$5 Wrench Attack

How It Works

The name comes from the XKCD comic: why spend millions on breaking encryption when a $5 wrench applied to the right person achieves the same result? This is not a cryptographic attack — it is a physical one. An attacker identifies you as a Bitcoin holder, locates you, and uses threats, violence, or kidnapping to force you to hand over access to your bitcoin. The cryptography is irrelevant if the key holder can be coerced.

This threat is real and growing. As Bitcoin's value increases, so does the incentive for violent theft. Home invasions targeting known crypto holders have been documented worldwide. The attackers don't need to be technically sophisticated — they just need to know you have bitcoin and where you live.

Defense is layered. First, don't advertise your holdings — no social media posts, no "Bitcoin millionaire" lifestyle signals, no bragging at meetups. Second, use duress wallets with a small, sacrificial balance that you can surrender under threat. Third, structure your custody so that no single person or location can access your full holdings — multisig with geographically distributed keys means you genuinely cannot hand everything over even under coercion. Fourth, use passphrases that create hidden wallets behind your main seed. The best physical security comes from the attacker never identifying you as a target in the first place.

Key Points

• Physical coercion bypasses all cryptographic security — the human is always the weakest link
• Never publicly disclose the size of your Bitcoin holdings or your custody setup
• Duress wallets provide a sacrificial balance to surrender under threat
• Multisig with geographically distributed keys means you physically cannot comply with immediate demands
• The best defense is never being identified as a target — practice strict operational security