Binance, the world’s largest cryptocurrency exchange, has just rolled out a new wallet feature to combat the rising cases of wrench attacks against crypto holders.

 

Announcing the launch of this feature, Binance wrote in a Monday blog post, “Most security advice you will read about crypto assumes that the threat is digital. Some of the main threats include malicious phishing links, imposter scams, SIM swaps, and compromised seed phrases, and the industry has built strong defenses against them.”

 

“But there is a category of risk that those defenses do not cover: physical coercion. These are situations where someone is pressured, in person, to move their own funds. Such cases are rare, but when they happen, the losses can be severe and irreversible.”

 

When activated, this new withdrawal protection feature blocks all on-chain withdrawals from a user's Binance account for a preset lockdown period, during which no one, not even the owner of the wallet, can move crypto assets out of the wallet.

 

The new withdrawal protection feature can be enabled from the settings section of the Binance wallet. While 48 hours is the default lockdown period, a user can choose to change this to anywhere between 1 and 7 days, depending on their preferences.

 

 

To enhance flexibility, Binance added a toggle feature that allows users to end the lockdown period early, especially in emergency cases when a user needs to move crypto assets from their wallet. It is also important to note that this feature only restricts withdrawals, thus users can still trade, hold positions, and carry out other in-wallet activities even when the withdrawal protection feature is enabled.

 

Crypto Wrench Attacks on the Rise

Crypto wrench attacks have steadily risen over the last few years. According to a CertiK report, there were 72 verified cases of physical attacks and coercion against crypto holders in 2025, an increase of nearly 71% from the 41 cases recorded the previous year, with losses amounting to over $41 million.

 

This year has not been an exception, as there have been several recorded cases of wrench attacks, with France being an epicenter of these attacks.

 

Just last month, a family of five in France was held captive by two men who invaded their home and extorted approximately €700,000 worth of cryptocurrencies.

 

In another attack in France, a mother and her son were kidnapped by four armed men who demanded about $471,000 for their release. The victims were held hostage for about 20 hours before they were eventually released, and the suspects were arrested by law enforcement officers.

 

 

Wasabi Protocol, a multichain decentralized perpetual futures trading platform, was hit by an exploit that led to the loss of more than $5 million across several chains.

 

The exploit, according to blockchain security company PeckShield, was carried out across multiple chains, including Base, Berachain, Blast, and Ethereum, which is its main deployment chain.

 

The incident was also flagged by blockchain security firms CertiK and Blockaid, with both firms attributing the cause of the hack to a compromise of the Wasabi deployer wallet, which allowed the attacker to gain privileged admin access and subsequently drain funds from the protocol.

 

“The Wasabi deployer externally owned account was used to grant admin role access to an attacker-controlled helper contract, which then upgraded the perpetual vaults and LongPool to a malicious implementation that drained balances,” Blockaid wrote in a post on X.

 

“All Wasabi and Spicy liquidity provider share tokens minted by these vaults should be treated as compromised. The underlying assets backing them have been drained or are at risk while the Wasabi deployer key remains active. End users holding these tokens are showing book value, but the redemption value is zero,” the firm added, while recommending the immediate flagging and revocation of these tokens.

 

Blockchain security firm Cyvers also provided further details on how the incident occurred. According to Cyvers, a crypto wallet funded through Tornado Cash was used to deploy a malicious contract on Wasabi Protocol across the Base and Ethereum chains.

 

As a result of this malicious contract deployment, about $4.5 million in various crypto assets, including WETH, USDC, BTC, VIRTUAL, and cbBTC, as well as memecoins such as PEPE, MOG, and REKT, were stolen. The funds were later consolidated into Ether and distributed across multiple wallet addresses outside the protocol.

 

Wasabi Protocol Responds

Following the disclosure of the exploit by security teams, the Wasabi team, in a post on X, stated that they were aware of the breach and were actively investigating the incident alongside security experts, notably Security Alliance and Blockaid.

 

The team also warned against interacting with a list of compromised vaults and EVM positions across Base, Blast, and Berachain, while stating that users whose vaults were not among the compromised list could proceed with withdrawals at any time.

 

The Wasabi exploit closed the month of April, which recorded some of the largest crypto exploits, including those involving Drift Protocol and KelpDAO, which led to losses of $285 million and $293 million, respectively.

 

 

Eric Halem, a former Los Angeles Police Department officer, has been found guilty of kidnapping a 17-year-old and stealing $350,000 worth of crypto after invading his home in 2024.

 

Halem, who served with the LAPD for 13 years but retired in 2022, was said to have illegally invaded the home of the teen, named Daniel, alongside three co-conspirators.

 

Upon gaining entrance into the teen's home under the guise of carrying out a search warrant, Halem subdued both the teen and his girlfriend, threatening to shoot him if he didn't hand over a hard drive containing Bitcoin. Apparently, the teen did have a significant amount of crypto.

 

Although Halem has been found guilty by the court, his sentencing is scheduled for March 31. And since he's been tried for kidnapping and robbery, which fall under California's aggravated statutes, Halem risks spending a long time in prison.

 

 

The Rise of Wrench Attacks

A wrench attack, also known as the $5 wrench attack, involves physical threats or violence to force a person to hand over their crypto private keys.

 

There has been an increase in the number of wrench attacks within the last few years. According to a 2025 security report from blockchain security firm CertiK, there were 72 recorded incidents of wrench attacks, a 75% increase from 2024.

 

     

 

Certik also reported a loss of more than $40.9 million from these attacks, with Europe accounting for 40% of these attacks worldwide, and kidnapping being the most common method used by assailants.

 

Jameson Lopp, Co-founder and Chief Security Officer of crypto security firm Casa Inc, has also been documenting these crypto wrench attacks from 2014 to date in a GitHub repository named "physical-bitcoin-attacks."

 

Based on tracked incidents in the GitHub repo, there have been 16 documented crypto-wrench attack cases this year alone, with France recording the most cases, with kidnapping being the most common method used by attackers.