I modeled wrench attacks. Privacy makes them worse.
I cofounded Peanut, a self-custodial payments app. I care about the long-term viability of self-custody more than most people because my company depends on it. When we started, the UX was the greatest barrier: gas, seed phrases, signing. Now, with passkeys and AA, the "self-custody is too hard" argument is basically dead. Self-custody UX is a solved problem. Wrench attacks are not. And one of the solutions I hear again and again, default privacy at the protocol level, makes the problem much worse.
Crypto kidnappings are real and terrifying. People are being held at gunpoint in their apartments and forced to drain their wallets. Ethereum’s emerging consensus is that one of the solutions is privacy: hide balances, obscure transactions, make it impossible for attackers to know who holds what.
This is wrong. Privacy barely touches the variable that enables targeting, significantly reduces the variable that enables prosecution, and completely ignores the variable that determines whether an attack succeeds. The net effect of default privacy is to make wrench attacks more profitable, not less.
The attacker’s equation
A rational attacker weighs a simple expected value:
EV(attack) = P(target) × P(extract) × Amount − P(caught) × Cost
P(target) is the probability of correctly identifying someone who holds crypto. P(extract) is the probability of successfully extracting funds under duress. P(caught) is the probability of post-crime consequences. Cost is the expected punishment.
The privacy argument claims to reduce P(target). In practice, it barely moves P(target), meaningfully reduces P(caught), and does nothing to P(extract). Privacy increases EV(attack).
How targeting actually works
The privacy narrative assumes attackers scan the blockchain, find fat wallets, and deanonymize holders. This almost never happens.
The overwhelming majority of wrench attacks start with social context. Someone knows you work in crypto. Someone overhears you at a coworking space talking about a fundraise. A friend of a friend mentions you’re doing well. Your LinkedIn says “blockchain.” You attend conferences. You’re in Telegram groups. I have been genuinely worried about discussing fundraising when I couldn’t get a private booth at a coworking space. That is the actual attack surface. Not Etherscan.
The amounts confirm this. A huge number of wrench attacks target shockingly small sums: 10k, 20k, 50k. These are not sophisticated operations where someone ran chain analysis on a whale wallet. These are opportunistic crimes where someone in the victim’s social orbit knew they probably held some crypto. The attacker doesn’t need to know the exact amount. They just need to believe there’s something worth taking, and roughly understand how to launder the funds.
(There is one notable exception. The recent Coinbase data breach is a case where centralized KYC records linked to account data likely did enable targeting through onchain information. Filter by size and region, choose your target. But this is an argument against centralized KYC databases, not an argument for onchain or transactional privacy.)
P(target) is dominated by offchain social signals. Onchain privacy addresses maybe 5% of the actual targeting surface. You cannot make someone un-know that you work in crypto. You cannot make your neighbour unhear your phone call.
What privacy actually changes
Let’s run the equation again with privacy-by-default.
P(target) barely changes. The social leakage that drives almost all targeting remains fully intact. You might marginally reduce the Coinbase-style data breach vector, but everyday context leakage is untouched.
P(extract) is completely unchanged. Privacy does nothing about the fact that a single signature can move 10 cents or 10 million dollars. The victim is still sitting in front of an attacker with a wrench and a phone that can call your spouse to find that piece of paper with the seed phrase.
P(caught) drops significantly. Right now, even with crypto’s imperfect traceability, victims and law enforcement have some ability to follow funds after a crime. Robbers screwing up their opsec are the norm. (Let’s be real, if you have a deep understanding of how to truly untraceably launder stolen funds, you probably are not interested in an opportunistic wrench attack and can make a better income off of that expertise.) Anyway. Default privacy eliminates this entire layer. The attacker walks away with untraceable funds and zero post-crime risk.
Privacy makes the equation worse! Only reducing P(extract) fixes the wrench attack issue.
The actual solution: granular self-custody
Let’s make self-custody smarter. The problem today is that most people still rely on EOAs or single-entity-controlled multisigs and there is literally no account abstraction tooling that creates granular controls. Control over one person in one moment gives infinite authority at that moment. The same approval that buys a coffee can drain a life’s savings.
Some things we urgently need:
Spending tiers with escalating authentication. Daily spending up to €500 with a single signature. €500 to €5,000 requires a second factor: a different device, a biometric, a short time delay. Above €5,000 requires a co-signer or a 48-hour timelock. Above €50,000 requires multi-party approval from keys in different physical locations.
Duress modes. A duress PIN that appears to comply, sends a small amount, shows a decoy balance, while silently alerting a designated contact and locking remaining funds behind a timelock the attacker cannot bypass.
Timelocks that make hostage-taking impractical. If large withdrawals require 72 hours to settle, the attacker must hold someone captive for three days. That’s reduces all the simple opportunistic attacks.
Contextual constraints. Transactions above a threshold only execute from pre-approved locations, or require confirmation from a device that is not physically co-located with the signer.
More biometrics. More use of passkeys for multisigs, so that you cannot be forced to ask your spouse to dig up that piece of paper hidden in a jar.
Each of these directly attacks P(extract), the variable that dominates the equation. And they work regardless of whether the attacker has perfect information about your wealth. Privacy is fragile because it depends on no one ever finding out. Custody controls work even after they find out.
Let’s fix the vault, not the address
Many rich people are maximally public. Forbes list, posting about your expensive hobbies, showing off your properties and luxury items. Targeting is trivial. I could name 10 places in any city where you can find rich people easily. But that doesn’t help a attacker at all because extraction under duress is structurally impossible. Bank systems have every one of the controls described above baked in by default and they can reverse transactions to top it all off!
Another analogy: we don’t make buildings safe by hiding their addresses. We make them safe with locks, reinforced doors, and time-delayed safes. Everyone can see the bank on Main Street. No one can empty the vault with a wrench in 20 minutes. We have been arguing about whether to hide the address when we should be building the vault.

