CertiK Releases Skynet Report: "Wrench Attacks" Surge 75% by 2025, Physical Violence Becomes a Major Threat in the Crypto Space

null

On February 2, CertiK, the world’s largest Web3 security company, released the “Skynet Wrench Attack Report,” noting that physical violence against cryptocurrency holders has evolved from extreme individual cases into a structural risk. As security measures for crypto-asset protection continue to be strengthened, this tactic of bypassing technological defenses and directly targeting “people” is spreading rapidly.

The report shows that globally there were 72 verified wrench-attack incidents in 2025, an increase of 75% compared with 2024. So-called “wrench attacks” refer to attackers using physical means such as violence, intimidation, and kidnapping to force victims to hand over private keys or passwords. These attacks do not rely on technical vulnerabilities; instead, they directly turn their sights on the individuals behind the crypto assets.

Violence escalates significantly; Europe becomes a high-risk region

In terms of attack patterns, wrench attacks in 2025 show a clear trend of escalating violence. The report states that kidnapping remains the most common attack route, with 25 incidents throughout the year; direct personal attacks increased by 250% year over year, becoming one of the most concerning changes.

In geographic distribution, Europe became the highest-risk region in the world for the first time. In 2025, Europe accounted for more than 40% of the world’s known incidents. Among countries, France recorded the highest number of attacks globally, surpassing the United States. CertiK noted in the report that this shift does not mean North America risk has disappeared; rather, it reflects that such crimes are spreading to more complex legal jurisdictions and regions with higher costs for cross-border cooperation.

Losses exceed $40 million; the real scale may be severely underestimated

In terms of financial impact, confirmed losses related to wrench attacks in 2025 exceeded $40.9 million, up 44% year over year. However, the report warns that because of factors such as victims’ low willingness to file reports, fear of retaliation, and some assets involving tax evasion or gray areas, this figure is only “the tip of the iceberg.”

By comparing attack patterns, the report finds that wrench attacks in 2025 have completely moved beyond the early speculative, fragmented characteristics and entered a professionalized, industrialized operating phase. Attackers often operate in the form of transnational criminal groups. Before an attack, they typically spend weeks planning, combining open-source intelligence (OSINT) analysis to trace target-related transaction footprints, identify and lock in time windows when defenses are weak, and even deploy specialized equipment such as signal jammers and Faraday bags to cut victims off from the outside world.

It is worth noting that attackers’ targets are becoming more generalized. Although industry executives and project founders remain high-value targets, attackers are now also starting to go after individuals with smaller holdings. In addition, attackers are increasingly using “associated targets,” applying psychological pressure by threatening victims’ spouses, children, or parents.

How to respond to personal threats? Safety recommendations for individuals and institutions

As technical security standards keep improving, “breaking systems” is becoming increasingly difficult, while “coercing individuals” is cheaper and more efficient. This paradox makes personal safety the weakest link in today’s crypto ecosystem—and one that is all too easy to overlook.

The report offers a series of safety recommendations for individuals and institutions. For the individual level, it suggests reducing coercion-related losses through “decoy wallets,” storing mnemonic phrases with geographic isolation, and removing encrypted wallet applications from everyday devices to reduce risk. For the institutional level, it emphasizes using technical measures such as multi-signature mechanisms, time-lock contracts, and transaction friction mechanisms, and expanding security training to family members and employees.

In its report conclusion, CertiK emphasizes that the situation in 2025 indicates that wrench attacks have become an independent type of crime within the crypto ecosystem, and safety models that rely solely on the protection of mnemonic phrases can no longer address the risk. How to upgrade from “protecting assets” to “protecting people,” and reduce the feasibility of coercion through institutionalized design, may become the key issue for future industry development.

Report link: