In January 2025, an organized crew kidnapped Ledger co-founder and his wife, held them for 48 hours, cut off a finger, and demanded €10M in crypto—a wrench attack documented by CertiK. This event fundamentally shifted the threat model for crypto holders, proving physical violence now eclipses digital hacks as the primary risk.
The threat model has changed because physical attacks (“wrench attacks”) surged sharply in 2025, with confirmed losses from violence crossing tens of millions of dollars. Victims are no longer just billionaires—teachers, firefighters, and even children appear in the data. Europe is now the epicenter. The era of a ledger in a drawer and a seed phrase in a safe is dead. The gap between doing self-custody and doing it correctly has never been wider or more violent.
Beginner Layer
- 🛡️ Hardware wallet direct from manufacturer – Never Amazon or reseller; verify firmware on first setup; favor open-source devices so the community can audit security.
- 🔑 Generate seed, write by hand, test recovery – Wipe the device, restore from your written backup, confirm addresses match before funding. 99% skip this critical step.
- ⚙️ Move seed to metal, split geographically – Paper burns or fades; stamped steel outperforms. Order to a PO box or buy at a meetup to avoid linking your home address.
- 📱 Kill SMS 2FA everywhere – Use authenticator apps or hardware security keys (FIDO2, YubiKey). A SIM swap cannot bypass physical-touch approval.
- ✅ Verify every transaction on the device screen – Malware can alter MetaMask but not your hardware screen. Always confirm the full address—not just first/last four—to defeat address poisoning attacks.
Advanced Layer
- 🗑️ Revoke dormant token approvals quarterly – Use revoke.cash or Etherscan (bookmark now; scammers clone revoke sites during exploits).
- 🏦 Segregate wallets by purpose – A vault wallet (never signs dapps), a trading wallet, and a DeFi hot wallet (only what you can lose).
- 🕵️ Operational privacy – No Bitcoin bumper stickers, no linking wallets to your face on social media, avoid address reuse.
- 🔒 For long-term stash, add a passphrase or multi-sig – BIP39 25th word keeps funds safe even if seed is found; 2-of-3 multi-sig eliminates single points of failure.
- 📅 Annual security review – Verify backups, test recovery, re-audit approvals, update firmware, and review inheritance instructions. Treat it like a fire drill.
Final Takeaway – Centralized services lost over a billion dollars in 2025; self-custody is the answer but only if disciplined. The philosophy is “math over trust” – verified seeds, on-device confirmations, revoked approvals, and hardware keys are mathematically proven defenses. Don’t trust, verify. Defend the position with annual reviews and operational discipline.