An ordinary doorstep turned into a crime scene on Dorland Street when a man disguised as a delivery worker used deception and force to gain entry into a San Francisco home, walking away with millions in cryptocurrency and leaving fears of a wider, organised pattern of violence against crypto investors.
Courier Disguise Used To Breach Mission Dolores Home
Shortly before 7 a.m. on 22 November 2025, a suspect dressed in dark clothing, sunglasses, a hoodie and gloves approached a residence near 18th and Dolores streets in the Mission Dolores area.
He carried a white box and buzzed the intercom, asking for “Joshua” and claiming he had a delivery that required a signature.
When the resident opened the door, the suspect maintained the act, asking, “Could you sign for this?” before pretending to search for a pen.
As the victim turned to find one, the man followed him into the home.
Moments later, a loud bang was heard and the staged delivery turned into a violent intrusion.
Gun, Duct Tape And Forced Wallet Access
Once inside, the suspect pulled a firearm and demanded the victim’s cooperation.
The resident was bound with duct tape and forced to provide access to a cryptocurrency wallet.
The attacker then fled with approximately US$11 million in digital assets, along with the victim’s mobile phone and laptop.
No injuries have been confirmed.
San Francisco Police Department has launched an investigation but, as of publication, no arrests have been made and further details regarding the specific assets stolen have not been released.
Home Security Footage Reveals Premeditation
Footage shared on X by Y Combinator CEO Garry Tan showed the suspect carefully avoiding the door camera, turning his face away as he approached the entrance.
The deliberately chosen disguise and scripted conversation suggest a degree of planning rather than an opportunistic hit.
Following the incident, Tan urged nearby residents to review their cameras and contact authorities if they had any footage between 4:30 and 6 p.m. in the area around Mission Dolores Park.
Tan wrote,
“We have to find the perpetrator. Time is of the essence.”
‘Wrench Attacks’ On The Rise Globally
The San Francisco robbery is the latest in a rising wave of physical assaults on crypto holders, commonly referred to as “wrench attacks” — where victims are threatened or harmed to force the surrender of passwords or private keys.
The term comes from a webcomic illustrating that even the strongest encryption can be defeated with basic physical violence.
Jameson Lopp, co-founder of Casa, has documented 61 verified physical attacks on crypto owners globally in 2025, up from around 38 in 2024 — a rise of roughly 65%.
Data provided by Jameson Lopp during his Litecoin Summit 2025 presentation in May. (Source: Youtube)
Some reports suggest the increase could be even steeper when unreported cases are taken into account.
In March, streaming star Amouranth and her husband were targeted by armed intruders demanding access to crypto wallets.
The attempt was stopped only after her husband fired shots, forcing the attackers to flee.
Four teenagers were later charged in that case.
Other cases this year include a brutal UK home invasion involving machetes and a Manhattan kidnapping where an Italian businessman was tortured for Bitcoin access.
Tracking The Money As Funds Move Faster Than Police
Once credentials are handed over, funds can be moved across multiple chains in minutes.
Cybercrime consultant David Sehyeon Baek explained that investigators typically work on two fronts in the first 24 to 72 hours: tracing stolen devices and attempting to freeze assets that enter centralised exchanges.
Baek said,
“Catching the attackers is usually easier than getting the money back.”
Stablecoins are playing a growing role in these cases.
Chainalysis reported that stablecoins made up about 63% of illicit transaction volume in 2024.
If the stolen funds include stablecoins, issuers may be able to blacklist addresses and stop transactions, improving the chance of recovery.
The T3 Financial Crime Unit, formed by actors including TRON and Tether, has already frozen hundreds of millions in suspicious funds since late 2024.
This has made speed and early reporting crucial in cases like the San Francisco attack.
A Wider Climate Of Rising Crypto-Linked Crime
The FBI’s Internet Crime Complaint Center recorded US$16.6 billion in cyber and scam losses in 2024, with crypto investment fraud up 66% year-on-year.
Physical attacks are now merging with digital crime as criminals track targets through social media, blockchain records and public exposure at events.
California’s Digital Financial Assets Law, which came into effect in July 2025, gives the state authority to regulate certain exchanges and custody services.
While this does not directly protect self-custodied wallets, it can bring oversight to off-ramps thieves rely on to convert digital assets into cash.
Security Shifts Among High-Value Crypto Holders
The growing threat has driven behavioural changes among major holders.
Some are distributing seed phrase parts across continents, moving to multi-signature wallets, hiring personal security teams or purchasing insurance policies that now include coverage for physical coercion tied to cryptocurrency theft.
Despite improved tracking tools, the pattern remains consistent: forced access, rapid transfers and a tight window for intervention.
A Dangerous New Normal For Digital Wealth
Coinlive believes the message is becoming impossible to ignore: digital assets no longer carry only digital risk.
As violence spills offline, the industry faces a stark choice — evolve how wealth is protected or accept a future where a knock at the door could be more dangerous than any online hack.
Weatherly
