The $5 wrench attack is the one threat a hardware wallet alone can't solve. Bitkey's Max Guise on what actually protects your bitcoin when someone shows up at your door: privacy, distributed keys, and a time-lock vault that makes your coins un-moveable long enough that hostage-taking stops paying.
↓ Jump to the video and timestamps
There is one attack on your bitcoin that no amount of cryptography can stop. You can run a 12-word seed, a passphrase, a hardware wallet, a hidden vault, and all of it collapses the moment someone is standing in your kitchen willing to hurt you until you sign. It has a name in this world, the $5 wrench attack, and the name is the whole point: the cheapest tool in the hardware store beats the most expensive math on earth. The phrase comes from an old xkcd comic where the hacker skips the supercomputer and just hits the guy with a wrench until he gives up the password.
For most of bitcoin's history that was a thought experiment. It is not anymore. France has turned into the epicenter of a genuine wave of these attacks, and the United States is catching up fast. So when Max Guise from Bitkey came on the show, the new hardware in my hand was the hook, but the conversation I actually wanted was this one: when the threat model stops being a hacker and starts being a person at your door, how do you not get robbed for your bitcoin?
Max runs Bitkey and Proto at Block, which makes Bitkey a TFTC sponsor, and I want to be straight about that up front. This is not an ad. The reason the episode is worth your time is that Max was candid that nobody, his team included, has solved the wrench-attack problem, and then he walked through the design they are working on in public anyway. What follows is the practical version: what holds up when you are coerced, what does not, and where the protection actually lives.
The thing that makes the wrench attack different from every other risk in self-custody is that it routes around all of them. Phishing, malware, supply-chain tampering, a bad random number generator: those are problems you can engineer away. A person willing to use force is not a software bug. The hardware wallet that protects you perfectly against a remote attacker offers nothing against a local one who can make you unlock it yourself.
And the data has turned. France has become the global focal point, with CoinDesk reporting roughly 72 verified physical-coercion incidents worldwide in 2025, a jump of about 75% over the prior year, against a running tally of 188 since 2014. The cases are not abstract. In January 2025, Ledger co-founder David Balland was kidnapped and had a finger severed as part of a ransom demand; months later another French victim was abducted off a Paris street and mutilated the same way before police freed him. Marty raised France specifically in the conversation because the headlines this year have made it impossible to ignore.
Max's framing was honest in a way the marketing usually is not. He pointed to Jameson Lopp's running chronicle of physical attacks, the most-cited public record of these incidents, as the thing that "can help put some numbers behind" what everyone senses. His read matched mine: there is a clear acceleration, and it is an industry problem, not a Bitkey problem. Nobody has shipped the answer.
Before any of the clever wallet design, the most boring protection is also the most effective, and it is the one Max kept circling back to: do not be a target in the first place. Wrench attacks are not crimes of opportunity where someone notices a wallet on a stranger. They are planned. Somebody decided, in advance, that you specifically were worth the risk, which means the attack starts long before the door, in whatever signal told them you hold bitcoin.
That is why the privacy work Bitkey shipped this year matters more to the wrench-attack story than it first appears. The standard trade-off in collaborative custody is that the company holding your third key can see everything: your balance, your full transaction history, every address. Bitkey closed that leak with a technique called chain code delegation, now assigned BIP-89 and authored by current and former members of their engineering team. The short version is that the server can still help you recover and enforce spending policy without ever learning your balance or history. Max called it "relatively deep cryptographic magic," and proposed it as an open standard any wallet can adopt rather than a Bitkey moat.
The reason to care, in wrench-attack terms: every party that can see your holdings is a party that can leak them, get breached, or get compelled. Shrinking that surface shrinks the odds you ever end up on someone's list.
The most common advice you will hear is the duress wallet, sometimes called a decoy: a second wallet with a small amount in it that you hand over while your real stack stays hidden behind a passphrase. Hardware wallets do support this, and it is not useless. But Max was openly skeptical of leaning on it, and his reasoning is worth sitting with.
These designs assume two things hold true during a violent attack. First, that the attacker did no research and will believe whatever balance you show them. Second, that you will keep your composure well enough to run the deception while someone is threatening you or your family. Max's point was blunter than most vendors will be: when the people you love are suddenly in danger, "it doesn't matter what kind of practicing you did with lying about your balance." A protection that depends on your own performance under maximum duress is not a protection you should bet your safety on.
The deeper problem is structural. A duress wallet is still a key-based answer to a problem that defeats keys. If the attacker can make you sign, they can in principle make you sign from the real wallet too. The whole category is trying to win a game whose rules say the coerced party loses.
Here is where the conversation got genuinely new, and where Max was clear he was sharing a roadmap rather than a shipped feature. Bitkey's design thinking starts from a single observation about the attacks themselves: almost all of them, in Lopp's record, resolve in under 24 hours. Attackers show up, apply force, and leave. They are not willing to hold someone hostage for a week.
So the defense is not secrecy, it is time.
We think that velocity is one of the best possible tools that we can give people.
The mechanism Max described is a vault enforced jointly by Bitkey hardware and Bitkey servers. Your default path to move money becomes a withdrawal request, not an instant send. Initiating it starts a delay you configure yourself, a week, a month, longer, with a biometric liveness check at the start and again when the timer expires. This is not exotic cryptography. Bitcoin has had relative time-locks at the protocol level for years, the OP_CHECKSEQUENCEVERIFY mechanism from BIP-112, and Max confirmed Bitkey can build this on existing primitives because the server can enforce the policy without waiting on any new soft fork. (He acknowledged that covenant-style proposals could enable different properties down the line, with trade-offs he said were "a whole nother episode.")
Then he closed the obvious hole. What if the attacker simply takes your devices and waits out the timer? Bitkey's answer is what they call an ejection destination: after the delay, the funds don't unlock in place, they sweep to a different wallet you designated in advance, a friend's setup, another of your wallets, even a custodian. You are never meant to actually use it. It only fires in the precise case where you were attacked and the attacker walked off with your keys and waited. In every normal case, you withdraw from the vault before the timer runs and the app helps you do it.
It is a creative inversion. Instead of trying to hide value from a coercive attacker, you make the value un-moveable on their timeline and self-destructing into someone else's hands if they persist. Max was explicit that the team wants community feedback, including on whether to build it at all, which is a more honest place to leave it than a press release.
It is worth being precise about what Bitkey's architecture is, because the wrench-attack design depends on it. Bitkey is a 2-of-3 multisig: one key on the hardware device, one on your phone, one held on Bitkey's server. Any two sign a transaction. You hold two of the three, so you can always move your own money without the company, and the company can never move it without you. The server key exists for recovery and for an opt-in transfer-without-hardware path under a daily limit you set.
For the wrench-attack problem, the server key is the quiet hero. A purely local setup has nothing to appeal to when an attacker controls you and your devices in your home. A remote policy-enforcing key does. It is what lets a time delay exist that no amount of in-room coercion can fast-forward, because part of the rule lives somewhere the attacker is not. There are trust assumptions in that, and Max did not pretend otherwise, but it is the structural reason Bitkey thinks it can attempt this at all.
The seedless design, the choice longtime bitcoiners are most suspicious of, turns out to be a wrench-attack feature rather than a bug. Max made the case directly:
Seed phrases are vulnerability. They're too instant, they're too portable.
A seed phrase is a bearer secret that moves money anywhere, instantly, the second someone has it. That is precisely the property you do not want when the someone is an attacker who can take it and leave. Bitkey moves value between wallets using bitcoin transactions governed by its recovery system instead of a portable secret, and Max argued that is exactly what positions the device to enforce delays a seed phrase would let an attacker bypass. Whether you accept that trade is a real debate, and an old one, but in the wrench-attack frame the logic holds together.
The headline change in the new Bitkey is a screen, and it connects to the same theme. The most-requested feature on the original seedless device was the ability to verify on the hardware itself: the receive address, the send address, and now account-critical changes like the recovery email tied to your wallet. With a screen, a signature happens entirely on the device and you see exactly what you are approving, including an attacker-initiated email swap you would otherwise never notice.
Marty tied this to where the whole space is heading, especially with AI making remote manipulation cheaper and more convincing:
Having to confirm on the hardware is something I'm becoming more confident will be a prerequisite for interacting with wallets in the future.
The principle underneath is the one that also defeats a lot of remote attacks: bring it back to atoms. If changing anything requires the physical object in your hand, the class of attacks that work purely through software and social engineering shrinks. It does not solve the wrench attack, where the attacker has the atoms too, but it is the foundation the time-lock vault is meant to sit on.
The wrench-attack material was the spine of the conversation, but Max's broader argument is worth flagging because it frames why Block builds any of this. His through-line is making bitcoin everyday money, and the most concrete version was the merchant case. A business running a 10 to 15% margin pays card-network fees of around 3% on every sale, and because that fee is computed on the ticket and not the profit, it can eat 20 to 30% of what the business actually keeps. As he put it, "that 3% is computed on the ticket size, not their profits." That is the un-sexy, bottom-line reason a Square seller might reach for bitcoin rails, bitcoiner or not, and it is the demand side of the same project that has Bitkey worrying about how those holders keep their coins safe once they have them.
Max Guise is Bitkey and Proto Lead at Block, where he runs the company's self-custody bitcoin hardware wallet (Bitkey) and its modular mining system (Proto). Before stepping into that role he was Block's Hardware Security Lead, building and running the product-security and security-engineering teams responsible for protecting Square's hardware and core technology stack. He is on X at @max_guise.
