San Francisco home invasion
A man posing as a delivery driver entered a home in the Mission Dolores neighborhood around 6:45 a.m. on November 22. He overpowered the resident and took a phone, a laptop and approximately $11 million in cryptocurrency. The San Francisco Chronicle reported the incident, although police did not announce any arrests or provide specific details about the stolen property Sunday. No information about the blockchain or tokens involved has yet been made public.
This is unfortunately not an isolated case. There has been a worrying increase in physical attacks targeting cryptocurrency owners. We’ve seen similar incidents before: a $4.3 million home invasion in the UK, the SoHo kidnapping in which a person was tortured to access a Bitcoin wallet, and France is facing more crypto-related kidnappings. Some high-profile holders have responded by taking extreme security measures, such as the Bitcoin family who distributed their seed phrase across different continents. Wealthy investors are increasingly using protection services.
The chain chase begins
When these thefts occur, the action quickly moves to the blockchain. Even if the theft begins at someone’s front door, the stolen money circulates through public records where it can be traced. This creates a race between thieves attempting to launder funds and authorities using increasingly sophisticated freezing and tracing tools that have grown throughout 2025. USDT on the TRON network often plays a central role in these situations.
The industry’s ability to freeze stolen funds has grown significantly this year thanks to cooperation between token issuers, blockchain networks and analytics companies. Financial crime unit “T3” reported freezing hundreds of millions of dollars in tainted tokens since late 2024. If some of the stolen value is in stablecoins, the chances of stopping it quickly improve as major issuers work with law enforcement to blacklist addresses when notified.
Chainalysis’s 2025 Crime Report shows that stablecoins accounted for approximately 63% of illegal transaction volume in 2024, representing a significant change from previous years when Bitcoin and Ethereum dominated money laundering pipelines. This change is important for recovery efforts because centralized issuers can block spending at the token level and exchanges add additional checkpoints when deposits hit their KYC systems.
Broader trends and challenges
At the same time, Europol warned that organized groups are intensifying their tactics using AI, which can accelerate laundering processes and automate the fragmentation of funds between different chains and services. This makes early notification to issuers and exchanges crucial if destination addresses are known.
The overall situation of victims remains worrying. The FBI’s Internet Crime Complaint Center recorded $16.6 billion in losses from cyberattacks and scams in 2024, with reported crypto investment fraud up 66% year over year. Incidents of physical coercion against crypto holders – sometimes called key attacks – have attracted increased attention throughout 2024 and 2025, as home invasions, SIM swaps and social engineering tactics converge.
Although the San Francisco case involves a single residence, the pattern is familiar: compromised devices, forced transfers or key exports, followed by rapid chain dispersal and tested removal routes. California’s new Digital Financial Assets Act, which took effect in July 2025, adds an additional layer by giving the Department of Financial Protection and Innovation licensing and enforcement authority over certain exchange and custody activities.
Wallet security improvements
On the security front, wallet design has evolved to address threats of physical coercion. Multi-party computation and account abstraction wallets have expanded in 2025, adding policy controls, glitch-free recovery options, daily limits, and multi-factor approval paths that reduce the risk of single-point private key exposure during an in-person incident.
Contract-level time blocks and spending caps can slow down high-value transfers and create windows of time to notify issuers or exchanges if an account is compromised. These controls do not replace basic security practices around devices and home security, but they do change the attack surface when a thief gains access to a phone or laptop.
The investigation now hinges on whether destination addresses become public and whether stablecoin issuers or exchanges have been asked to review and take action. The coming weeks will likely reveal whether stolen funds can be tracked and potentially recovered through the growing network of industrial cooperation and law enforcement coordination.
