Physical Bitcoin Attacks: A Sobering Database of Meatspace Crypto Crime
Hook
Cryptocurrency holders worldwide have been kidnapped, robbed at gunpoint, and murdered for their digital assets—and those are just the publicly reported cases documented in one developer’s sobering database.
Context
The cryptocurrency community has spent years hardening digital defenses. We’ve built hardware wallets, multi-signature schemes, and sophisticated key management systems to protect against hackers, phishing, and exchange compromises. Yet while developers obsessed over cryptographic vulnerabilities, a different threat emerged: physical violence.
Jameson Lopp’s physical-bitcoin-attacks repository exists because the Bitcoin community discovered an uncomfortable truth—your private keys might be mathematically unbreakable, but you are not. When Hal Finney was SWATted in 2014 after months of harassment, when traders started getting robbed at gunpoint during LocalBitcoins meetups, when exchange executives’ family members were kidnapped for ransom, it became clear that operational security needed to extend beyond secure passphrases. This repository serves as the grim historical record that catalyzed the cryptocurrency community’s shift toward treating physical security as seriously as cryptographic security.
Technical Insight
Unlike most GitHub repositories, physical-bitcoin-attacks contains no code—it’s a pure data repository structured as a single comprehensive markdown table. The architecture is deliberately simple: each attack is a row with four columns (Date, Victim, Location, Description), where descriptions link to archived news sources using archive.is and the Internet Archive’s Wayback Machine alongside original URLs.
This dual-linking strategy is critical for data persistence. Original news articles disappear behind paywalls, publications go out of business, and URLs rot. By systematically archiving every source, the repository creates a permanent record even when primary sources vanish. Here’s what a typical entry looks like:
| Date | Victim | Location | Description |
| :---------: |:------: | :------: | :---------: |
| December 29, 2014 | Hal Finney | Santa Barbara, California, United States | [Bitcoin developer SWATted after months of harrassment & extortion](https://archive.is/WvHB9) [(original link)](http://www.wired.com/2014/12/finney-swat/) |The repository leverages GitHub’s collaborative infrastructure as a crowdsourcing platform. The maintainer explicitly encourages community contributions via issues and pull requests: “If you are aware of an attack that is not listed, please open an issue or pull request.” This approach enables the repository to potentially capture incidents from security-conscious community members worldwide who monitor local news sources in multiple languages.
What makes this particularly valuable is the supplementary analysis layer. The repository links to stats.gart.io for statistical breakdowns, includes embedded presentations like “The Hodlguard: a primer on physical security in Bitcoin” with video and slide deck, and provides an academic paper analyzing physical attacks using Bitcointalk data. This creates a three-tier information architecture: raw incident data (the markdown table), statistical analysis (external tool), and expert synthesis (presentations and papers).
The documented cases reveal concerning patterns. Early attacks targeted visible Bitcoin ATM installations and LocalBitcoins traders meeting in public. Later incidents show attackers targeting exchange executives’ family members and victims who publicly discussed their cryptocurrency holdings. The data provides empirical grounding for security recommendations that might otherwise seem paranoid—when you can point to documented cases of traders robbed during in-person transactions, the advice to “never meet alone for LocalBitcoins trades” becomes evidence-based rather than hypothetical.
Gotcha
The repository’s maintainer acknowledges its fundamental limitation upfront: “this list is not comprehensive; many attacks are not publicly reported.” Victims often refuse to report incidents due to fear of attracting further attention, ongoing criminal investigations impose media blackouts, and some jurisdictions lack press freedom for crime reporting. You’re seeing a biased sample—likely skewed toward dramatic cases (murders, large-scale kidnappings) while missing routine robberies that victims keep quiet.
The reliance on news sources introduces accuracy concerns. Journalists make mistakes, initial reports contain incorrect details later corrected, and sensationalist coverage may exaggerate amounts stolen. There’s no verification process beyond “did a news outlet report this?”—the repository doesn’t independently confirm facts. Additionally, while archived links help, some sources remain inaccessible even through archives, and non-English sources may have descriptions that oversimplify nuanced reporting.
For anyone wanting to perform statistical analysis, the markdown table format is suboptimal. There’s no structured metadata for attack types (kidnapping vs robbery vs murder), stolen amounts aren’t normalized to a common currency or separated from descriptive text, and geographic data lacks standardization (city vs country granularity varies). While stats.gart.io addresses this by maintaining a parsed database, researchers can’t easily query the raw GitHub data programmatically without building custom parsers.
Verdict
Use this repository if you’re a cryptocurrency holder assessing personal security risks, a security consultant advising crypto clients, a journalist researching crypto-related crime, or an academic studying cryptocurrency’s real-world impacts. It’s essential reading for anyone with significant crypto holdings who needs empirical evidence to justify security measures to skeptical family members or employers. The historical record provides invaluable context for understanding how threats have evolved and which protective measures address documented attack vectors. Skip it if you’re purely focused on technical blockchain security, need comprehensive crime statistics with proper sampling methodology, or want real-time threat intelligence rather than historical documentation. For statistical analysis, go directly to stats.gart.io instead of parsing the markdown yourself.
