Skip to content
Logo

How to Protect Against Wrench Attacks

Security SpecialistOperations & Strategy

Authored by:

Jonathan Riss
Jonathan Riss
CertiK

Key Takeaway: Physical attacks bypass technical security by coercing the people who hold keys. As self-custody and on-chain treasuries grow, this threat vector now affects individuals and organizations alike, demanding dedicated controls beyond cryptography.

This page is the overview of the Coercion & Duress sub-section of the Physical Security framework. It focuses specifically on wrench attacks: coercion of the people who control keys. For other physical security domains, see the Physical Security overview.

Cryptography protects keys from algorithmic attack, not from coercion of the people who hold them. As self-custody, on-chain treasuries, and high-profile crypto-native individuals become more common, adversaries increasingly bypass technical defenses by targeting people directly through threats, surveillance, kidnapping, or extortion. These are commonly referred to as wrench attacks.

What is a wrench attack?

A wrench attack is any situation where an attacker bypasses technical security by directly targeting the person who controls the keys. Unlike phishing, malware, or protocol exploits, wrench attacks assume the attacker has physical proximity or credible reach to the victim, and that technical controls alone are insufficient.

The term originates from the xkcd webcomic, which satirically illustrated that sophisticated 4096-bit RSA encryption could be bypassed more effectively by a $5 wrench than by a supercomputer.

Why this matters now

  • Growth of self-custody, non-custodial wallets, and on-chain treasuries means more value is directly controlled by a small number of individuals, often without institutional physical security.
  • Public on-chain data, social media signaling, and leaks make it easier for adversaries to identify likely high-value targets and correlate them with real-world identities.
  • Existing wallet security guidance focuses mainly on technical compromise, leaving physical and social-engineering vectors underserved.

Scope

This sub-section covers individuals (founders, traders, KOLs) and organizations such as crypto exchanges, funds, DAOs, and protocols operating with significant on-chain or custodial balances.

It assumes that adversaries can use basic OSINT, social engineering, and physical surveillance to find and pressure key-holders.

Table of Contents