Defend Against $5 Wrench Attacks: Complete Home & Phone Security Guide

# Defend Against $5 Wrench Attacks: Complete Home & Phone Security Guide --- ## TL;DR — The 5 Things That Actually Matter 1. **You should never be able to move your real money under duress.** Use multisig (2-of-3) with keys in different physical locations + time locks. Even at gunpoint, you *literally cannot comply*. This is the only strategy that doesn't depend on bluffing or willpower. 2. **Your phone should look crypto-free.** Hide all wallet/portfolio apps inside Secure Folder (Android) or Private Space (iOS). Rename icons, disable notifications, enable Discreet Mode (balances show as `***`). An attacker who forces your phone open should see nothing. 3. **Keep a small sacrifice wallet, lose the portfolio trackers.** Have $100–$500 in a hot wallet you can hand over. Delete CoinGecko/Delta entirely — they're a giant flashing net-worth sign. If you must track, do it on desktop only. 4. **Set up at least one duress/decoy option — and make it believable.** Keep a decoy hardware wallet with a realistic balance ($2K–$10K+) in your home safe where an attacker expects to find it. Your real wallet/keys live offsite — a bank vault, a trusted person's home. The attacker finds the safe, gets the decoy, and leaves thinking they won. 5. **Shut up about your crypto.** Most victims were targeted because someone knew they held crypto. If you're a public crypto figure, you can't hide the industry tie — but never discuss personal bags, allocations, or your custody setup. Keep the wealth associated with the company, not you. **The test:** Hand your unlocked phone to a friend. If they can find your holdings in 60 seconds, you're not ready. --- The "$5 wrench attack" — named after an xkcd comic — describes the reality that no amount of cryptographic security matters if someone can physically threaten you into handing over your keys. In 2025, these attacks hit record levels, with incidents rising alongside crypto prices. The kidnapping and torture of Ledger co-founder David Balland in January 2025, followed by several high-profile attacks in France and elsewhere, made this threat impossible to ignore. This guide covers everything from wallet architecture to phone hardening to physical home security. --- ## The Core Principle: Structural Impossibility The single most important idea is: **design your setup so that moving your real funds requires you to physically travel to another location.** This is what makes the whole strategy work. If your keys are split across your home, a bank vault, and a trusted person's house, you can truthfully say: "I cannot move these funds from here. I would need to drive to my bank and pick up another key." Most attackers will not take you on a road trip. The moment you leave the house, the risk of being seen, flagged on cameras, or you alerting someone skyrockets — and they know it. They want to be in and out in minutes, not hours. The gold standard is a **2-of-3 multisig with a 72-hour time lock and whitelisted addresses**, where keys are stored in geographically separate locations. Even under duress at home, you are physically unable to comply. Services like Casa, Unchained, and AnchorWatch offer collaborative custody that builds this in — one key at home (the decoy layer), one in a bank or secure facility, and one held by the service provider. No single location is enough to move funds. --- ## 1. Tiered Wallet Architecture Think of this like how a bank works — the teller can't open the vault. ### Daily Hot Wallet (Phone) — "Pocket Money" A mobile vault secured by your phone's secure enclave. Hold only $100–$500 for everyday spending. This is what you sacrifice under duress. It's your most vulnerable layer — treat it as disposable. ### Medium-Term (Single-Sig Hardware Wallet) A Ledger, Trezor, or COLDCARD with a moderate balance for semi-regular transactions. Secured with a strong PIN and ideally a passphrase (25th word) splitting it into decoy + hidden accounts. ### Long-Term Cold Storage (Multisig) The bulk of your wealth. Requires multiple keys stored in geographically separate locations. Options include 2-of-3 multisig (you hold 2 keys in different places, a service holds 1), time-locked transactions, and whitelisted withdrawal addresses only. This layer should be completely untouchable under duress. --- ## 2. Plausible Deniability & Decoy Wallets The key to any decoy strategy is **believability**. A wallet with $12 in it won't fool anyone. A wallet with $5,000–$10,000 — an amount that feels real and proportionate to someone who "dabbles in crypto" — is far more convincing. The attacker should walk away thinking they got everything. ### The Physical Decoy Setup (Highly Recommended) Keep a **decoy hardware wallet in your home safe** — the obvious place an attacker would look or force you to open. Load it with a believable balance that stings to lose but won't ruin you. Your **real hardware wallet and keys live somewhere else entirely**: a bank safety deposit box, a trusted family member's house, a secure second location. The attacker finds the safe, gets the Ledger, sees a real balance, and leaves satisfied. Your actual wealth was never in the building. **Make it convincing:** - The decoy wallet should have some transaction history — not a fresh wallet with one deposit - The balance should make sense relative to your visible lifestyle (if you drive a nice car, $500 isn't believable; $8K–$15K is) - Keep the decoy device in its original box with the recovery card nearby — it should look like your real setup, not a prop - Have a few different tokens/coins in it, not just one — a real portfolio looks diverse ### The Passphrase (25th Word) Approach Ledger, Trezor, and BitBox all support BIP-39 passphrases. Your normal PIN opens a decoy set of accounts with a small believable balance. A second PIN (tied to a secret passphrase) opens your real holdings. The attacker has no way to know hidden accounts exist. **Setup tips:** - Fund the decoy wallet with enough to be believable — match it to your lifestyle and what an attacker might expect (a few thousand to $10K+, not pocket change) - Include some transaction history and a mix of coins so it looks like a real active wallet - Never write down the passphrase in the same location as your 24-word seed - Practice restoring on a spare device so you're confident in the process - Trickle funds from decoy → hidden wallet over time so transaction history looks natural ### Dedicated Duress Modes - **Edge Wallet:** Duress Mode opens a fully functional decoy environment via a separate PIN. Real holdings stay completely hidden. Fund lightly since transactions are real. One of the most popular recommendations in community discussions. - **Unstoppable Wallet:** Supports multiple PINs, each unlocking only the wallets you assign to it. An attacker who forces the app open only sees what you've chosen to expose — your main stash stays hidden behind a different PIN. Also Tor-enabled and no-KYC. - **Nunchuk:** Offers a dedicated Decoy Wallet feature with separate security PINs. - **COLDCARD:** Has a "Brick Me" PIN and duress wallet features built in. - **ZYPTO:** Ships with a built-in "Disguise Mode" that hides the app icon entirely from your home screen and app drawer — the app effectively becomes invisible. ### Important Caveat Some experts warn against relying solely on decoy wallets — sophisticated attackers may test them or continue violence if they suspect more funds. A decoy is one layer, not your only layer. **The most credible defense is one that's actually true:** "The rest is in a multisig with my lawyer and a third party. It physically takes days to move." --- ## 3. Phone OPSEC — Hiding Your Crypto Footprint A savvy attacker who forces you to unlock your phone will scan for portfolio trackers, exchange apps, and wallet apps to gauge your total holdings. Your goal: **an unlocked phone should reveal nothing about crypto.** ### Isolate & Hide Crypto Apps **Android:** - Use a **Work Profile** (via Shelter or Island apps) or Samsung **Secure Folder** - Clone Ledger Live / CoinGecko into the isolated profile, then delete from the main profile - Freeze the work profile when not in use — apps become completely invisible and can't access your main photos/contacts **iOS (18+):** - Create a **Private Space** (Settings → Security & Privacy → Private Space) - Or long-press any app → "Hide and Require Face ID" - Hidden apps vanish from home screen, Spotlight, and notifications entirely **Universal rules:** - Never put crypto apps on your home screen - Disable all lock-screen and notification previews (no balance pop-ups) - Auto-lock after 30 seconds with biometrics + strong alphanumeric PIN - Log out of exchange apps after each session; disable biometric login for them **Community tricks gaining traction (2025–2026):** - **Rename app icons** to look like boring utilities or games — on Android, use third-party launchers (Nova, Lawnchair) or icon packs; on iOS, create a Shortcut that opens the app but displays a custom name and icon (e.g., make Ledger Live look like "Calculator" or "Podcasts") - **Disguise the folder itself:** Instead of a folder named "Crypto," bury hidden apps inside folders named "Utilities," "Old Games," or something equally uninteresting. Some users deliberately name it something embarrassing that an attacker won't want to dig through - **Hide the Secure Folder icon (Samsung):** After moving apps into Secure Folder, hide the folder icon itself from the app drawer — it only appears when you toggle it back on in Settings - **Layer multiple tricks together:** The community consensus is that no single trick is enough, but stacking 2–3 (hidden profile + renamed icons + discreet mode) makes your phone effectively crypto-invisible ### Use Discreet Mode in Wallet Apps **Ledger Live & Trezor Suite** both have a discreet mode toggle (the eye icon). All balances display as `***` instead of dollar amounts. Combined with the passphrase approach: - Only add your small decoy accounts to the mobile app - Manage passphrase-protected (real) accounts on desktop only - Result: even if forced to open the app, it shows "meh, a few hundred bucks" ### Ditch or Dummy Portfolio Trackers Apps like CoinGecko Portfolio, Delta, and CoinMarketCap Portfolio are the worst offenders — they aggregate everything into one big number. - **Best option:** Uninstall from your phone entirely. Track on a desktop spreadsheet or encrypted offline note. - **If you must use on phone:** Never connect real addresses or API keys. Manually enter only a small believable decoy portfolio ($500–$2,000). - **Privacy alternatives:** Unstoppable Wallet (Tor-enabled, no KYC) or block explorers for spot-checks. - **Watch-only trick:** Use BlueWallet or Electrum in watch-only mode tied only to decoy addresses. No spending power, and you control what's visible. ### Device Separation Buy a cheap secondary Android phone (~$100–$200) as your dedicated "crypto phone." Install only crypto apps on it. Keep it powered off or in a Faraday bag in your safe. Your daily phone stays completely crypto-free. **GrapheneOS users:** Set up a Duress PIN that wipes the entire device when entered — a nuclear option, but effective. ### The "Hand Your Phone to a Friend" Test Once configured, hand your unlocked phone to a trusted friend and ask them to find evidence of your crypto holdings in 30 seconds. They shouldn't be able to. --- ## 4. Physical Home Security Your residence is the most likely attack vector. Layer your defenses: - **Reinforced entry points:** Deadbolts, reinforced door frames, shatter-resistant window film - **Visible deterrents:** Motion-activated floodlights, clearly visible security cameras, alarm system signage - **Monitoring:** Smart cameras with cloud backup (so footage can't be destroyed on-site), doorbell cameras - **Safe room consideration:** For high-value holders — a room with a reinforced door, independent communication (satellite phone or VoIP not dependent on home power), and a way to contact authorities - **Vary your routines:** Routes to work, gym times, daily patterns. Predictability enables ambushes. - **Domestic staff awareness:** Cleaners, nannies, and contractors are a common leak vector. Vet carefully, use NDAs, and never discuss crypto around them. --- ## 5. Operational Security (OPSEC) — Staying Off the Radar The best defense is never being targeted in the first place. ### Never Reveal Your Holdings **If you're not a public figure:** - No bragging in group chats, at parties, on social media, or at conferences - No crypto bumper stickers, branded merchandise, or conference lanyards in daily life - No screenshots of portfolios or P&L — one streamer was attacked after posting a screenshot showing $20M+ in holdings - Remember: what seems trivial to you could be life-changing money to someone else, and more than enough to justify making you a target **If you're a public crypto figure (founder, C-level, investor, KOL):** You can't hide that you're in the industry — but there's a massive difference between "people know I work in crypto" and "people know what's in my wallet." That gap is what keeps you safe. - **Never discuss personal holdings, token allocations, or vesting schedules publicly.** Not on podcasts, not in interviews, not in group chats, not at dinners. Redirect with "the project/company is doing well" — keep the wealth associated with the entity, not you personally. - **Assume your salary/compensation is semi-public.** If you're a known founder and your token did a 50x, people will do the math. This means your other defenses (multisig, time locks, geographic key separation, professional security) need to be proportionally stronger. - **Be vague about custody.** If asked, say something like "I use institutional-grade custody with multiple parties involved" — never reveal your specific setup, which wallets you use, or how many keys you control. - **Scrub on-chain links to your identity.** Use fresh wallets for any public transactions (ENS names, governance votes, on-chain donations). Never transact directly between a publicly-known address and your cold storage. - **Consider professional security.** For founders and executives with significant known exposure, executive protection, secure transport arrangements, and professional threat assessments are not paranoia — they're the cost of being public. The kidnapping of Ledger's co-founder and attacks on crypto executives' families in 2025 made this very real. - **Brief your team.** Employees, assistants, and co-founders should never casually mention your holdings, travel plans, or home address. Company-wide OPSEC training is worth the investment. ### Minimize Your Digital Footprint - Scrub old posts linking your identity to crypto activity - Use pseudonyms and avoid linking your real identity to wallet addresses - Use a separate email for all crypto-related accounts - Buy hardware wallets directly from manufacturers (not Amazon/eBay) and consider shipping to an alternative address or PO box — Ledger's 2020 data breach exposed 270,000 customers' home addresses ### Conference & Social Caution - 84% of studied wrench attacks involved multiple attackers - 45% began with social engineering — attackers posing as fellow traders, building trust at events, or impersonating officials - Never assume good intentions if asked to change locations, share personal info, or show your assets - Carry minimal identifying information; use burner phones for sensitive communications at events ### Family OPSEC - Spouses and adult children must understand operational security — no comments like "my husband is loaded in Bitcoin" at school events - Establish pre-agreed code words for phone calls (AI voice cloning + fake kidnapping calls are now common) - Ensure family members know the plan if confronted: comply with what's accessible, explain that the rest requires multiple parties and time --- ## 6. Seed Phrase & Key Storage - Store metal seed backups (steel/titanium plates, not paper) in a quality home safe or bank vault - Follow the **3-2-1 rule:** 3 copies, on 2 different media types, with 1 stored offsite - Never store your passphrase (25th word) in the same location as your 24-word seed - Consider splitting seeds using Shamir's Secret Sharing (supported by Trezor) for additional resilience - Remove branding from hardware wallets — stripping the metal casing from a Ledger makes it look like a generic USB stick --- ## 7. If It Actually Happens **No amount of crypto is worth your life.** The goal of all this preparation is to ensure that what you can hand over is only a small fraction, and the rest is structurally out of reach. - Comply with what's accessible (your decoy/hot wallet) - Explain truthfully: "The rest is in a multisig with a third party and a time lock. I literally cannot move it from here." - If using multisig, explain that you alone cannot sign a transaction — this buys critical time - Casa offers an Emergency Lockdown feature that instantly shuts down access to your wallet with a single action