The San Francisco Home Invasion
A man pretending to be a delivery worker entered a home in the Mission Dolores neighborhood around 6:45 in the morning on November 22. He restrained the resident and took a phone, laptop, and about $11 million worth of cryptocurrency. The San Francisco Chronicle reported this incident, though police hadn’t announced any arrests or provided specific details about the stolen assets by Sunday. No information about which blockchain or tokens were involved has been made public yet.
This isn’t an isolated case, unfortunately. There’s been a worrying increase in physical attacks targeting cryptocurrency owners. We’ve seen similar incidents before – a $4.3 million home invasion in the UK, the SoHo kidnapping where someone was tortured to access a Bitcoin wallet, and France dealing with more crypto-related kidnappings. Some prominent holders have responded by taking extreme security measures, like the Bitcoin Family that distributed their seed phrase across different continents. High-net-worth investors are increasingly hiring protection services.
The On-Chain Chase Begins
When these thefts happen, the action quickly moves to the blockchain. Even though the robbery starts at someone’s front door, the stolen money travels across public ledgers where it can be tracked. This creates a race between the thieves trying to launder the funds and the authorities using increasingly sophisticated freeze-and-trace tools that have developed throughout 2025. USDT on the TRON network often plays a central role in these situations.
The industry’s ability to freeze stolen funds has grown significantly this year through cooperation between token issuers, blockchain networks, and analytics companies. The “T3” Financial Crime Unit has reported freezing hundreds of millions of dollars in tainted tokens since late 2024. If any of the stolen value is in stablecoins, the chances of stopping it quickly improve because major issuers work with law enforcement to blacklist addresses when notified.
Chainalysis’s 2025 crime report shows that stablecoins accounted for about 63% of illegal transaction volume in 2024, which represents a significant shift from previous years when Bitcoin and Ethereum dominated money laundering pipelines. This change matters for recovery efforts because centralized issuers can block spending at the token level, and exchanges add additional control points when deposits touch their KYC systems.
Broader Trends and Challenges
Meanwhile, Europol has warned that organized groups are scaling their tactics using AI, which can speed up laundering processes and automate the fragmentation of funds across different chains and services. This makes early notification to issuers and exchanges crucial if destination addresses become known.
The overall picture for victims continues to look concerning. The FBI’s Internet Crime Complaint Center recorded $16.6 billion in cyber and scam losses in 2024, with reported crypto investment fraud rising 66% year over year. Physical coercion incidents against crypto holders – sometimes called wrench attacks – have drawn more attention throughout 2024 and 2025 as home invasions, SIM swaps, and social engineering tactics converge.
While the San Francisco case involves a single residence, the pattern is familiar: compromised devices, forced transfers or key exports, followed by rapid on-chain dispersion and tested cash-out routes. California’s new Digital Financial Assets Law, which took effect in July 2025, adds another layer by giving the Department of Financial Protection and Innovation licensing and enforcement authority over certain exchange and custody activities.
Wallet Security Improvements
On the security front, wallet design has been evolving to address physical coercion threats. Multi-party computation and account-abstraction wallets have expanded in 2025, adding policy controls, seedless recovery options, daily limits, and multi-factor approval paths that reduce the risk of single-point private key exposure during an in-person incident.
Contract-level time locks and spending caps can slow down high-value transfers and create windows of time to notify issuers or exchanges if an account is compromised. These controls don’t replace basic security practices around devices and home safety, but they do change the attack surface when a thief gets access to a phone or laptop.
The investigation now depends on whether destination addresses become public and whether stablecoin issuers or exchanges have been asked to review and take action. The next few weeks will likely reveal whether the stolen funds can be tracked and potentially recovered through the growing network of industry cooperation and law enforcement coordination.
