A Los Angeles jury found former LAPD officer Eric Halem guilty of kidnapping and robbery tied to a December 28, 2024 home invasion that targeted roughly $350,000 in Bitcoin private keys. The verdict crystallizes how “wrench attacks” are evolving into operationally sophisticated, authority-impersonation crimes that exploit trust, access, and institutional optics.
Halem, 38, faces a potential life sentence and is scheduled for sentencing on March 31, 2026. Prosecutors said GPS records, text communications, and witness testimony showed a coordinated plan to coerce a 17-year-old victim into surrendering a hard drive containing private keys.
What happened in Koreatown
The attack occurred at a Koreatown high-rise apartment on December 28, 2024. Testimony described Halem and three accomplices wearing police vests, using an access code obtained from an insider to bypass building security, and relying on LAPD-issued handcuffs to mimic legitimate police procedures. The victim—identified in court as a 17-year-old referred to as Daniel—and his girlfriend were restrained while the hard drive holding Bitcoin private keys was taken.
At trial, prosecutors pointed to evidence they said linked the operation to Halem’s resources and coordination. Vehicle GPS data allegedly tied cars from a luxury car rental business connected to Halem to the scene, and messages presented in court were described as showing Halem tracking law-enforcement radio traffic. One message referenced monitoring police channels: “Someone I know fed wise called me.” Jurors returned guilty verdicts after less than a day of deliberation.
Prosecutors also emphasized Halem’s relationship to law enforcement at the time of the robbery. Although Halem resigned from the LAPD in 2022, he remained a reserve officer, and prosecutors argued that status made the impersonation more credible and operationally effective. The indictment also referenced additional criminal conduct tied to Halem’s private ventures, which prosecutors used to argue planning advantages and access leverage.
Why this case changes custody risk models
The conviction underscores a specific custody threat model: physical coercion aimed at extracting seed phrases or private keys from devices or holders rather than hacking systems remotely. A blockchain security firm’s reporting that global “wrench attacks” rose materially in 2025, with a 75% year-on-year increase and confirmed losses exceeding $40.9 million. For VASPs and custody operators, this translates into elevated jurisdictional risk and heightened sensitivity to insider-enabled access paths.
In practical control terms, the case highlights where traditional cyber-only defenses can be insufficient. When attackers can impersonate authority and use insider-obtained access codes, strong out-of-band verification and strict recovery governance become as important as encryption. The incident also reinforces why firms need routine audits of building access privileges and staff-level permissions, plus tamper-evident procedures for any custody or recovery workflows that could be pressured under duress.
It also shows how investigations and prosecutions can hinge on disciplined evidence capture. GPS logs, communications records, and device forensics were presented as decisive in court, which is a reminder that incident response needs a preservation track that supports law enforcement without creating unnecessary privacy or legal exposure. On the financial side, correlating off-chain coercion reports with on-chain movement can improve triage and escalation, especially when stolen assets are moved quickly.
Defense counsel challenged parts of the prosecution narrative, including the victim’s credibility and the provenance of the cryptocurrency, but the jury rejected those arguments. The case reinforces that criminal liability for violent seizure does not depend on how the assets were originally acquired. With sentencing set for March 31, 2026, the outcome will be watched as a signal for how aggressively similar cases are prosecuted—and as a prompt for custodians and compliance teams to treat physical coercion and impersonation as first-tier operational risks.