In brief
- Three UK teenagers have been jailed after carrying out a “wrench attack” robbery in which $4.3 million in crypto was stolen.
- Metropolitan Police said the suspects forced a victim to hand over crypto and car keys in a Hoxton burglary.
- The stolen cryptocurrency was recovered within 72 hours and returned two weeks later, police told Decrypt.
Three teenagers have been jailed following a “wrench attack” in which $4.3 million worth of cryptocurrency was stolen at knife point.
In a video released by the Metropolitan Police on Thursday, the trio were shown posing as delivery drivers to gain entry to a flat, where they threatened the occupant with knives and demanded his cryptocurrency holdings.
Police said the suspects travelled from Sheffield to London on June 17, 2024, before carrying out the burglary, which was later linked to them through social media footage and vehicle tracking following the theft of the victim’s car.
The suspects, who were aged 16 and 17 at the time, recorded themselves on Snapchat leaving the scene in the victim’s BMW, footage police later used to help identify and link them to the burglary.
Officers were alerted when the stolen vehicle triggered an automatic number plate recognition camera on the M1 in Northamptonshire less than three hours later, before the car was eventually stopped on the M6 in Warwickshire following a brief pursuit.
The victim’s crypto was “recovered within 72 hours and returned two weeks later,” a representative from the Metropolitan Police told Decrypt.
The three defendants were sentenced to a total of 16 years in youth detention after pleading guilty to charges linked to the burglary and car theft. Individual sentences ranged from 46 to 80 months, authorities confirmed with Decrypt.
A minor who police said cannot be named for legal reasons “pleaded guilty to aggravated burglary, possession of criminal property and theft of a motor vehicle.” The minor received 80 months in custody.
The case was "a clear example of how the suspects thought posting their criminal exploits on social media would build them a following, however all it built was the case against them,” Detective Constable Jonathan Leung said in a statement.
Crypto “wrench attacks”
Security researchers in the crypto industry say the case reflects a well-established pattern in which attackers bypass technical safeguards by targeting individuals directly, often after identifying victims through leaked or publicly exposed personal information.
These so-called “wrench attacks” have resulted in more than $41 million in losses in 2025, marking a 75% year-on-year incidence growth rate, with France being at the center of the crime wave.
“This isn’t a new tactic. Law enforcement, including the FBI, has documented “wrench attacks” for years, where cases where criminals physically target crypto holders instead of hacking wallets,” Andy Zhou, co-founder of blockchain security firm BlockSec, told Decrypt.
The core idea, Zhou explained, is that “it’s often easier to coerce a person than to break cryptography.”
Most cases begin with information exposure instead of outright violence, he said.
“Data leaks, breached customer records, or publicly available online information can be combined to identify who likely holds crypto and where they live,” he noted.
The most common mistake is overexposure, Zhou said, noting that, “People unintentionally link their real identity, location, and crypto holdings through data breaches, social media, reused phone numbers, or public wallet activity.”
Common risks include single-point custody, where one device or person can move funds immediately, increasing exposure to coercion, Zhou said. He added that warning signs include targeted phishing, unexpected account recovery attempts, SIM-swap symptoms, and unusual contact with individuals or internal systems.
“The practical takeaway is simple,” Zhou said, explaining that, “we need to assume attackers may target humans. Reducing personal exposure and adding friction to fund movements often matters more than adding another layer of cryptography.”
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Suspected hacker address responsible for CAKE and THE liquidation events, Venus incurs a $2.15 million shortfall
On March 15th, a suspected hacker address received 7,400 ETH from Tornado Cash, orchestrating liquidation events for CAKE and THE collateral that resulted in approximately $2.15 million in losses for Venus. The address manipulated THE price through complex operations, ultimately leading to the liquidation of its collateral on Venus, though substantial borrowed funds remain unpaid. Analysis suggests this event may have been a strategy employed to profit on a certain CEX.
GateNews10m ago
Venus Protocol Pauses THE Token Borrowing and Withdrawal Operations, Other Markets Operating Normally
Gate News reports that on March 15, Venus Protocol issued a security announcement stating that during the investigation of abnormal activity in the THE liquidity pool, preventive measures were taken to prevent further misuse, and all borrowing and withdrawal operations of THE tokens were immediately suspended. This measure will remain in effect until the investigation is concluded. Venus Protocol stated that other markets were unaffected and will continue to operate normally.
GateNews27m ago
Venus Protocol Allegedly Suffers Flash Loan Attack, THE Experiences Massive Liquidations
BNB Chain lending protocol Venus Protocol appears to have suffered a flash loan attack, resulting in massive liquidation of the token THE. The attacker has obtained approximately $3.6 million in assets, with liquidations ongoing. Currently, approximately 42 million THE tokens are awaiting liquidation.
GateNews2h ago
CCTV 315 Gala Exposes AI Large Model Data Poisoning Industry Chain, Pay to Manipulate AI Response Content
CCTV 315 Gala exposed the AI large model data "poisoning" industry chain, involving a business named GEO. Service providers charge fees to make client products stand out in AI models, spawning press release companies that become key links in data manipulation.
GateNews2h ago
Tether Freezes Approximately 11.96 Million USDT on Tron Chain Address
On March 15, Tether froze 11,960,680 USDT on a Tron chain address using the blacklist function of smart contracts. This action typically stems from law enforcement requests related to money laundering and fraud. Over the past several years, Tether has cumulatively frozen more than $4.2 billion in USDT.
GateNews2h ago
A certain CEX CEO clarifies wallet security incident: the risk originates from users' devices being compromised, not from vulnerabilities in the wallet itself.
Regarding the hacking incident at Wuhan Anxun Technology, a certain CEX CEO Star clarified that the incident was not due to wallet security vulnerabilities. The attackers controlled users' devices through trojan software to steal information. At the same time, he emphasized that users need to strengthen device security and avoid installing suspicious software.
GateNews4h ago
