Key Notes
- A gunman disguised as a courier bound the victim with tape and forced transfer of wallet access on Nov.22 in San Francisco’s Mission Dolores area.
- Violent attacks against crypto holders hit 61 documented cases globally in 2025, which represents roughly a 65% increase from the approximately 38 recorded last year.
- Identifying suspects in crypto theft cases is usually more achievable than recovering stolen funds, particularly when attackers use tools that hide fund movements.
An armed robber, disguised as a courier, stole $11 million in cryptocurrency from a San Francisco resident on 22 November. The suspect tied up the victim and forced them to hand over access to their digital wallet.
The crime took place shortly before 7 a.m. near 18th and Dolores streets in the Mission Dolores area, according to the San Francisco Chronicle, which reviewed the police report.
<!–
(adsbygoogle = window.adsbygoogle || []).push({});
–>
Exploiting the courier ruse to secure entry, the suspect then drew a firearm. He restrained the homeowner using tape and demanded cryptocurrency wallet passwords. The attacker also seized a computer and mobile phone.
The incident adds to what security researchers describe as an unprecedented year for so-called wrench attacks, which is a term for violent crimes directed at cryptocurrency holders.
Jameson Lopp, co-founder of Casa, a company specializing in personal crypto storage, maintains a public database tracking such attacks.
He has documented 61 cases globally in 2025, which represents roughly a 65% increase from the approximately 38 attacks recorded in 2024.
It is important to highlight that the database contains only verified physical attack events against Bitcoin and cryptocurrency holders.
Recovery Remains Difficult
David Sehyeon Baek, a cybercrime consultant, said in comments to Decrypt that authorities usually work on two fronts during the opening 24 to 72 hours. They track stolen devices while simultaneously attempting to freeze any assets still held on exchanges.
But apart from this, recovery remains unlikely. Coerced transfers allow attackers to move funds within minutes, Baek noted, especially when routed through services designed to hide fund movements.
Catching perpetrators is generally easier than retrieving assets, he said, describing this reality as “the hard truth” for victims.
Delivery Disguise Tactics Spread
The San Francisco attack mirrors tactics deployed in other recent crypto robberies. In a UK case that resulted in prison sentences earlier this month, attackers also disguised themselves as couriers to access a victim’s home before stealing $4.3 million at machete-point.
Investigators in that case found chat logs showing attackers conducted surveillance and photographed the victim’s door while holding a package.
San Francisco police did not respond to media requests for comment. The police report did not disclose whether the victim was injured or if any arrests had been made.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
As a Web3 marketing strategist and former CMO of DuckDAO, Zoran Spirkovski translates complex crypto concepts into compelling narratives that drive growth. With a background in crypto journalism, he excels in developing go-to-market strategies for DeFi, L2, and GameFi projects.