How Crypto Criminals Stole $700m From Folks — Regularly Using Age-Old Tips
Publication Date: January 18, 2026 | Category: Cybercrime & Finance
Introduction
Theft is a traumatic experience, but cryptocurrency theft carries a unique psychological burden. While a physical burglary leaves a broken window and empty drawers, digital theft leaves the victim watching their life savings on a public ledger, accessible yet entirely out of reach. In 2025, the global crypto ecosystem faced a staggering reality: while institutional hacks dominated headlines, a silent epidemic of individual thefts siphoned off over $700 million from everyday investors.
Despite the technological sophistication of blockchain, the methods used to steal these funds are often surprisingly low-tech, relying on age-old psychological tricks and social engineering. This article explores the anatomy of these crimes, the devastating impact on victims, and the regulatory landscape that leaves many without recourse. By examining the intersection of human psychology and digital finance, we uncover how criminals are exploiting the “self-custody” model of cryptocurrency.
Key Points
- Financial Impact: Individual crypto thefts accounted for an estimated $713 million in losses in 2025 alone.
- Methodology: Criminals increasingly rely on social engineering, data breaches, and physical coercion (known as “wrench attacks”) rather than complex code exploits.
- Regulatory Void: Unlike traditional banking, UK cryptocurrency ownership remains largely unregulated, meaning victims rarely recover funds.
- Victim Profile: Attackers are targeting “crypto-rich” individuals identified through leaked databases from luxury retailers and service providers.
- The Paradox of Transparency: Blockchain technology allows victims to trace stolen funds but offers no mechanism to reverse transactions or identify anonymous wallet holders.
Background
To understand the scale of the problem, one must look at the adoption rates. According to a survey conducted for the Financial Conduct Authority (FCA) in August 2024, approximately 12% of British adults—roughly seven million people—own crypto assets. Globally, the number of crypto owners is estimated at 560 million.
As ownership expanded, so did the criminal interest. While 2025 saw major institutional breaches, such as the $1.5 billion hack of the Bybit exchange attributed to North Korean hackers, the “retail” sector became a primary target. Blockchain analysis firm Chainalysis describes attacks on individuals as the “under-documented frontier for crypto crime.” The rise in individual thefts correlates with the increased valuation of assets like Bitcoin and Cardano, turning average citizens into high-value targets.
Analysis
The Anatomy of a Digital Heist
The fundamental nature of cryptocurrency is the concept of “self-custody.” When you hold crypto, you hold the private keys—essentially a long alphanumeric password that grants total control over the assets. If a criminal obtains these keys, they can transfer the funds to their own wallet. Because the blockchain is immutable and decentralized, once the transaction is confirmed, it is irreversible.
Victims often watch helplessly as their funds are moved through a chain of wallets. Helen, a UK-based victim who lost $315,000 (approx. £250,000), described the experience as watching a burglar display stolen goods behind an impassable barrier. “You can see your money there at the public blockchain, but there is nothing you can do to get it back,” she explained.
Age-Old Tactics in a New Era
While the technology is new, the tactics are not. Criminals are pivoting from complex code-breaking to simpler, more effective social engineering. This includes:
- Phishing and Data Breaches: Criminals purchase leaked databases to identify wealthy individuals. For example, a breach at Kering (parent company of Gucci and Balenciaga) exposed customer spending habits. One hacker interviewed by the BBC claimed to have paid $300,000 for such data, cross-referencing it with other leaks to target high-net-worth crypto holders, ultimately stealing over $1.5 million.
- Cloud Compromise: Many investors store wallet recovery phrases in cloud storage. Hackers exploit weak security on these accounts to access the keys, as seen in the case of Helen and her husband, Richard.
- “Wrench Attacks”: This term refers to physical coercion. Instead of hacking a wallet, criminals kidnap or assault victims to force them to transfer funds. In 2025, cases surged globally, from a Parisian kidnapping attempt involving a crypto executive’s family to the abduction of Ledger co-founder David Balland, who lost a finger during the ordeal.
The Regulatory Gap
In the UK, the Financial Services Compensation Scheme (FSCS) protects bank deposits up to £85,000. However, the FCA explicitly states that crypto assets are unregulated and high-risk. “If something goes wrong, it is unlikely you will be protected,” the regulator warns. This lack of protection contrasts sharply with traditional finance, where card companies often reimburse fraud victims.
Exchanges like Binance, despite having millions of UK users, operate in a regulatory gray area. The company does not currently accept new UK clients due to a lack of FCA authorization, and its victim support pages are often blocked within the country. This leaves individuals operating in a digital wild west, responsible for their own security without the safety nets of traditional banking.
Practical Advice
Given the rising threat landscape, investors must adopt rigorous security practices. The “be your own bank” philosophy comes with significant responsibility.
Securing Your Digital Assets
1. Hardware Wallets (Cold Storage): Never store large amounts of cryptocurrency on exchanges or in cloud-based notes. Use hardware wallets (like Trezor or Ledger) which keep private keys offline, making remote theft impossible.
2. Multi-Factor Authentication (MFA): Enable MFA on all accounts associated with crypto (email, exchange accounts). Use app-based authenticators rather than SMS, which can be intercepted via SIM-swapping attacks.
3. Geofencing and Biometrics: Emerging security solutions, such as those developed by Haven, offer features like geofencing (blocking transactions outside a specific location) and continuous biometric verification. These layers make unauthorized access significantly harder.
4. Operational Security (OpSec): Avoid flaunting crypto wealth on social media. The more public you are about your holdings, the higher the risk of being targeted by social engineering groups.
5. Verify Contacts: Always verify the identity of anyone claiming to be a support agent or exchange representative. Legitimate companies will never ask for your private keys or seed phrase.
FAQ
Can stolen cryptocurrency be recovered?
Generally, no. Because blockchain transactions are irreversible and wallets are pseudonymous, once funds are transferred, they are gone unless the criminal voluntarily returns them. Law enforcement can trace funds but rarely has the tools to de-anonymize the wallet owner.
What is a “wrench attack”?
It is a colloquial term in the crypto community for physical coercion. It derives from a hypothetical scenario where a criminal uses a simple tool (like a wrench) to threaten a victim into handing over their private keys, bypassing digital security entirely.
Are crypto losses tax deductible?
In many jurisdictions, including the UK, theft of personal crypto assets is generally not eligible for a capital loss claim for tax purposes, unlike the loss of coins through market volatility. However, tax laws are complex and subject to change; professional advice is recommended.
Is cryptocurrency regulated in the UK?
Currently, the regulation focuses on crypto asset promotions and anti-money laundering (AML) requirements for exchanges. However, the assets themselves are not covered by the Financial Services Compensation Scheme (FSCS), meaning consumers are not protected if a firm goes bust or funds are stolen.
Conclusion
The $700 million stolen from individuals in 2025 highlights a critical juncture in the adoption of cryptocurrency. While blockchain offers financial sovereignty, it also demands a level of security literacy that many average investors lack. Criminals are exploiting this gap, utilizing a blend of high-tech data mining and low-tech physical violence.
For victims like Helen and Richard, the loss is not just financial but deeply emotional, compounded by the visibility of their stolen assets on the public ledger. As the industry matures, the tension between decentralization (self-custody) and consumer protection will likely drive regulatory changes. Until then, the burden of security rests entirely on the individual.
Leave a comment