Crypto custodians are reporting increased interest in their services amid the rising frequency of so-called “$5 wrench attacks” on cryptocurrency traders, investors and project leaders.
In the last year, several high-profile wrench attacks — physical attempts to steal someone’s crypto — have targeted prominent investors and business executives in the blockchain industry.
The crypto mantra of “not your keys, not your coins” has lost its power among some investors who fear for their personal safety. Cold wallets may offer full control over digital assets, but they also present a single point of attack.
As crypto adoption grows, and wrench attacks persist with the proliferation of more high-value crypto investors, custodians are seeing a shift in preference from self-custody to institutional control.
Crypto wrench attacks drive security demand
Wrench attacks are nothing new. Jameson Lopp, a Bitcoin (BTC) advocate and chief technology officer of Bitcoin wallet Casa, published a GitHub repository logging hundreds of such incidents since 2014 — and those were only the ones reported in the news.
In the last two to three years, as crypto adoption has sped up and become more mainstream than ever, attacks have grown more public and sophisticated. In January 2025, the founder of crypto wallet Ledger and his wife, David and Amandine Balland, were kidnapped, taken to separate locations and held at ransom.
Related: Violent crypto robberies on the rise: Six attacks that targeted investors
Just months later, the daughter of an exchange founder barely fought off attackers who attempted to kidnap her in a van on the streets of Paris. Concern over the rise in attacks and their similar methods led French Interior Minister Bruno Retailleau to meet with cryptocurrency professionals to discuss the issue.
As concern over these attacks grows, crypto custodians are noticing an uptick in interest in their services.
Emma Shi, over-the-counter and institutional sales director of HashKey, which offers custody and exchange services, told Cointelegraph, “We’re absolutely seeing rising retail anxiety translate into meaningful inflows. Wealthier retail investors are increasingly approaching regulated custodians after high-profile cases like the recent Manhattan kidnapping, where physical coercion was used to access private keys.”
Shi said HashKey’s custody business has noted increased interest in storage from “family offices, crypto-native high-net-worth individuals and even those with nest eggs that are large enough to be vulnerable to theft.”
Cold wallets have long been lauded by crypto advocates as a way to give investors full control over their assets and to keep them maximally secure offline. However, this single key also provides a “single point of failure,” per Wade Wang, CEO of multiparty computation (MPC) crypto custody service Safeheron.
Wang said that there is a “flight to security” among crypto investors, where holders “are actively seeking innovative solutions that eliminate that single point of failure to significantly raise the bar for attacking.”
Already in 2023, a report from PricewaterhouseCoopers on the state of digital custody noted the challenge of cold wallets being prone to theft or loss. One solution posited in the report was MPC or multisignature wallet options.
Can custody services stop wrench attacks?
Crypto self-custody, while boasting a new technology, runs into the same problem as treasure hoarders throughout history — they were vulnerable to physical attacks and theft until they could share that risk with a stronger and securer institution like a bank. Robbing a bank is a lot harder than robbing a person.
In the same fashion, crypto investors are now seeking to “raise the cost” of the $5 wrench attack. Wang said that investors wish to “return to the fundamental principle: making the cost for an attacker rise exponentially. For example, when it costs $3 million to steal $10 million, the incentive for attack is lost.”
Third-party custody can achieve this and mitigate the problem of wrench attacks, adding time-locks and layers of approval and shifting the target from an individual to the custodian’s employees.
“But it is not an optimal solution,” per Wang. Trust is still put in a single, centralized institution and, as exemplified by the recent breaches at Coinbase and Bybit, even major regulated crypto businesses are vulnerable to employee misconduct and phishing.
Related: Lessons from Bybit hack: How to stay safe on crypto exchanges
Wang suggested that distributed custody, such as MPC, “is a superior solution because it fundamentally solves the problem. The core principle of MPC is to use technology to decentralize the single point of control and risk […] into a ‘multiparty’ structure.”
In such a system, control doesn’t…
cointelegraph.com