Crypto Billionaire Bit Off Attacker’s Finger in Attempted Kidnapping: Report

Ambushed outside his apartment last year by individuals posing as painters, billionaire Australian crypto entrepreneur and investor Tim Heath bit off part of his assailant's finger in an attempted kidnapping.

An Estonian court heard his testimony last week, apparently confirmed via DNA evidence from a severed bit of finger found near the scene. The case has called attention to the growing trend of physical “wrench attacks” against prominent crypto holders.

In a court proceeding first reported by local media outlet Eesti Ekspress, Heath recounted how the attackers seized him from behind as he ascended the stairs, attempting to pull a bag over his head while ordering him to remain quiet.

Feeling an attacker's hand near his face, Heath instinctively bit down hard, severing part of the assailant's finger. He then managed to break free and fled to his apartment.

Court testimony reveals the attack was prepared through weeks of planning.

The assailants had used GPS trackers and burner phones to monitor Heath’s movements, with one carrying a forged Azerbaijani passport and another renting a sauna as a planned holding site. DNA from the severed finger found at the scene was later matched in evidence submitted to the court.

Heath has since filed a civil claim seeking over €3.2 million ($3.77 million) in damages in May, including approximately €2.7 million ($3.18 million) in private security expenses, according to a report from Eesti Ekspress in May.

Decrypt reached out to the Estonian court and representatives for Heath to confirm the status of the claims.

Far from over?

While Heath's case has garnered public attention due to his visceral account of the attack, recent reports indicate that it is far from an isolated incident.

Known in the industry as "wrench attacks," these physical threats circumvent digital security measures by targeting individuals directly. The term “$5 wrench attack” was first used in a 2009 "XKCD" comic, and later adopted to describe these attacks.

Crypto traders have been spooked in recent months by reports of grisly kidnappings and attacks. Prominent targets include Ledger co-founder David Balland, who was abducted in January with his wife and had his finger severed and sent to associates alongside a ransom demand. They were rescued by police after 24 hours.

Dozens of suspects have been arrested in France in connection to other recent crypto-related attacks, as well, plus a case involving a man kidnapped in New York City for his Bitcoin has recently grabbed headlines.

"If every wallet must have a name behind it to fight money laundering, this will bring us the likes of wrench attack problems," Raido Saar, president of the Estonian Web3 Chamber and CEO of digital identity platform Matter-ID, told Decrypt.

Saar points to the recent implementation of the FATF Travel Rule as a key reason why individuals with significant crypto holdings can be identified, saying that when "combined with public blockchain transparency," the rule "introduces serious real-world risks to privacy and safety" more so if "crypto wallet ownership becomes publicly linkable to real people."

The FATF Travel Rule requires crypto exchanges to disclose customer identities for transactions exceeding certain thresholds, thereby exacerbating the risks.

"Once a real identity is connected to a public wallet address, it exposes more than just the transaction," Saar noted. He warned that this "can give rise to real-world targeting" because it enables criminals to "easily identify high-value targets."

While regulators push for wallet attribution to counter money laundering and terrorism financing, the infrastructure "to do this without compromising privacy doesn't yet exist at scale," Saar lamented.

Without privacy-preserving tools, the implementation of these rules could create a “compliance versus human rights conflict.” When rules such as the FATF's are loosely implemented, "everyone can become a target,” Saar warned.

Edited by Andrew Hayward