$5 Wrench Attacks: When Cryptocurrency Crime Get Physical

For years, the world of cryptocurrency has been synonymous with cutting-edge digital security and the constant threat of sophisticated cyberattacks. The community has honed its skills in protecting its assets from malware, fraudsters, and cybercriminals. But what if the biggest threat to your cryptocurrency is not lurking in the digital shadows, but right outside your door, wielding something as primitive as a “wrench”?

Our paper, Investigating Wrench Attacks: Physical Attacks Targeting Cryptocurrency Users,” published in the Advances in Financial Technology Conference (AFT 2024), shatters the illusion that cryptocurrency crime is purely an online phenomenon. It exposes a deeply unsettling reality: physical “wrench attacks”, crimes where perpetrators use force or the threat of force to steal cryptocurrencies. These attacks are violent, underreported and alarmingly effective. In recent months, the cryptocurrency ecosystem has been shaken by a surge of serious and violent wrench attacks, including kidnappings and murders. An example is the recent kidnapping of David Ballad, the co-founder of Ledger, the famous cryptocurrency hardware wallet company. Wrench attacks have existed since Bitcoin’s early days, even affecting prominent figures in the space like Hal Finney.

Beyond the Keyboard: What is a $5 Wrench Attack?

The term “wrench attack” originated from a popular XKCD webcomic, depicting a scenario where a physical threat (a $5 wrench) is used to extract information from a victim’s computer, bypassing complicated digital security without the need for technical efforts. In the context of cryptocurrency, these attacks are precisely that: old-school physical assaults or threats targeting cryptocurrency owners to illegally seize their assets or the means to access them. In our paper, we propose the first formal legal definition of the attack, in addition to its crime elements as per criminal law norms, to help identify the precise scope and measurement of the attack.

What makes these attacks so distinct and perilous compared to any other cryptocurrency crime?

Continue reading $5 Wrench Attacks: When Cryptocurrency Crime Get Physical

A Regulatory “Trial and Error” Phase Shaping the Cryptocurrency Ecosystem

In general, the broad aim of regulation is to organise the relationship between persons and to protect their rights and interests in society. However as we have discovered, this has not been the case within the cryptocurrency space.

It has been almost 15 years since Satoshi Nakamoto published the Bitcoin whitepaper. Since then, this seminal document posted on a mailing list, catalysed the emergence of an entirely new-transnational field. Considering the substantial time that has passed and the widespread popularity of cryptocurrencies, one would expect regulators to have at least figured out ‘how’ and ‘what’ to regulate, right? But it appears not so. Regulators do not seem to want to provide long-term, serious solutions, but rather a collection of outdated bandages of reactions that mostly portray the illusion of a solution, with not-so-hidden intentions in mind.

The cryptocurrency ecosystem itself has often been compared to the Wild West. Nevertheless, this also applies to its journey to be regulated. A journey full of ill-suited regulatory approaches that resulted in a plethora of dilemmas. We explore this tension between the technology and regulation in our latest paper “Shaping Cryptocurrency Gatekeepers with a Regulatory ‘Trial and Error’”, with a primary focus on the Financial Action Task Force’s recommendations, and the EU’s 5th Anti-Money Laundering Directive.

Historically speaking, it was only after the rising popularity of the Silk Road and the collapse of the most popular (at the time) exchange Mt. Gox, that regulators realised that they needed to take action. The advertised main objective here is the curbing of criminal activity and providing regulatory protection to consumers/users. However, until only recently, most of the regulatory steps taken by most regulators choosing to act, were approaches mainly targeting money laundering and terrorist financing, with other limited initiatives here and there. Whilst this approach might have had some potential benefits, it was not 1. comprehensive, 2. global, 3. stable/constant, or 4. tailored to address the specific risks and characteristics of cryptocurrencies. In other words, different regulators have been testing diverse approaches, simultaneously, without engaging with one another, and without properly acknowledging the true needs and risks of the ecosystem.

Continue reading A Regulatory “Trial and Error” Phase Shaping the Cryptocurrency Ecosystem