The fastest way to get CISSP Certified. Join our bootcamp
Last week, we took a look at a few examples of wrench attacks against cryptocurrency holders. These are attacks that use violence, the threat of violence, or extortion to extract cryptocurrency from the holder.
Now that we have shown you what’s at stake, we will dig into this type of attack at a deeper level and explain some of the aspects that make them appealing to criminals. Next week, we will take a look at some of the security precautions that cryptocurrency holders can take.
What’s the deal with wrench attacks against crypto-holders?
We documented a few gruesome attacks and provided a list of many more in our last newsletter. One reasonable response might be, “What’s so special about wealthy crypto-holders getting kidnapped? Wealthy people in traditional financial systems get kidnapped as well.”
While there is truth to this, there are some special features about cryptocurrencies that make these attacks more appealing in contrast to holders of traditional financial instruments. Let’s go through them.
Cryptocurrency transactions are irreversible
From the criminal’s perspective, one of the appeals of targeting crypto-holders is that cryptocurrency transactions are irreversible. Code is law, and if the money gets sent then there is no way to get it back unless the recipient decides to transfer it back. This means that if you manage to get the crypto sent to an account under your control, it’s yours.
In contrast, traditional banking has things like chargebacks or clawbacks. Even if you get your victim to send you money from the bank, they might be able to reverse the transaction and claim it back. You could go to all that effort, putting yourself at great risk of imprisonment, and then have the money sucked back out of your account when you thought you were home free. This aspect makes targeting crypto-holders more appealing than those with money in traditional financial institutions.
It’s easier to disappear with crypto
If you force someone to make a bank transaction against their will, there’s a very clear record of where it goes, even if the money ends up in an offshore account. It’s possible to set up a complicated network of international accounts to escape the authorities, but this is hard to do, and probably out of reach for most normal people. There is also the risk of the money getting frozen at some stage of the journey, so you might not end up getting the money.
In contrast, cryptocurrency allows an attacker to quickly exchange the money to a private coin like Monero and essentially become untraceable. There are also cryptocurrency tumblers, which allow criminals to mix in tainted coins with legitimate ones, making it much harder to trace stolen funds across the network.
Bank policy can protect victims
If someone threatens you with a wrench for your cryptocurrency, all you have to do is make the transfer or give away the key. If someone threatens you with a wrench for your money stored in a traditional financial institution, the bank may have a series of checks that can get in the way, especially when significant or unusual transfers are taking place. Attackers may be reluctant to go through the legal risk of a wrench attack if there is the possibility that a bank may put a stop to the transaction after a victim initiates it.
Legal gray area
Crypto-holders often operate in a legal gray area. The regulation is complex, and some may opt out of declaring their crypto on their taxes. If a crypto-holder hasn’t declared their crypto on their taxes and they then suffer a wrench attack, they may be less likely to report it because they don’t want to get in additional trouble from the tax authorities. From the criminal’s perspective, this means that targeting a crypto-holder may make it easier to get away with the crime than if they targeted someone with their money in the traditional financial system.
The authorities may not take it seriously
According to Investigating Wrench Attacks: Physical Attacks Targeting Cryptocurrency Users, many victims of wrench attacks fear that the authorities won’t take the crime seriously because cryptocurrencies are seen as “magic Internet money”. This makes them reluctant to report the crimes. On top of this, many police forces simply don’t have the skills and technical knowledge to investigate cryptocurrency-related crimes.
The reluctance to report and the lack of skills within the police can mean that it is more likely for an attacker to get away with a crime when targeting a cryptocurrency holder instead of someone who keeps their money in a bank.
There’s a certain appeal to crypto-crimes
As we have discussed, there are multiple aspects of the crypto-industry that can make crypto-holders more appealing targets than those who keep their money in traditional banking institutions. From irreversible transactions to a lack of pesky bank policies that protect victims, targeting crypto-holders has its advantages.
The easiest and fastest way to pass the Security+ exam
Build Your Cybersecurity Foundation. Our team has helped thousands of professionals succeed with advanced certifications like CISSP and CCSP. Now we've taken that same proven and tailored it specifically for Security+!
Prepare to Pass: Get the Right CISSP
Bootcamp
Master CISSP — as Easily and Quickly as Possible. Join our CISSP 5-Day Live Bootcamp with expert instructors Rob Witcher and John Berti to fast-track your exam prep and master all 8 CISSP domains. Live on Zoom, this intensive training is packed with real-world insights and Q&A—reserve your spot now!
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Data Center Design Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into data center design.
It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with data centers.
