Share
It began with pizzas nobody ordered. Before a San Francisco man was bound with duct tape, assaulted, and threatened during a home invasion, two boxes of pizza he never requested were left outside his door. By the time he noticed them, $13 million in Bitcoin (BTC) and Ether (ETH) had been stolen.
Wrench attacks are NOT just a physical security issue.
This story explains why.
Three crypto wrench attacks between SF and LA were a direct result of criminals exploiting the leaky digital footprints of their victims.
The victims were targeted because they were known to have… https://t.co/BPI6dwmdys
— Chad Nelson (@Chad_Nelson_) April 4, 2026
According to court records and police documents, this was not a random home invasion. Investigations show it was part of a calculated operation that targeted crypto holders using a disturbingly simple method that included hacking their delivery apps, studying their habits then showing up at the door in uniform.
The scheme worked in clear stages. Suspects allegedly infiltrated victims’ DoorDash and Uber Eats accounts using malware to harvest addresses, order histories, and daily routines.
“They figure out your trends, your life cycle,” a Sunnyvale financial crimes detective told the San Francisco Chronicle. Suspects then posed as DoorDash or UPS drivers to get victims to open their doors.
In one case, a third party sent live screenshots of the victim’s order activity to the team on the ground. One suspect even called DoorDash customer service three times in the 24 hours before a robbery. Authorities have arrested three men from Tennessee in connection with attacks in Sunnyvale and Los Angeles. The higher-level coordinators who allegedly ran the operation remotely remain at large.
Crypto holders are especially attractive targets for one simple reason: once the funds move, they are almost impossible to recover.
Ari Redbord, head of global policy at TRM Labs, explained that while banks can freeze accounts and reverse fraudulent transactions, crypto has no such safeguards by design.
“Bad guys always go where the money is,” Redbord said.
These California cases are part of a sharp global rise in “wrench attacks.” Cybersecurity firm Certik recorded 72 documented incidents in 2025, a 75% increase from the previous year. The real number is likely much higher due to underreporting.
1/ Physical violence is no longer an edge case but a potential risk for anyone holding crypto.
Wrench attacks have risen year on year. pic.twitter.com/WUk0gtZByv
— CertiK Alert (@CertiKAlert) February 6, 2026
From a French gang severing a crypto founder’s finger to an Italian man tortured for weeks in Manhattan, the pattern consistently shows detailed profiling followed by physical coercion.
The crypto industry’s standard advice includes using multisig, keeping keys offline and avoiding showing off holdings. All of these focus on individual security. It does little to address the fact that everyday consumer apps now hold enough real-time data to make high-net-worth crypto users easy to locate and target.
We averaged a little over 1 bitcoin wrench attack per week in 2025.
We're 11 weeks into 2026 with 23 known attacks.
Stay frosty.
— Jameson Lopp (@lopp) March 18, 2026
Until the industry treats physical reconnaissance as seriously as digital hacks, a compromised delivery app account will remain one of the cheapest and most effective tools for organized crime.
The most important rule is simply to never publicly reveal or hint at your crypto holdings. Avoid posting wallet addresses, sharing portfolio screenshots, or discussing specific holdings on social media.
Use multisig wallets, keep private keys offline, enable 2FA everywhere, and limit the personal information available on delivery and shopping apps.
In an era of rising wrench attacks, staying anonymous is now one of the strongest defenses.
Share
