In 2023, businessman Ping Fai Yuen held 2,323 Bitcoin in a Trezor hardware wallet, a “cold wallet” offline for security, protected by a PIN and a 24-word recovery seed phrase. This amount was worth roughly $60 million then; as of March 2026, it’s valued at around $170–180 million depending on exact BTC price fluctuations.
Yuen alleges that his estranged wife, Fun Yung Li, and possibly her sister Lai Yung Li, installed secret CCTV cameras in their family home in an upscale Brighton neighborhood. These cameras reportedly captured him entering or revealing his seed phrase and passwords while he accessed or managed the wallet.
The wife allegedly used this footage to obtain the recovery phrase, access the wallet, and transfer the entire 2,323 BTC across multiple addresses now spread across 71 blockchain addresses. No movements have occurred since December 21, 2023, according to tracking. Yuen’s daughter reportedly warned him in July 2023 that his wife was targeting the Bitcoin amid their divorce discussions.
Register for Tekedia Mini-MBA edition 20 (June 8 – Sept 5, 2026).
Register for Tekedia AI in Business Masterclass.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register for Tekedia AI Lab.
In response, he installed audio recording equipment in the home as a countermeasure. Recordings allegedly captured discussions about the CCTV setup and the hidden passwords and seed phrase. After discovering the theft, Yuen confronted his wife, leading to an altercation where he was charged with and later pleaded guilty to assault in 2024. Police searches of the wife’s property reportedly found hardware wallets and recovery seeds.
The situation escalated into mutual surveillance: the husband recording to gather evidence of the theft, the wife (allegedly) recording to steal the assets. It’s been colorfully described online as “a married couple playing secret agent in their own living room” over this fortune.
Yuen is suing his wife and sister-in-law to recover the Bitcoin. The High Court recently heard arguments in the case, which remains ongoing and unresolved. The stolen funds’ movement across many addresses complicates tracing and recovery under traditional legal frameworks for digital assets.
This story highlights classic crypto security risks: even air-gapped hardware wallets are vulnerable if the seed phrase is compromised via physical surveillance (“wrench attack” variant in a domestic setting). It also shows how divorces increasingly involve hidden or disputed crypto holdings.
A wrench attack (also called a $5 wrench attack or rubber-hose cryptanalysis) in the context of cryptocurrency refers to a type of theft that uses physical force, violence, threats, intimidation, or coercion to force a victim to hand over access to their crypto holdings.
Unlike traditional hacking attempts that try to crack encryption, steal private keys digitally, or exploit software vulnerabilities, a wrench attack bypasses all of that high-tech security by targeting the human element — the person who knows the password, PIN, seed phrase, or recovery words.
The name comes from a famous satirical XKCD webcomic from around 2009–2013, often dated to xkcd #538. In the comic, security experts discuss elaborate encryption schemes, but one character bluntly points out: instead of brute-forcing a strong key, just threaten the victim with a cheap $5 wrench until they reveal the password.
This dark humor highlights a fundamental truth in security: no amount of cryptographic strength protects you if someone can physically compel you to unlock your wallet. Attackers identify wealthy crypto holders through social media flexing (posting gains, luxury lifestyles), blockchain analysis (public wallet activity), news stories, or leaks.
Crypto’s key advantages for attackers: funds are borderless, instantly transferable, irreversible, and hard to trace once moved — making it ideal for quick cash-outs. These attacks have reportedly increased in recent years with 2025 noted as a “record year” in some reports, including dozens to over 70 documented cases globally, as crypto wealth grows more visible and mainstream.
In cases like the married couple scenario with hidden cameras capturing a seed phrase in a domestic dispute, it shows a non-violent variant — surveillance to obtain credentials without direct physical confrontation, but still exploiting the same human and physical vulnerability. True wrench attacks often involve overt violence or threats.
Crypto security experts including maintainers of public incident trackers recommend strategies like: Never publicly reveal or hint at large holdings. Use multi-signature wallets requiring multiple approvals and keys. Employ dead-man switches, time-locks, or sham wallets with small amounts to mislead attackers.
In short, wrench attacks remind us that in crypto, the weakest link is often not the code — it’s the person holding the keys. Strong encryption is great, but it can’t stop a determined attacker with a wrench or worse.