Cases documented during 2025 and 2026 in France, Hong Kong and other jurisdictions — where holders of cryptocurrency assets have been targeted in kidnappings, robberies, and physical coercion to force private key transfers — have brought to the forefront a vulnerability that cryptography alone cannot solve: direct physical coercion against the wallet holder. Self-custody, the cornerstone of decentralized finance, has historically lacked a structural defense against this attack vector.
Madrid-based research lab DeFiRe Labs has secured an official ERC number for its Coercion-Resistant Vault standard, a smart contract architecture designed to address precisely this gap. ERC-8238 was assigned its number by an Ethereum editor on the official ethereum/ERCs GitHub repository, marking the formalization of the proposal as a candidate within the Ethereum standards process. The proposal was authored by Carlos Mayorga, CTO and co-founder of DeFiRe Labs.
The standard introduces a fundamental architectural shift in how self-custody wallets handle funds. Instead of holding all assets in a single accessible balance, ERC-8238-compliant wallets split holdings into two segments: a small daily-spendable hot balance available for immediate use, and a timelocked cold vault that requires a programmable delay before any withdrawal. The mechanism mirrors how physical bank branches have historically managed cash — keeping a fraction immediately accessible and protecting the rest behind procedural delays.
The standard goes beyond simple balance segmentation. Funds in the cold vault are not idle: they can interact with DeFi protocols (staking, lending, liquidity provision) through a whitelist of pre-authorized destinations that itself operates under a timelock. Adding any new protocol to that whitelist requires a programmable waiting period, which neutralizes the attack vector by which a coercer might attempt to force staking into a malicious contract under their own control. The consequence is significant: users no longer have to choose between protecting their funds and earning yield on them — a tradeoff that traditional solutions (physical cold storage, institutional custody, external multisigs) impose by design. ERC-8238 eliminates that tradeoff.
Under physical duress, the user can truthfully state that the bulk of their funds is not currently accessible — a verifiable claim, anchored on-chain, that does not depend on deception or memorization. The attacker can verify this claim by inspecting the wallet contract directly. The information asymmetry that makes coercion attacks effective — "give me your keys and I'll get everything" — is broken at the architectural level.
The proposal is more than paper. The reference implementation is deployed and verified on the Sepolia testnet, with an interactive MetaMask demo allowing anyone to test the flow end-to-end, including a Uniswap V3 swap executed through the vault. The codebase is published as open-source within DeFiRe Labs' research output.
"Most crypto security work focuses on the digital perimeter — better signatures, better key management, better hardware. That matters, but it doesn't address the threat model where someone is physically pointing a weapon at the holder. ERC-8238 borrows a pattern that the traditional banking world has used for over a century: don't keep all the cash where the robber can grab it. The novelty is implementing this with smart contracts, atomically, and without trusted third parties — and crucially, without forcing the user to give up DeFi yield to gain physical-coercion resistance. Self-custody can offer real protection against physical threats, not just digital ones." — Carlos Mayorga, CTO of DeFiRe Labs and author of the proposal
The proposal is now in the public review phase of the Ethereum standards process, where developers, auditors, and the broader community can submit comments and suggest refinements before any move toward Final status.