Software security is only half the equation. Physical security — protecting your seed phrase and setup from real-world attackers — is equally critical for Bitcoin holders.
Most Bitcoin security advice focuses on software — seed phrase storage, multisig, passphrase protection. That's all important. But there's an entire threat model that gets less attention: physical security. What happens if someone knows you hold Bitcoin and comes to your home?
This guide covers physical security for Bitcoin holders: from basic operational security to concrete steps that reduce your real-world attack surface.
Physical Bitcoin attacks fall into several categories:
Home invasion: Attackers force entry and demand you transfer Bitcoin under duress. These have been documented in the UK, US, and globally against known Bitcoin holders.
"Wrench attack": Bitcoin slang for a coercive attack — someone threatens or harms you to get your seed phrase or force a transfer. The name comes from the idea that a $5 wrench can compromise any encryption.
Targeted theft: Attackers steal hardware wallets, seed phrase backups, or any items that might provide access to Bitcoin.
Social engineering in person: Impersonating maintenance workers, delivery personnel, or other access-granting roles to observe your setup or find stored materials.
The most effective physical security is not being known as a Bitcoin holder in the first place.
Stop talking about Bitcoin holdings publicly.
Be careful online.
This isn't paranoia — it's the same reason wealthy people don't advertise their net worth. The smaller your target profile, the safer you are.
Your seed phrase backup — whether paper, steel, or titanium — is the highest-value physical object in your home from an attacker's perspective. Securing it properly matters.
Don't store it where burglars look first:
Better options:
Multisig distribution: The best physical security for large holdings is never having a single point of compromise. A 2-of-3 multisig with keys in three different physical locations means an attacker would need to compromise multiple locations — dramatically harder than stealing one seed phrase.
Your hardware wallet is less sensitive than your seed phrase (an attacker can't extract the seed without the PIN), but it's still a target:
What do you do if someone is threatening you and demanding Bitcoin?
Duress wallet / passphrase decoy: With a BIP39 passphrase setup, your seed phrase alone (no passphrase) gives access to a different wallet — your decoy. Keep a small amount of Bitcoin (perhaps 5-10% of holdings) in the no-passphrase wallet. Under duress, reveal the seed phrase — the attacker gets the decoy.
Geographic distribution: If significant Bitcoin is in a multisig arrangement where you physically can't complete the transaction alone (two keys in different locations), you genuinely cannot hand over funds under duress. This is a legitimate safety feature.
Duress PIN: Some hardware wallets support a "duress PIN" that triggers wallet wipe when entered. Trezor has this feature. Entering the duress PIN appears to fail, but wipes the device.
Physical home security reduces attack risk:
If your Bitcoin holdings are substantial, consider a consultation with a physical security professional. The threat model for a household with millions in Bitcoin is materially different from an average home.
Beyond the security benefits, multisig provides practical physical security advantages:
A 2-of-3 multisig means an attacker who forces you to reveal one key location gets one key — which is worthless without a second. This is the closest thing to a "can't hand it over even under duress" setup that's practical for most users.
Services like Unchained Capital and Casa hold one key in institutional custody. Even if you hand over your home keys under duress, the attacker still can't move the Bitcoin without cooperating Unchained or Casa (who will be uncooperative if contacted under suspicious circumstances).
A "wrench attack" is Bitcoin slang for physical coercion — threatening or harming someone to force them to reveal their seed phrase or transfer Bitcoin. The term derives from the idea that a simple tool can defeat cryptographic security by targeting the human holding the keys rather than the cryptography itself.
Yes — your family needs to know so they can inherit it. But tell only the people who need to know (beneficiaries, executor), share only what they need (how to access it after your death), and not publicly in ways that create a target profile.
A quality fireproof safe bolted to the floor is decent protection against opportunistic thieves. But it won't stop a determined, targeted attacker who knows you hold Bitcoin. A bank safe deposit box is generally safer for seed phrase backups.
Multisig with geographically distributed keys is the strongest protection. If any single location is compromised, funds remain safe. Trust fewer people with the location of your seed phrase backup.
See our Bitcoin Security Directory for more resources. See also: Bitcoin OpsEC for High Net Worth and Bitcoin Social Engineering Attacks.
Get our free Beginners Guide to Buying Bitcoin plus weekly insights for long-term holders.
Address poisoning tricks users into sending Bitcoin to attacker-controlled addresses that look like familiar ones. This guide explains the attack, how to identify poisoned transactions, and the simple rules that prevent it.
Social engineering attacks steal Bitcoin without any hacking — they manipulate people into revealing seed phrases, sending funds, or compromising accounts. This guide covers every major attack type and the rules that protect against them.
Bitcoin OPSEC for high net worth individuals — physical security, multisig, SIM swap prevention, digital hygiene, and threat-specific defenses for significant Bitcoin holdings.