As cryptocurrency prices rise, and given the difficulty of reversing blockchain transactions once transferred, a new form of crime is emerging globally. Criminals are no longer just hacking online accounts; they are directly targeting investors, using home invasions, armed threats, and even kidnapping to force them to unlock their phones and wallets to complete transfers. Statistics show that since 2020, more than 215 physical cryptocurrency attacks have been recorded globally, and the number of cases in 2025 is almost double that of the previous year. Victims are no longer limited to high-level figures in the crypto or those flaunting their wealth; increasingly, ordinary-looking individuals with modest assets but holding a certain amount of cryptocurrency assets are becoming part of the broader group of small and middle-class investors.
From remote hacking to offline violence, small investors are actually more vulnerable to being targeted.
The report cites the example of Julia (pseudonym), a retired female investor in Florida. In 2021, she lost nearly 90% of her crypto assets in just a few minutes due to a SIM card swapping attack, almost wiping out her life savings. This incident was originally a typical remote hacking crime, but as telecommunications companies and trading platforms have gradually strengthened their cybersecurity, the methods of crime have also changed.
Late at night in 2022, Julia became a target again. Three assailants broke into her home through a French window, demanding her phone and wallet PINs at gunpoint and rifle, explicitly threatening to kill her if she didn't cooperate. The assailants had scouted the location beforehand, knowing that the resident was elderly and had limited mobility, and that neighbors wouldn't easily hear her cries for help. The attack was ultimately thwarted by her home alarm, but it also revealed a reality:
"When an account is difficult to hack, the investor himself becomes the most direct vulnerability."
(Note: In a SIM card swapping attack, hackers impersonate the victim and request the telecommunications company to transfer the victim's mobile phone number to a SIM card under their control. Once the transfer is successful, they can intercept SMS verification codes and take over the victim's account, causing significant financial losses.)
Targeting investors whose homes lack security deposits is not an option; you can't just rob them directly.
Investigations reveal that these criminal teams typically have a clear division of labor: technicians screen targets using leaked data and transaction records, while an action team handles the actual intrusion into residences. The perpetrators particularly favor so-called "actual investors"—middle-class or retired individuals who do have cryptocurrency assets in their accounts, but not enough to hire security guards, live in luxury homes, or install advanced security systems.
In 2023, a retired teacher couple in North Carolina had their home broken into by people posing as utility workers. They were beaten, threatened with dismemberment, and forced to log into their cryptocurrency trading account, where over $150,000 in cryptocurrency was transferred out in a short period. Police later pointed out that the perpetrators targeted these households because they were "asset-rich but relatively vulnerable."
Institutional gaps remain, making it difficult for small investors to bear the risks.
The report also points out that some victims were able to receive compensation because they subscribed to the trading platform's paid protection plan, but these plans are not insurance in the traditional sense and mostly do not explicitly cover situations where "authorization of transfers was forced under duress." Whether or not compensation is paid is often determined on a case-by-case basis.
Meanwhile, the crypto industry remains divided on Know Your Customer (KYC) procedures. One side argues that the concentration of large amounts of personal data makes investors easier to target, while the other side points out that this data has helped law enforcement successfully track down suspects in numerous cases. Regardless of their stance, the current situation suggests that the risks largely fall on the investors themselves, especially those with relatively small assets who are still potential targets.
Holding crypto assets can itself be a risky activity.
The report concludes by pointing out that as more and more ordinary people regard cryptocurrencies as investment tools similar to stocks and funds, these cases of "offline violent forced transfers" are no longer extreme isolated incidents, but rather a spreading criminal pattern.
For many small or middle-class crypto investors, the risk comes not only from price fluctuations or market crashes, but also from the fact that their personal safety is threatened once they are convinced that "you may have cryptocurrency."
This article, titled "If this doesn't scare you, we'll break into your house at gunpoint!", reports a surge in violent robberies targeting small cryptocurrency investors. The article first appeared on ABMedia, a ABMedia .
