Sign up for the Slatest to get the most insightful analysis, criticism, and advice out there, delivered to your inbox daily.
Late last month, a shoeless and injured cryptocurrency investor fled from a posh Manhattan townhouse and approached the NYPD with a mortifying story: He’d just escaped 17 straight days of torture, having been held in SoHo and peed upon, forced to smoke crack, pistol-whipped, shocked with a Taser, cut with a saw, and dangled over a ledge. All because two fellow crypto enthusiasts, whom he personally knew, desired access to his multimillion-dollar Bitcoin fortune—and were willing to do anything to make him give up the password to his virtual wallet.
With the information provided by this battered trader—a 28-year-old Italian named Michael Valentino Teofrasto Carturan—the authorities quickly took the accused culprits, John Woeltz and William Duplessie, into custody. Per police reports, Carturan and Woeltz had ties to an unnamed New York crypto hedge fund; the latter had often “picked on” the former and, eventually, a disagreement over money led Carturan to fly back to Italy. Woeltz, who’d been spending time with Duplessie partying hard and splurging generously—including on that 17-floor, $30,000-a-month SoHo townhouse—persuaded Carturan to return to NYC early last month and allegedly hired an off-duty NYPD officer to pick him up from the airport on May 6.(It’s unknown whether the cop knew what was about to happen.) According to Carturan’s account, he only escaped after agreeing to give up the passkey to his Bitcoin wallet, claiming it was stored on his laptop; when his tormenters left him behind to fetch the computer, Carturan bolted from the premises.
The NYC torture scheme was just the latest example of a “wrench attack,” where a thief employs brutal physical violence in order to gain access to a target’s virtual cryptocurrency stashes. The phrase hails from a 2009 strip from the popular webcomic xkcd, making the point that any common thief could break into a user’s encrypted software simply by battering the owner with a $5 wrench “until he tells us the password.”
It’s not a new phenomenon—but these days, it’s a troublingly common one. On the same day Carturan left his captives, the crypto-crime watchdog group TRM Labs put out a report on the recent uptick in wrench attacks, noting that such acts “have escalated in both frequency and severity,” typically involving “high levels of violence that are extremely traumatic for the victims to endure.” Ari Redbord, a former federal prosecutor who now heads global policy for TRM Labs, gave me a blunt explanation for this surge: “We’ve seen the price of Bitcoin double in the last year or so. Criminals tend to go where the money is. These aren’t cybercriminals. These aren’t hackers. They don’t need sophisticated tools.”
A few days later, longtime software engineer and Bitcoin maximalist Jameson Lopp gave a detailed presentation on the escalation in wrench attacks at the Bitcoin Conference in Las Vegas. After kicking off with a reference to that xkcd comic, Lopp deployed various graphs of reported wrench attacks over the years, noting that such assaults are still relatively rare compared with other crypto-related crimes (such as hacking or phishing), but that they do tend to spike whenever Bitcoin’s value balloons rapidly, like during the crypto craze of 2021. This year, Bitcoin’s value has reached all-time highs—and 2025 is on pace to see a record amount of wrench attacks worldwide.
Lopp emphasized that the total number will still be “relatively small”—the previous record-breaking year, 2021, only recorded about 35 attacks, most of them in the U.S. But the details common to these crimes are terrifying enough to warrant extra caution for crypto holders: home invasions, kidnapping, drugging. And, Lopp warned, “a decent number of these also involve torture.”
Bitcoin Conference attendees likely found Lopp’s presentation valuable, not least because many crypto investors are reportedly growing more fearful. The Wall Street Journal recently spoke with anonymous “members of the crypto community” who “say they are turning their Instagram profiles private and are trying to remove their physical addresses, and those of their families, from public records.” Other crypto enthusiasts are also training in hand-to-hand combat—perhaps not incidental to the fact that, as Lopp stated, many wrench-attack survivors lacked adequate home-security or self-defense tools.
Again, such events are rare. But for those who go through them, they’re scarring. Just last week, two Russian crypto executives were kidnapped by Chechens in Buenos Aires and forced to pay $43,000 in ransom before the perpetrators fled. A few weeks before that, a 30-year-old American tourist in London was drugged by a man who claimed to be his Uber driver; the kidnapper only let him out once the American gave up his crypto-wallet passkey. In late November, a Las Vegas–based investor left a local crypto conference and was kidnapped by three armed and masked robbers right as he reached home; they extorted him for $4.8 million worth of tokens, then abandoned him in a desert area 26 miles from the Nevada border. That same month, WonderFI CEO Dean Skurka was kidnapped in Toronto, held for a $1 million ransom, then freed when the sum was paid.
There are still more recent incidents that I have not rounded up—or that, more chillingly, have not been made public. But a series of repeated kidnappings in France alone (which, in at least two cases, ended with the captive’s finger getting cut off) were enough to spur the country’s interior minister to convene a group of local crypto entrepreneurs and promise extra protection. (Redbord suspects that the revitalized presence of organized-crime syndicates in France has contributed to the increase of wrench attacks there, as he told me.)
Bennett Tomlin and Cas Piancey, reporters for the crypto news site Protos and co-hosts of the Crypto Critics’ Corner podcast, told me that the targeted wrench attacks may come down to the fact that fewer and fewer people hoard more and more digital currencies, juicing the value of their stashes.
“There’s a pretty significant portion of high-net-worth individuals who have some portion of their money in crypto,” Piancey said, “and that becomes a much easier target for a robber than demanding all the cash in their house, because there probably isn’t any.” The often-public nature of crypto ownership—social media boasting, digital-influencer status, conference attendance, inconsistent cybersecurity measures—also makes it easier to target the most outspoken enthusiasts.
That’s especially the case at large in-person conferences with rich and powerful registrants like Bitcoin 2025. Unlike traditional means of protecting and storing wealth, like physical banks whose accounts are protected with sophisticated security measures, crypto holders carry immense, untraceable wealth by way of the passkeys to their crypto wallets, whether those are hosted online or stored within a flash drive. When you are your own bank, you risk being broken into like one.
It becomes even riskier when any high-profile crypto holders gather together. Tomlin mentioned the fallout from last summer’s Brussels Ethereum conference, where multiple attendees were robbed. “You don’t hear about this stuff happening at big conferences that involve bankers,” Piancey explained. “Someone who has $100 million in crypto is a more appealing target for that kind of attack than someone who has $100 million in the banking system, because one of those is going to be a lot easier to quickly take and hold on to.”
In other words: A heavily deregulated and public-facing sector that boasts relatively few buyers—who are even richer as a result—can become a sensible target for an otherwise technologically unsophisticated criminal who knows how to browse social media. At Bitcoin 2025, Jameson Lopp also noted this tendency and gave some advice to his audience: “Shut up and stop flaunting your wealth.”
