Home invasions and physical attacks to get crypto transfers are all too common, and have led to grim situations. With all the factors, passphrase and biometrics in the world, people remain susceptible to the rubber hose. This panel will discuss theories and practices for defending against a rubber hose attack, through deterrence, defenses and mitigations. We will start with the assumption that the goal is to preserve life and limb, and preventing or reversing token transfer is secondary, but how to get there, and be reasonably confident that it will not backfire, is hard.

Multisig wallets give holders a false sense of security. The real attack surface isn't key compromise, it's all of the human and non-deterministic elements. Spoofed simulations, poisoned addresses, compromised frontends, and coerced signers all exploit the same gap. Users don't know what they're signing, and by the time they find out something is wrong, it's already too late. This talk introduces a threat model for high-value custody and presents Kleidi, a wallet system built around reversibility, configurable policies, and guardian-based recovery.