I have been thinking of this wrench attack vector a lot for the past year. They will only become more common and don’t just affect high net worths. Even someone with as little as a few $100 worth of crypto on their phone could find themselves threatened at knife point to open their phone and go through all their apps, including lets say…. Zashi, and force the owner to send them their Zcash.
I propose an advanced feature be created called “Wrench Mode” or “Safe Mode” or “Decoy Mode” or whatever name works better (for marketing also). The owner of the wallet sets a safety address in their wallet - An advanced feature to start with. Whenever ANY transaction is made on the phone while it is in “Wrench Mode” all funds are transferred to that address. The user can turn this mode on covertly; it is not detectable in the interface to either the owner of the Zashi wallet or the wrench attacker. The owner should remember what mode they are in and if they want to turn it off so they can legitimately use their wallet it requires they input a pincode to deactivate / refresh.
It’s nearly impossible to satisfactorily design a solution for wrench attacks, but we can try to optimise for practicality. It’s a difficult problem to address and isn’t just a problem of self custody; if you’ve exchange accounts you can get physically extorted for that too. In the future custodians probably have to offer services to their users that they will safeguard the proceeds of wrench attacks, but it needs solutions like the one I’ve proposed from wallet providers first. There needs to be some practical defences wallets like Zashi can offer their users given how prevalent I fear these attacks will become. @joshs
6 Likes
Appreciate the feedback! Users’ physical safety is important, for as much as we can help with that.
I’ll forward your specific suggestions to the team. We are working on a duress / decoy wallet mode for Zashi for early next year. I’m sure there will be more to share on that. 
2 Likes
Question on this specific approach though:
Couldn’t the attacker be watching their own address that they’re forcing you to send funds to, in order to confirm receipt?
In that case, you’re revealing your total balance, which is now a bigger bounty they want to ensure they abscond with. (But it would move the funds to full safety if it’s a remote wallet!)
I would think a better approach would be to have a dedicated minimal-balance decoy wallet, which is unlocked with a specific PIN you assign to it. That way, you’re not revealing your total funds, which is also useful in situations where you’re coerced, but for informational (not theft) purposes.
3 Likes
This would be a really cool feature. I think cache wallet has something like this. It transfers your funds to a next of kin that’s been pre-registered in case of any tampering.
I believe the zashi team can take this up a notch.
1 Like
I like that idea too. I guess this can simply be accomplished by just logging out of your main wallet(s) on Zashi and only use dummy ones.
I think the two wrench attack demographics to consider are:
a). Random mugging thefts i.e. being coerced on a train in London one night (happened to someome I know)
b). Organised crime targetted wrench attacks i.e. Lachy Groom, Sam Altman’s x boyfriend lost 11mm worth of BTC and ETH.
Decoy strategies work well on 1 and maybe also on two if the decoy is believable. Even though users can set up decoy wallets themselves, I suspect few people do it properly. Maybe part of Zashi’s job is to encourage the adoption of good decoy techniques through the user experience?
A wrench attacker of course may not stop if they believe the victim has more funds. For HNW individuals like Lachy Groom, he would have benefited from a “Wrench Mode” set up like I described where all funds are sent to a trusted custodian and that trusted custodian is aware they’re a distress deposit. That’s as good as trying to get your bank funds at that stage so the attacker would likely give up at that stage.
1 Like