0
0
Opinion

PSA: Don’t Keep Crypto at Home

Going bankless in the age of wrench attacks.
0
0
Jan 28, 20265 min read

In an age of increasing wrench attacks, I want to echo some simple advice from security professionals: if you’re a crypto investor working in public you should never have access to more than $1k in crypto from home.

Let's round it to zero – you should have zero crypto at home.

That means no access to crypto without multiple private keys, third party in person verification, and multi-day time delays. Not on your phone, not on your computer, not on your hardware device, not in your house, not with a phone call.

  • No hot wallet at home with funds over $1k.
  • No cold wallet at home, period.
  • No exchange that allows you to move funds without verification and delays.
  • Zero crypto at home – don’t break this rule.

Yes, this is inconvenient.

But, it’s a tradeoff in order to maintain the safety of those you care about. The increasing number of wrench attacks on leaked crypto holders is still rare but very real.

Watch this local news report from a case in September of 2025 where two brothers drive from Texas to Minnesota to wrench attack a family – while the attackers were captured, the remote orchestrator and mastermind are likely still active. Attacks like these are only becoming more common.  

The data leaks, the AI tools, the increasing criminal sophistication, the lack of onchain privacy – I believe these factors will result in physical attacks getting worse before they get better. (I do have some confidence attacks will decrease in the long run as our world adapts to digital bearer assets and our privacy tech improves - but that’s not the world we live in today)

Would you keep briefcases of cash at home? How about bars of gold bullion?

Here’s the thing: if you can access large amounts of wealth and send it somewhere in minutes, with no third party to confirm you’re not under duress, then alarm bells should be going off in your head – you’re not just your own bank, you’re the bank security guard.

Do you want the life of a 24x7 security guard? You want that burden of vigilance and risk? Your phone, your pocket, your computer, your house – these are not places to store access to tens of thousands of dollars. Bearer assets are tremendously powerful, and scary. Treat them with reverence.

You don’t have to keep crypto at home in order to go bankless.

There’s a growing set of solutions for holding zero crypto at home:

  • Use Casa: multisig for bitcoin
  • Use Safe: multisig for ETH and Ethereum assets
  • Use time-locked bitcoin vaults like ZenGo
  • Use custodians like Unchained to hold multisig private keys
  • Use bank safe deposit boxes
  • Use wallet social recovery and time delays

If you’re storing multisig keys, don’t store them at the office or a friend's home or somewhere non-public or easy to drive to. Realize that attackers can force you to drive to a second location under duress, so any access to multisig private keys should require both third party verification and a time delay to transfer funds.

If onchain feels daunting, use Fireblocks or Coinbase institutional with video verification and configure your exchange settings to require 48 hours to whitelist new withdrawal addresses. (Note: exchanges can be just as wrench-risky as onchain wallets unless you configure them correctly – add delays and verification for transfers to new addresses)

You’ll know you have a good system when you can’t access your long-term crypto without friction, delays, and a verification process that ensures you’re not under duress.

If you’re public and can’t navigate all of this... consider ETFs instead. That may sound like sacrilege from one of the Bankless guys, but the safety of your loved ones is worth more than scoring decentralization points. Go onchain when you feel ready.

“What if attackers still think I have access to crypto - isn’t it worse to be wrench attacked by people who believe I have access to crypto but am holding out?” 

Over the long term, as more crypto investors adopt zero crypto at home, attacks will stop being successful and will decelerate. All risk, no reward.

In the meantime, here are some tactics for individuals:

  1. Implement zero crypto at home.
  2. Do the other recommended privacy and security things - zero crypto at home isn’t a silver bullet - privacy, home security, panic buttons - these are the moats and castle walls you use to make yourself a hard target and deter attacks in the first place, which is what you really want (out of scope for this post – follow people like Beau for more)
  3. Write a zero crypto note to your prospective attackers – “I’m zero crypto. I keep no crypto at home or on my phone, just pocket change” put the note in your phone case as proof you preemptively planned and aren’t foolish enough to keep bearer assets at home or on your person. An attacker can keep this message and the pocket change.
  4. If you’re public - find a way to signal that you don’t keep crypto on your person or at home – Vitalik does a good job with this, he’s intentionally public about his multisig setup, primarily to educate, but this can also signal attackers that they can’t get anything from him.
“Say they show up and you have zero crypto, what if they just take you instead?”

If wrench attacks are rare, then kidnappings are the rarest of the rare in developed countries – they’re higher risk, and with a lower payoff for attackers. When they’ve happened, they’ve targeted known high net-worth individuals, not random retail crypto investors. Remember: attackers are looking for high upside with low risk, but with ransoms they’re more likely to end up dead or in jail with nothing to show.

Still they do happen. To mitigate this risk even further, keep your addresses private. Make it a project. I know this isn’t easy with today’s limitations – and attackers are getting better at stealing and bribing their way into wealth data for crypto targets but you can make it harder:

  • Don’t share your addresses
  • Be careful of ENS names or NFTs linking your addresses to your identity
  • Be wary of cloud-based tax software (use tools like Rotki instead)
  • If you’re worried you can’t hide your addresses, then go offchain until you can

Here’s the logic: if you have zero crypto at home and no visible onchain footprint, there’s no reason a mastermind kidnapper should prioritize you over the millions of TradFi investors out there. After all, they can kidnap any TradFi investor and still demand payment in crypto, there's no reason you should be special. You want to be near the bottom of a much longer list.

Closing thoughts

Physical attacks on crypto investors are a setback for the bankless vision – the frequency of these is not something I foresaw happening this soon and I’d hoped we’d have more privacy and wallet countermeasures by now, but we don’t.

Still I’m optimistic. As Balaji likes to say, progress corkscrews up. We’re in a local valley of increased risk, but with better practices, wallet improvements, and onchain privacy I think we’ll slay this dragon too. The purpose of crypto is freedom. Don’t lose yours by playing the role of vault security guard.

Zero crypto at home.

Not financial or tax advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This newsletter is not tax advice. Talk to your accountant. Do your own research.

Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here.

Published in Bankless

There’s a revolution in the world of money. Ethereum, Bitcoin, crypto, open finance, DeFi—a bankless revolution. And you want part of it.