictions — a categorically harder problem than a single home invasion. The threshold also makes the worst-case outcome bounded in a way single-key custody never can be. Even in scenarios where an attacker eventually forces a victim to call other share holders and request reconstruction, the additional time, communication, and coordination needed creates multiple opportunities for the situation to be interrupted. Single-seed custody offers no such windows: once the seed is given up, the transfer is complete in the time it takes to type the words into a wallet.

The Tennessee indictment will move through the federal court system over the coming months. CertiK's next report will almost certainly show more incidents, more dollars, more jurisdictions. The pattern is now reliably ahead of the regulatory and law enforcement response, and it will be for the foreseeable future, because the underlying incentive — extracting bearer assets from individuals through physical pressure — scales naturally with the value of the assets and the visibility of the holders. Binance launching "Withdraw Protection" on May 4, which lets users block outgoing transfers for one to seven days, is a meaningful exchange-side mitigation, but it addresses custodial balances, not the self-custodied coins that wrench attackers increasingly target.

What is not scaling, and does not need to, is the architectural argument. Adi Shamir published the mathematics for threshold secret sharing in 1979. The technique has been operationally accessible to individuals through open-source software for years. The reason every Bitcoin holder has not adopted it is not that the math is contested or the tools are unavailable. It is that the single-seed habit is deeply established, the upfront effort of splitting and distributing shares is real, and the cost of not doing it is only visible in retrospect — after the worst case has happened, in a hospital room or a courtroom or a press conference.

The Tennessee defendants did not break Bitcoin. They exploited the fact that the people they targeted held their entire secret in a place that one armed entry could reach. That is a fixable architectural condition. It is also still the default condition for the majority of individual self-custodians.

seQRets is built on exactly this conviction. Encrypted seed phrase, split into QR-encoded shares, distributed across independent locations. No servers, no accounts, no proprietary lock-in. The same threshold mathematics that the news keeps pointing toward in the language of "credible inability to comply" — applied to the Bitcoin you actually hold and the people you actually care about protecting. The U.S. wave is here. The architecture that answers it has been here since 1979.