A thief posing as a delivery worker stole $11 million in cryptocurrency from a San Francisco homeowner on Saturday morning, forcing his way into the residence at gunpoint and tying up the victim with duct tape. The brazen robbery occurred around 6:45 a.m. at a home near 18th and Dolores streets in the Mission Dolores neighborhood.
The suspect used a courier disguise to gain entry to the property before brandishing a firearm and restraining the homeowner. After securing the victim, the thief fled with a cellphone, laptop, and digital assets worth approximately $11 million, according to a police report obtained by the San Francisco Chronicle.
Authorities have not confirmed whether the victim sustained physical injuries during the incident. San Francisco police did not respond to requests for comment about whether any arrests have been made or if investigators have identified suspects. Additional details about the robbery, including how the attacker gained access to the victim’s cryptocurrency accounts, have not been released.
The theft exemplifies a disturbing trend known as wrench attacks, where criminals use physical coercion rather than digital hacking to steal cryptocurrency holdings. Security analysts report these violent robberies are escalating worldwide as digital assets become more mainstream and valuable.
Physical attacks targeting cryptocurrency investors have surged dramatically in recent years. There were eight reported wrench attacks globally in 2023, a figure that jumped to 24 in 2024, according to data compiled by cryptocurrency security experts. By October 2025, researchers had documented 52 such incidents, representing a 169% increase since February.
The term wrench attack originates from a webcomic illustrating that sophisticated encryption becomes irrelevant when an attacker simply threatens someone with physical violence to obtain passwords or private keys. Criminals bypass digital security by targeting individuals directly through intimidation, assault, kidnapping, or torture.
Cryptocurrency’s unique characteristics make holders particularly vulnerable. Unlike traditional bank accounts, crypto assets are controlled through private keys or seed phrases that allow instant, anonymous transfers. Once criminals obtain these credentials through coercion, they can move millions of dollars across blockchain networks within minutes, making recovery nearly impossible.
Several high profile cases illustrate the severity of this criminal trend. In May, two men faced charges in New York after allegedly kidnapping and torturing an Italian businessman for more than two weeks inside a Manhattan townhouse. The captors reportedly shocked the victim with electrical wires, held a gun to his head, and suspended him from a fifth story ledge while demanding his Bitcoin password.
That same month, criminals in France kidnapped cryptocurrency executive David Ballard, severing one of his fingers during the violent coercion attempt. In another French case, assailants posed as police officers to enter a home in Richmond, British Columbia, stealing approximately 10 million Canadian dollars in cryptocurrency.
The Los Angeles area has witnessed similar attacks. A former police officer and several accomplices face charges for allegedly attempting to kidnap a teenager involved in the cryptocurrency business in December 2024. Security experts note that attackers often research victims through social media posts, blockchain data, conference attendance, or data breaches to identify wealthy targets.
Cryptocurrency security analyst Phil Ariss of TRM Labs explained that criminal groups already comfortable using violence were always likely to migrate toward crypto theft. The blockchain technology powering cryptocurrencies creates permanent transaction records, and thieves need not physically carry stolen assets since massive wealth can be transferred digitally with a few keystrokes.
Recent incidents have occurred across multiple continents. In late October, Russian influencer Sergei Domogatskii was kidnapped in Bali by masked assailants who tased and beat him until he transferred approximately $4,600 in crypto from his mobile device. Security experts suggest Russian organized crime groups are specifically targeting their compatriots vacationing or living in Southeast Asia.
The rising threat has prompted some wealthy cryptocurrency holders to reconsider self custody arrangements. AnchorWatch, a startup helping crypto owners insure digital assets, successfully persuaded insurance giant Lloyd’s of London to include wrench attack coverage in policies offered to customers.
Security professionals recommend cryptocurrency investors avoid publicly displaying wealth online or at industry events. Using multi signature wallets that require multiple parties to authorize transactions can make it harder for criminals to access funds even if they obtain one set of credentials. Hardware wallets that store private keys offline provide protection against digital theft but offer no defense against physical coercion.
High net worth individuals in the cryptocurrency space are increasingly hiring executive protection teams, reinforcing residential security, and implementing safe travel protocols for themselves and family members. Professional security teams trained in surveillance detection and emergency response can provide both deterrence and expertise against evolving threats.
Experts warn that as cryptocurrency values continue rising, the frequency and severity of wrench attacks will likely worsen. Blockchain intelligence platforms play a pivotal role in tracing stolen assets following robberies, helping law enforcement identify laundering pathways and support efforts to bring offenders to justice.
The San Francisco robbery adds to a troubling pattern of violence targeting the cryptocurrency community. Despite sophisticated digital security measures employed by many investors, criminals have discovered that physical threats often prove more effective than attempting to breach technological safeguards.
