DoorDash accounts became a vulnerability in an encryption wrench attack; three suspects have been charged

According to a report by the San Francisco Chronicle, three men accused of participating in a cryptocurrency wrench attack-related criminal network have been indicted and face two specific charges. Investigators said the three are believed to be members of a larger-scale criminal organization and are suspected of being linked to multiple cases that used the same methods. The attackers allegedly stole delivery app accounts such as DoorDash, posed as legitimate delivery drivers to approach the victims’ residences, and then used violent means to force them to transfer their cryptocurrency assets.

Crime Method Breakdown: How DoorDash Accounts Are Used to Get Close to Victims

In an interview with the San Francisco Chronicle, an investigative detective laid out the group’s complete logic for carrying out the operation, showing highly systematic, premeditated characteristics rather than random street crime.

First, the attackers identify target individuals who hold large amounts of cryptocurrency, then begin long-term surveillance, thoroughly analyzing the targets’ daily habits and spending patterns. The detective described: “They’ll figure out your habits, your daily routine, what you usually order online, and what you usually get delivered?”

After learning the target’s habits, the attackers steal the victim’s DoorDash or Uber Eats account and use the delivery apps as a tool to get close. One victim told the Chronicle, “My DoorDash and Uber Eats accounts were hacked.” The attackers then used the stolen accounts to create fake delivery notifications, initiating in-person contact at the victim’s own doorstep, and ultimately used threats of violence to force the victim to hand over cryptocurrency assets or private keys.

The core logic of this method lies in bypassing all technical security measures—the attack target is not the encryption algorithm, but the person who controls the private key itself.

The Global Spread of Cryptocurrency Wrench Attacks: From San Francisco to Paris

The indictment case in San Francisco is not an isolated incident. Physical threats against cryptocurrency holders have become an international security issue, and they have spread beyond the crypto community to a wider group of victims.

Notable Wrench Attack Cases in Recent Years

France’s Waltio: Crypto tax company Waltio was extorted; the attackers tried to obtain funds through extortion

UK’s Sillytuna: A UK crypto firm was also targeted by this kind of attack

Ledger co-founder David Balland: The co-founder of hardware wallet manufacturer Ledger was attacked in France; France has become a high-frequency location for incidents of this type

Nancy Guthrie: The mother of Savannah Guthrie, the host of NBC’s Today Show, was kidnapped. Reports say the criminals demanded a Bitcoin (BTC) ransom, showing that even people who don’t hold crypto have become targets

The censorship-resistant transfer and pseudonymity of cryptocurrencies make their holders high-risk targets for attacks at the physical level. These cases clearly show that strong digital security measures are not enough to withstand an attack pattern centered on threats to people.

Frequently Asked Questions

What Is a Cryptocurrency Wrench Attack (Wrench Attack)?

A wrench attack is a pattern of physical-threat crimes targeting cryptocurrency holders. The attacker directly coerces the victim into transferring cryptocurrency assets or handing over private keys through violence or threats. Unlike online intrusions, this kind of attack completely bypasses technical security protections and directly targets the person who holds the private key itself. It is one of the threat types in the crypto security space that is most difficult to defend against through technical means.

Why Would Criminals Steal a DoorDash or Uber Eats Account?

By stealing delivery app accounts, criminals can naturally appear at the victim’s doorstep as legitimate delivery drivers without needing to forcibly break in, creating an opportunity for close-range contact. The high frequency of victims using delivery services makes it hard for them to be suspicious of the person who knocks, making this an efficient form of disguise for carrying out the attack. At the same time, it enables the attackers to collect the victim’s specific address and details about their daily routine.

How Can Cryptocurrency Holders Reduce the Risk of Becoming a Wrench Attack Target?

Key protection recommendations include: avoiding publicly disclosing the size of your crypto holdings or details of your investment portfolio on social media; using a receiving address different from your actual residence; regularly changing delivery app account passwords and enabling two-factor authentication (2FA); and avoiding disclosing specific cryptocurrency holdings in public settings, reducing the chance of being targeted by a premeditated attack.