Fake Delivery Man Steals $11 Million in Crypto From Sam Altman’s Ex’s Home

An armed robber posing as a delivery worker stole $11 million in Ethereum (ETH) and Bitcoin (BTC) from a San Francisco home linked to tech investor Lachy Groom, formerly the partner of OpenAI CEO Sam Altman.

This dramatic heist is part of a rising global trend of violent attacks against cryptocurrency holders. Security experts warn that so-called wrench attacks have escalated, with criminals increasingly relying on physical force to steal digital assets.

The San Francisco Crypto Heist: A Calculated Attack

According to the New York Post, the suspect posed as a UPS affiliate to gain entry at the $4.4 million Dorland Street address. After requesting a pen for a delivery, he produced a gun and subdued the victim, identified as Joshua.

Joshua is also a tech investor who was residing with prominent venture capitalist Groom. The suspect tied Joshua with duct tape, assaulted and poured liquid over him, forcing him to unlock his cryptocurrency wallets during the 90-minute ordeal.

The attacker left with $11 million in Ethereum and Bitcoin, along with the victim’s phone and laptop. Joshua suffered minor injuries. According to sources familiar with the matter, an organized crime group orchestrated the incident. The police have made no arrests so far.

“This wasn’t a smash-and-grab. This was a targeted, organized crime extraction – the kind hitting wealthy crypto holders worldwide. Crypto-security experts are now saying what everybody thinks: Self-custody is great until someone shows up at your door with a fake UPS label and a Glock. San Francisco’s tech elite are about to pivot hard into vault custody, private security, and zero public flexing – because this heist wasn’t random. It was a warning shot,” Mario Nawfal said.

Digital Wealth Turns Deadly in Global Surge of Crypto Wrench Attacks

The San Francisco robbery mirrors incidents worldwide. An analyst noted that over 60 such attacks had been recorded in 2025. BeInCrypto reported that in France, there have been 10 cryptocurrency-related kidnappings this year.

In June, a 23-year-old man in Maisons-Alfort was abducted while shopping. Attackers demanded €5,000 and access to his Ledger hardware wallet.

A month earlier, armed men attempted to abduct the daughter and grandchild of a crypto entrepreneur in Paris. Ledger Co-founder David Balland also fell victim to a kidnapping in January, and the list goes on.

Crypto billionaire Tim Heath of Yolo Group narrowly escaped a kidnapping in Tallinn. The Australian entrepreneur bit off part of his attacker’s finger, allowing him to flee.

More recently, in Israel, a Tel Aviv resident faced extreme violence. On September 7, three attackers restrained him in his own home and tortured him until he provided his cryptocurrency passwords.

The victim was stabbed and lost approximately $600,000 in Bitcoin and USDT, plus a $50,000 Rolex watch, a Trezor wallet, a laptop, and cash. Police arrested the lead suspect, Murad Mahajna, just days after the incident.

“A Russian crypto trader, Roman Novak, and his wife, Anna, were found dead and dismembered in the United Arab Emirates weeks after vanishing following a meeting near Lake Hatta. The couple were allegedly abducted by Russian nationals who wanted access to Novak’s crypto wallet,” Nafwal highlighted in early November.

Experts believe that wrench attacks are on the rise due to several factors. The anonymity and irreversible nature of blockchain transactions make attackers believe funds are hard to trace and recover.

Public displays of wealth, especially on social media, draw unwanted attention. Meanwhile, easily accessible personal information online makes it simpler for criminals to identify and track victims.

“A strong common thread in many wrench attacks is the profiling of victims prior to the offense. Criminals are increasingly using social media to build detailed assessments of potential targets — particularly focusing on indicators of wealth. This is especially true for individuals involved in peer-to-peer crypto trades or those who are overt about their holdings and lifestyle. Platforms like Instagram, TikTok, and other short-form video content apps are frequently exploited for malicious purposes once a likely ‘mark’ has been identified,” Phil Ariss, Director, UK Public Sector Relations at TRM Labs, explained.

Users can reduce their risk by improving their personal and home security, being more cautious about what private information they share, and protecting their assets with multi-signature wallets. It is also essential to ensure that family members understand basic safety practices, as they can also become targets.