CertiK data shows criminals bypassing blockchain security to target holders directly, shifting risk from code to physical safety. The $100M+ in losses since January signals a threat exchanges can't patch.
Crypto investors have lost more than $100 million to physical extortion in the first four months of 2026, according to blockchain security firm CertiK. The figure, covering only January through April, marks a sharp escalation in a threat vector that bypasses every technical safeguard the industry has built. Criminal groups are increasingly targeting the people behind digital wallets rather than the code securing them.
The simple read is that a hardware wallet or a multisig setup stops a remote hacker. The better market read is that no amount of cryptographic security can protect an asset holder who is physically coerced into signing a transaction. Once a transfer is authorized under duress, it is indistinguishable from a legitimate one on-chain. There is no exploit to patch, no smart contract to audit, and no insurance claim that automatically covers a wrench attack unless the policy explicitly includes physical theft.
CertiK’s data shows that criminals are researching high-net-worth individuals through social media, conference appearances, and blockchain analytics. They then use threats or violence to force the victim to move funds to an attacker-controlled address. Because the victim initiates the transaction, exchanges and custodians see a standard withdrawal. The funds are often immediately swapped or funneled through mixers, making recovery nearly impossible.
This is not a new phenomenon, but the scale is now large enough to alter the risk calculus for anyone holding material crypto wealth. A single incident can wipe out years of gains, and the psychological barrier to reporting such crimes means the true figure is likely higher. The $100 million floor is a conservative estimate based on confirmed cases.
The industry has spent billions on smart contract security, formal verification, and bug bounties. Those defenses are irrelevant when the attack surface is the human being holding the private key. A multisig that requires three signatures simply means the attacker must coerce three people. A time-locked vault only delays the inevitable if the victim is under continuous threat.
This shifts the security burden from developers to the individual and, by extension, to the platforms that serve them. Exchanges and OTC desks that handle large client flows now face a new reputational and operational risk. If a known client is targeted, the platform’s custody model and withdrawal limits become part of the attack surface. A criminal who knows a victim uses a particular exchange can time the attack around withdrawal windows or customer support hours.
For active traders, the immediate concern is personal safety, but the secondary effect is on market liquidity. Large holders who become aware of the physical threat may move assets into less accessible but more secure custody solutions, such as institutional-grade vaults with geographic distribution and armed security. That capital becomes less liquid, reducing the float available for spot trading and potentially widening spreads during volatile moves.
OTC desks, which already operate on thin margins of trust, may need to implement physical security protocols for in-person settlement. The cost of doing so will be passed on to clients, raising the effective transaction cost for large block trades. This could accelerate the shift toward regulated, insured custodians that can offer a credible physical security layer, further concentrating custody among a few large players.
The $100 million figure is a catalyst that will force a response from the infrastructure layer. The next concrete development to watch is whether major custodians and exchanges publicly address physical security in their terms of service or insurance policies. If a platform like Coinbase or BitGo begins marketing a policy that explicitly covers physical coercion, it will set a new standard for institutional participation. Conversely, silence from the industry will leave a gap that sophisticated criminals will continue to exploit.
For individual traders, the decision point is whether to treat physical security as a personal matter or as a criterion for choosing a platform. The answer will shape the next generation of custody products and, ultimately, the accessibility of crypto wealth.
Drafted by the AlphaScala research model and grounded in primary market data – live prices, fundamentals, SEC filings, hedge-fund holdings, and insider activity. Each story is checked against AlphaScala publishing rules before release. Educational coverage, not personalized advice.