Key Highlights
- A fake delivery man tied up a San Francisco resident and stole $11 million in crypto during a violent home robbery.
- The attack mirrors a rising trend of courier-disguise crypto robberies, with global “wrench attacks” up 65% in 2025.
- Experts warn recovery is unlikely because stolen crypto moves within minutes, making tracing and reversal extremely difficult.
A San Francisco resident lost $11 million in cryptocurrency after an armed robber, disguised as a delivery man, forced his way into his home in the Mission Dolores neighborhood.
The attack, which occurred on November 22, has highlighted a growing trend of violent “wrench attacks” targeting crypto holders worldwide.
How the robbery unfolded
According to a local report, the suspect approached the victim’s home on Dorland Street carrying a white box and wearing dark clothes, gloves, a hoodie, and sunglasses.
Home security footage posted by Y Combinator CEO Garry Tan shows the masked attacker buzzing the home and asking for “Joshua,” claiming he had a package requiring a signature.
After the victim opened the door, the suspect continued the courier act, asking for a pen. Once the homeowner stepped back inside to look for one, the intruder followed him into the house.
Moments later, a loud bang was heard off-camera. Police say the suspect then drew a gun, bound the victim with duct tape, and stole his phone, laptop, and access to his crypto wallet before fleeing.
Officers arrived around 6:45 p.m. and found the victim with non-life-threatening injuries. No arrests have been made so far.
A growing wave of physical crypto attacks
Security experts say this attack mirrors a rise in physical crypto robberies worldwide. Jameson Lopp, Co-Founder of crypto security firm Casa, has documented 61 verified physical attacks on crypto holders so far in 2025, a sharp jump from 38 cases in 2024. Many involved disguises or forced entry tactics.
A similar case in the UK earlier this month saw attackers pose as delivery persons before stealing $4.3 million in crypto at machete-point. Investigators later found surveillance photos showing the suspects studying the victim’s home.
Why the crime matters
Cybercrime specialist David Sehyeon Baek said that recovering stolen crypto remains extremely difficult. Even when police track devices or try to freeze exchange funds in the first 72 hours, attackers usually move assets within minutes using mixers (tools used to obscure the transaction trail on the blockchain) or private wallets. “Catching perpetrators is easier than retrieving assets,” Baek said.
The San Francisco incident has sparked renewed debate over self-custody dangers. Tan noted on X that long-term vault storage on regulated platforms may offer safer protection.
Meanwhile, the police are continuing to investigate and urging residents with camera footage from the area to come forward with any information they may have.
Also Read: GANA Payment Hit by $3.1M Exploit as Hacker Uses Tornado Cash
