Wife Used CCTV to Steal $176M of Husband's Bitcoin

A UK court has heard one of the most jaw-dropping Bitcoin theft cases in recent memory — a man alleging his estranged wife used a CCTV camera planted inside their home to spy on him, capture his Trezor hardware wallet seed phrase, and drain 2,323 BTC worth approximately $176 million right out from under him. The case, heard before Justice Cotter at the UK's High Court of Justice, has left security-minded crypto holders everywhere quietly reconsidering how they manage their most sensitive credentials.

How a Security Camera Became the Ultimate Crypto Heist Tool

Ping Fai Yuen alleges that his wife, Fun Yung Li, and her sister mounted a covert surveillance operation inside the couple's home — one specifically designed to capture the moment he accessed his Trezor hardware wallet. The camera, according to court filings, recorded him entering his seed phrase and access codes. From there, the alleged theft was methodical: the funds were moved to 71 separate wallet addresses, scattering 2,323 Bitcoin across the blockchain in what looks like a deliberate attempt to obfuscate the trail.

Seed phrases — typically a sequence of 12 to 24 words — are the master key to any hardware wallet. Whoever holds those words controls the funds, full stop. No bank can reverse it. No password reset exists. That's the brutal efficiency of self-custody, and it's precisely what made this alleged attack so devastating. The moment the phrase was captured on camera, the outcome was effectively sealed.

Ping claims he was tipped off by his daughter before the transfers were complete. He installed audio recording equipment and says he captured Fun discussing the theft and, critically, how to move large sums of money without drawing attention from banks or law enforcement. Those transcripts — described by Justice Cotter as 'damning' — are now central to the case.

The evidence is that he was warned of what the First Defendant was seeking to do, the transcripts are damning; and when the First Defendant's property was searched, the necessary equipment to exfiltrate the Bitcoin was found.

What Did Police and the Court Actually Do?

Ping reported the alleged theft to police shortly after the final transfer on December 21, 2023 — the last date any transaction was recorded at any of the 71 wallet addresses, according to court documents. Law enforcement moved quickly at first: his wife was arrested, several cold wallets and watches were confiscated. Then the investigation stalled. Authorities eventually told Ping there would be no 'further action pending new evidence.' Not exactly a ringing endorsement of how traditional law enforcement handles nine-figure crypto thefts.

Nearly two years passed. In November 2025, Ping applied to the court for an asset preservation injunction — a legal mechanism to freeze the cryptocurrency associated with his wife, formally establish his ownership of the Bitcoin, and either secure its return or receive its equivalent fiat value. He also told the court he had been actively monitoring the wallet addresses and flagged a crypto dusting attack targeting them.

Dusting attacks are a particular threat for wallets holding significant Bitcoin. A bad actor sends tiny, near-zero amounts of cryptocurrency to dormant addresses specifically to probe them — tracking any subsequent transaction activity in an attempt to unmask the wallet owner through on-chain analysis. The fact that the 71 addresses associated with the alleged theft were being dusted suggests someone, somewhere, knows those wallets contain significant value and is probing for a way in.

What Does This Case Mean for Bitcoin Self-Custody Security?

Here's the uncomfortable truth this case forces into the open: for all the technology behind hardware wallets and multi-layer encryption, the single greatest vulnerability in self-custody isn't technical — it's physical. Your seed phrase, written on a piece of paper or briefly visible on a screen, is worth $176 million to the wrong pair of eyes. A CCTV camera costs less than a hundred dollars. That asymmetry is staggering.

Justice Cotter ruled in favor of granting the injunction. His written judgment was blunt: 'In my judgment the claimant has demonstrated a very high probability of success.' He also recommended an expedited trial, citing what he called the 'security threats to, and volatility of value of, the Bitcoin' — an unusually candid acknowledgment from a senior judge that the clock on crypto cases ticks differently than traditional asset litigation.

A separate thread in this case is grimmer. A violent confrontation in September 2024 between Ping and Fun resulted in assault charges against Ping — charges to which he later pleaded guilty. That complicates the narrative and will undoubtedly be raised by the defense. Cases like this rarely arrive in court with clean edges.

In my judgment the claimant has demonstrated a very high probability of success.

The Bigger Picture: Physical OPSEC Is Crypto's Blind Spot

The crypto industry has spent years — and billions of dollars — hardening digital infrastructure. Multi-signature wallets, air-gapped signing devices, hardware security modules. What it hasn't done nearly well enough is address the human and physical layer. This case is not the first of its kind. Kidnappings, home invasions, and coercion have all been used to extract crypto keys from holders. The Ping Fai Yuen case adds surveillance to that list.

For anyone holding significant Bitcoin in self-custody, the lesson here is specific: seed phrases should never be accessed in any space that contains a camera — including your own home, your office, or any device with a lens pointing in your direction. Hardware wallet manufacturers generally advise this, but few holders treat it with the same urgency as securing their private keys from remote hackers.

The trial date has not yet been set. If the parties cannot agree on how to proceed, Justice Cotter indicated the court will schedule a case management hearing. The Bitcoin — all 2,323 BTC of it — remains frozen across those 71 addresses, untouched for over a year. Wherever it ends up, this case has already changed the conversation about what 'keeping your crypto safe' actually means.