In a disturbing trend, recent investigations have revealed a series of armed robberies in California targeting the growing community of cryptocurrency holders. The pattern emerged when police linked three attempted armed robberies in San Francisco, Sunnyvale, and Los Angeles in December to a terrifying home invasion that occurred the previous month, which left one victim stripped of $13 million in digital currency.
According to law enforcement documents, the crime syndicate executed a calculated plan: they would stake out major cryptocurrency owners, impersonate food or package delivery personnel, and then violently confront the victims. One notorious incident involved a San Francisco man who was attacked in November; after being lured to his door by a pizza delivery, he was bound, pistol-whipped, and threatened with mutilation while being demanded to hand over sensitive information about his cryptocurrency holdings.
This dangerous strategy aligns with what cybersecurity experts are calling “wrench attacks.” Unlike digital theft that relies on complex hacking or social engineering techniques, wrench attacks employ brutal, direct intimidation tactics, often involving physical coercion. A recent report from the cybersecurity firm Certik indicated that wrench attacks had surged by 75% in 2025, with many cases likely going unreported. Such methods have been globally documented, exposing the extreme measures criminals will take to acquire crypto assets.
Experts attribute the surge in such crimes to the inherent vulnerabilities of cryptocurrency. While it provides a decentralized system free from traditional banking controls—making it quick and easy for holders to transfer funds—the irreversible nature of these transactions also proves enticing for criminals. “The promise of the technology is cross-border value transfer at the speed of the internet, but it also facilitates criminal activity,” stated Ari Redbord from TRM Labs, a firm dedicated to monitoring digital-asset fraud.
How these criminals pinpoint their victims remains a critical concern, with investigators suggesting a sophisticated surveillance operation often preceeds the violent encounters. In certain instances, perpetrators infiltrate food delivery apps with malware, gathering critical information about a target’s address and patterns. A Sunnyvale detective explained that the suspects study their victims’ online habits: what they typically order, when they are home, and when their deliveries arrive. Victims reported peculiar deliveries they hadn’t ordered, often just days prior to the attack, indicating their homes had been monitored.
In the days leading up to an attempted robbery, multiple victims noticed suspicious behaviors, such as repeated deliveries or unsolicited offers for services. In one case, a man in San Jose reported receiving a series of unrequested pizza deliveries before he was attacked.
The escalation appears coordinated; records showed suspects communicating with one another and sharing insights into potential victims. Overall, several of the attacks involved situations where individuals were expecting deliveries, leading to vulnerable moments that criminals exploited. From false DoorDash deliveries to misleading UPS package calls, the intricate web of deception culminates in harrowing confrontations.
Recent developments indicate that three individuals from Tennessee are in custody following their alleged involvement in the Sunnyvale and Los Angeles incidents. Further investigations remain active, with authorities tracing additional operatives connected to these brazen crimes. These cases not only reflect a troubling trend among cryptocurrency thieves but also spotlight the vulnerabilities that come with the promise of decentralized finance.
The FBI has joined local authorities in investigating the incidents, with the agency confirming its involvement in the San Francisco home invasion case. As law enforcement continues to weave through the complexities of these attacks, experts emphasize that while cryptocurrencies are inherently subject to theft, the immutable nature of blockchain technology provides a pathway for recovery and forensic investigations into criminal activities.
Ultimately, the rise of wrench attacks marks an alarming shift in the method of targeting and extracting wealth from cryptocurrency holders. As these crimes evolve, it remains imperative for both individuals and authorities to remain vigilant in recognizing and mitigating the risks associated with this burgeoning digital asset landscape.
