The $5 Wrench Problem: Why Physical Attacks on Bitcoin Holders Are Surging

There's a well-known joke in security circles: no cryptographic algorithm can withstand a $5 wrench. You can have the best hardware wallet, the strongest passphrase, and air-gapped signing ceremonies — but if someone is willing to threaten you with physical harm, your security model has a gaping hole.

That joke stopped being funny in 2025. According to a report by CertiK, wrench attacks — physical assaults aimed at coercing crypto holders into surrendering their private keys — jumped 75% from the prior year, with 72 confirmed incidents worldwide. Losses exceeded $40 million. The attacks ranged from home invasions to kidnappings, and in some cases, murder. In the first two months of 2026 alone, researcher Jameson Lopp's public tracking database had already recorded eleven incidents globally.

Europe has become the epicenter. France leads with 19 documented attacks, with organized crime groups increasingly targeting known holders across France, Spain, and Sweden. The pattern is consistent: attackers identify high-net-worth crypto holders through social media, on-chain activity, or data leaks, then apply physical pressure to extract access.

This is the dark side of Bitcoin's transparency. The blockchain is public. If someone knows your wallet address, they can see exactly how much you hold. And with name-address data leaks from exchanges, centralized services, and tax databases, the gap between "someone knows your balance" and "someone knows where you live" is often smaller than people realize.

The self-custody community's default response has been operational security: don't talk about your holdings, use hardware wallets, avoid sharing addresses. That advice is sound, but it addresses only one part of the threat model. The deeper problem is architectural: most Bitcoin holders store their entire secret in one place, whether it's a hardware wallet in their desk, a seed phrase on a steel plate in their safe, or a passphrase memorized in their head. A determined attacker only needs to find and control one person — you — to access everything.

Shamir's Secret Sharing breaks this model entirely. With a threshold split, no single location, device, or person holds enough information to reconstruct your seed phrase. A 2-of-3 split means your Bitcoin requires cooperation from at least two independent sources. A 3-of-5 split distributes control even further. If you're the only share holder present, you genuinely cannot comply with a demand to produce the full secret. You don't have it. The attacker gains nothing by threatening you — not because you're brave, but because the math is on your side.

This property is sometimes called a "credible inability to comply," and it matters enormously in coercive scenarios. A smart adversary, once they understand the setup, has no incentive to keep applying pressure. There's nothing to extract.

seQRets is built on exactly this principle. You split your encrypted seed phrase into QR-encoded shares and distribute them to separate locations — different cities, different people, different jurisdictions. None of the individual custodians can reconstruct your secret alone. You travel light. You're not carrying your Bitcoin. You're carrying one piece of a puzzle that's only useful combined with pieces held elsewhere by people who aren't with you.

The rise of wrench attacks is a predictable consequence of Bitcoin's price appreciation and the growing visibility of self-custodians. As adoption grows, so does the target surface. The answer isn't to abandon self-custody — it's to redesign your setup so that you are no longer the single point of failure.

If your entire Bitcoin security depends on no one ever finding out where you live, you've already lost the security game before it starts.