Part of the CustodyStress archive of observed Bitcoin custody incidents
Physical coercion
Cases in this category involve custody arrangements that came under physical or behavioral coercion. Outcomes depend on whether structural protections — geographic key separation, multisig thresholds, or time-delay mechanisms — existed.
Coercion cases reveal a structural tension between custody security and custody survivability under threat. Setups that protect against unauthorized access — passphrases held in memory, keys distributed geographically — can also protect an attacker from being forced to act. Cases where coercion was resisted structurally involve multisig thresholds that cannot be met from a single location, or keys distributed across jurisdictions beyond immediate physical reach.
105 observed cases
Blocked
63 (60%)
Constrained
38 (36%)
Survives
1 (1%)
Indeterminate
3 (3%)
Physical coercion — software wallet (2021)
Mobile or software wallet
A September 2021 case from the Ledger breach follow-up wave describes a Bitcoin holder who received a letter at their home address — obtained from the breach —
They were forced to sign three transactions totalling 2.1 BTC.
Mobile or software wallet
A cryptocurrency trader was targeted in March 2021 by attackers who had purchased the Ledger database from Raidforums. They received threatening voice calls, th
The former colleague threatened to front-run the desk's large orders unless paid 5 BTC
Exchange custody
A Bitcoin OTC desk employee was extorted in June 2021 by a former colleague who had obtained knowledge of the desk's proprietary trading positions. The former c
The attacker claimed to have installed surveillance on the holder's home and demanded 1
Mobile or software wallet
A Bitcoin holder received a series of threatening encrypted messages in August 2021. The attacker claimed to have installed surveillance on the holder's home an
The trader transferred 4 BTC in two instalments before the blackmailer's address was
Exchange custody
An October 2020 case describes a Bitcoin trader who was coerced through a week-long campaign of threatening messages by someone who had obtained their wallet ba
The SIM swap bypassed 2FA on the trader's exchange account, enabling a $45,000
Mobile or software wallet
A Bitcoin trader was the victim of a SIM-swap attack in February 2020. The attacker had obtained the trader's phone number from a compromised exchange database
Physical coercion — software wallet (2020)
Mobile or software wallet
A prominent Bitcoin YouTuber was targeted by attackers who had identified their home address from vehicle registration records. The attackers arranged a deliver
Approximately 400 victims sent 12.86 BTC believing they were responding to a verified
Exchange custody
On 15 July 2020 attackers compromised the Twitter accounts of major public figures and corporations including Barack Obama, Joe Biden, Elon Musk, Apple, and Coi
Blackmail coercion — software wallet (2020)
Mobile or software wallet
A May 2020 documented case describes a Bitcoin holder who received a series of threatening calls claiming the callers had their home address (obtained from the
The letters threatened home invasion unless 0.2 BTC was paid to a specific address.
Mobile or software wallet
Following the Ledger data breach publication in December 2020, a wave of physical threatening letters was sent to addresses in the leaked Ledger customer databa
The data was published on Raidforums in December 2020.
Hardware wallet (single key)
Ledger, the hardware wallet manufacturer, suffered a database breach in July 2020 exposing the personal information of approximately 272,000 customers including
A UK Bitcoin trader was kidnapped in October 2019 and held for 48 hours.
Mobile or software wallet
A UK Bitcoin trader was kidnapped in October 2019 and held for 48 hours. The kidnappers demanded a ransom payable in Bitcoin. The victim's family paid 10 BTC to
The attacker demanded 2 BTC per month.
Mobile or software wallet
A prominent Bitcoin podcaster was extorted in September 2019 by an attacker who claimed to have compromising personal information. The attacker demanded 2 BTC p
They were threatened over a two-week period and ultimately transferred 4 BTC from
Mobile or software wallet
A July 2019 case describes a cryptocurrency exchange employee coerced by organised criminals who had identified the employee's role through LinkedIn. They were
The victim transferred 3 BTC under duress before the attackers fled.
Mobile or software wallet
A cryptocurrency trader was targeted in January 2019 by attackers who had obtained their address from a compromised exchange database. The attackers appeared at
The attacker threatened to send doctored emails to clients falsely claiming the broker
Exchange custody
A Bitcoin OTC broker was blackmailed in April 2019 by an attacker who had hacked their email and found client correspondence revealing the broker's BTC holdings
Physical coercion — exchange custody (2019)
Exchange custody
A cryptocurrency exchange employee was subjected to a prolonged social engineering campaign in June 2019. The attacker spent three weeks posing as an IT support
The attackers transferred 2.5 BTC before leaving.
Mobile or software wallet
A Dutch Bitcoin trader was attacked in March 2019 by individuals who had obtained their home address from a data breach. The attackers posed as a courier servic
The combined theft exceeded 5 BTC before the employee could report the swap to
Mobile or software wallet
A cryptocurrency exchange employee was SIM-swapped in February 2018 by attackers who had obtained their personal information from a data breach. The attackers u
Physical coercion — software wallet (2018)
Mobile or software wallet
A cryptocurrency exchange employee was targeted in March 2018 by an attacker who had social-engineered their personal email access. The attacker used the email
The attacker demanded 1.5 BTC to withhold publication.
Mobile or software wallet
A May 2018 documented case describes a Bitcoin holder threatened with exposure of personal information obtained through a data breach. The attacker demanded 1.5
The broker transferred 12 BTC before reporting to police.
Exchange custody
A September 2018 incident describes a cryptocurrency OTC broker coerced by organised criminals who threatened violence against their family if they did not tran
A cryptocurrency investor was kidnapped in November 2018 and held for two days.
Mobile or software wallet
A cryptocurrency investor was kidnapped in November 2018 and held for two days. The kidnappers demanded that the victim transfer all accessible Bitcoin. The vic
The attacker demanded 2 BTC in exchange for not publishing the information.
Mobile or software wallet
A December 2018 documented case describes a cryptocurrency blogger who was blackmailed by someone who had obtained compromising information. The attacker demand
The trader transferred approximately 8 BTC under physical threat.
Mobile or software wallet
A Bitcoin trader was the victim of a targeted attack in June 2018. Attackers who had identified the trader's holdings from public blockchain analysis attended t
Translate