Skip to content
Blog
Crypto security

They came for the person, not the wallet

The smart attacker skips the cryptography and goes straight for you; here is why a hardware wallet does not cover a $5 wrench attack, and what does.

The Deniable Guide5 min read ·
Copied!

You can do everything right with your keys and still lose everything, because the smart attacker skips the cryptography and goes straight for you.

The name for this is grim and accurate: the "$5 wrench attack." Why spend a fortune breaking encryption when a cheap wrench and a willing person get the password in minutes? For years, it was a meme. It is now a crime wave.

Comic panel imagining an attacker defeated by unbreakable encryption.
In a cybersecurity nerd's imagination: encryption defeats the attacker.
Comic panel showing a $5 wrench used to force the password out of a person.
What would actually happen: they skip the math and reach for a $5 wrench.

A real crime wave, not a thought experiment

Physical attacks on cryptocurrency holders jumped about 75% in 2025, and France has become the epicentre, averaging roughly one kidnapping or home invasion every two and a half days. In April, French authorities charged 88 people, including minors, across a dozen investigations. Security researcher Jameson Lopp keeps a public list of these incidents that now runs to hundreds of cases.

~75%

rise in physical attacks on crypto holders in 2025

The pattern investigators describe is a shift from "find a wallet" to "hunt a person." Attackers build a profile from social media, public wallets, conference appearances, and leaked datasets, then track a routine. If your name is associated with crypto, you can be found.

Why does your security stack not cover this

Almost every tool people trust assumes the attacker is far away.

A hardware wallet keeps your keys off a connected device. It does nothing when you are the one being forced to sign. Multisig slows down a theft, but it does not stop someone from making you call your co-signers. A Faraday bag hides a signal, not the fact that you own crypto.

The weak point is not your wallet. It is your phone. It holds your exchange apps, your two-factor codes, the email that resets every account, and often a photo of a seed phrase someone swore they had deleted. Hand over the phone under pressure, and you hand over the map to everything.

The options people try, and why they backfire

Comply and unlock. You give up everything, and there is nothing left to hold back.

Carry an empty or wiped phone. A blank phone reads as hiding. "Why is your phone empty?" invites more pressure, not less.

Carry a burner. A second phone with nothing on it tells the attacker the real one exists somewhere. Now they want that one.

Wipe on a duress code. A wiped phone in an attacker's hands proves you destroyed something, and the person is still standing in front of you.

Every one of these ends the same way: the attacker knows, or strongly suspects, there is more.

The move that does not leak

The approach that signals nothing is plausible deniability. You unlock a complete, ordinary phone with a believable everyday life, while your real environment sits in a hidden space with no provable sign of its existence.

That is what DeniableOS is built for. One phone, three PINs, one lock screen. The public PIN opens your ordinary, lived-in phone. The hidden PIN opens a separate environment whose data is stored in a way that it cannot be distinguished from unused space. The duress PIN handles the worst case: enter it, and the phone behaves like a normal unlock into the public side, while the hidden environment is wiped in the background. No visible wipe, nothing that reads as destruction, no sign that anything else was ever there.

Where this stops

This is not magic, and it is not a replacement for good custody. Keep the bulk of your coins in cold storage. Stay quiet about what you hold. Do not post your gains. Deniability covers the one case none of those handle: your phone in someone else's hand while you are being told to open it.

The claim is narrow on purpose

And the claim is narrow on purpose. A hidden environment is built to defeat coercion in the moment: the robbery, the border stop, the opportunistic search when someone has your phone for minutes. It is not built to beat a forensic lab that already knows you use this kind of system and keeps your device for weeks. Knowing where that line sits is the difference between real safety and false confidence.

Who is this actually for

Holders with a balance worth travelling to take. Anyone crossing borders with a device that maps to their money. People whose names and net worth are already searchable, which is most people who have done a podcast, a raise, or a public wallet. You do not need to be a whale. You need to be reachable, and reachable is a low bar now.

A phone unlocked to an ordinary home screen with nothing incriminating to find.
With DeniableOS the phone unlocks to an ordinary life. There is nothing on it to find.

Two phones. One device. Zero evidence.

See how a hidden, deniable environment protects what matters, even when you are forced to unlock.

FAQ

Does this replace my hardware wallet?

No. Your hardware wallet protects your keys from remote attackers. This protects you when the attacker is in front of you. They solve different halves of the same problem.

Isn't a wiped phone safer?

No. Empty reads as hiding. A full, ordinary phone reads as nothing to find.

What if I panic and cannot use the hidden PIN?

That is what the duress PIN is for. It opens the public phone normally, while the hidden side is erased in the background, so compliance looks like compliance.

Sources

Copied!
All articles