TFTC@TFTC21
A crime ring out of Tennessee was just busted for running wrench attacks on bitcoin holders across California, San Francisco, Sunnyvale, San Jose, and Los Angeles.
They hacked into victims' DoorDash and UberEats accounts to figure out where they lived, then showed up posing as delivery drivers. Once inside, they zip-tied and duct-taped victims at gunpoint while a remote operator, using a voice modulator, directed them through draining the wallets.
In one case they stole $13 million. In another, when the victim's wallet didn't show the amount the attackers expected, the voice on the phone ordered them to cut off the victim's fingers until he revealed the "real" account.
A duress wallet won't necessarily save you. These attackers came in with specific intel about how much their targets held. If the number they see doesn't match the number they expect, the situation escalates. Physical attacks on bitcoin holders jumped 75% in 2025, with confirmed losses topping $40 million.
A few things worth thinking about if you hold any meaningful amount of bitcoin.
Don't talk about how much you hold. Not online, not at meetups, not to friends of friends. Operational security starts with not making yourself a target in the first place.
Be skeptical of unexpected deliveries. This ring used real food delivery apps to build trust before showing up at the door.
Multisig and time-locked transactions are worth looking into, not just for security against hackers, but because they make it physically impossible to hand over funds under duress. If the coins literally can't move for 48 hours, there's no point in holding someone at gunpoint.
Self-custody is a responsibility. The tradeoff for being your own bank is that you're also your own security team.
