France has become a global flashpoint for a sharp rise in violent “wrench attacks” — kidnappings and home invasions in which criminals use physical force to force victims to unlock and transfer crypto holdings.
The trend was hard to miss this week at a major international blockchain conference in Paris: VIPs were escorted by police motorcades to a Versailles dinner and visitor security at the Carrousel du Louvre was visibly stepped up. French officials used the event to sound the alarm: so far this year authorities say France has recorded at least 41 crypto-related kidnappings and home invasions — roughly one every two to three days.
What authorities are doing
Jean-Didier Berger, Minister Delegate to the Interior Ministry, said he and Interior Minister Laurent Nuñez are preparing a new package of measures to fight the problem. A prevention platform launched by authorities has already attracted thousands of registrations, but officials say more action is needed as incidents continue to rise.
The scale of the problem
Researchers and law enforcement warn the issue is not confined to France. Data compiled by Certik and crypto researcher Jameson Lopp shows 72 verified incidents of physical coercion globally in 2025 — a 75% jump year-over-year — and a total of 188 tracked attacks since 2014. Lopp says many more likely go unreported. Cases involving physical assault rose even faster, up about 250% year-over-year.
What “wrench attacks” are and why they work
A wrench attack is simple in concept: use threats, violence or torture to force a person to hand over keys, seed phrases or authorize transactions. For attackers, coercion can be easier than cracking encryption. “Every time a wrench attack is successful, it tells the world that crypto owners are juicy targets,” Lopp told CoinDesk. Unlike bank transfers, crypto payments can’t be reversed, and funds can be moved quickly across wallets and chains.
How attackers find and exploit victims
The attackers’ playbook has evolved from targeting wallets to targeting people. Phil Ariss of TRM Labs says criminals now build profiles from social media, public appearances and leaked datasets; they follow routines and pinpoint vulnerabilities. “The biggest avoidable mistake is tying real-world identity, location and routine too tightly to visible crypto wealth,” Ariss said.
Insider leaks and compromised state data are a particular worry. One high-profile French case involved a tax official who sold sensitive information to attackers — raising questions about whether leaked government data is feeding the rise in attacks.
Who’s being targeted
Targets have expanded beyond high-net-worth holders to mid-level investors and families; in some incidents children have been threatened alongside parents. Attacks range from short-duration robberies to prolonged captivity and torture. Notable incidents cited by authorities and researchers include:
- January 2025: Ledger co-founder David Balland was kidnapped in France with his partner. During the attack a finger was severed and sent to associates as part of a ransom demand; Balland was later rescued in a police operation.
- Other reported cases: a multi-week captivity and torture case in New York, and a Canadian home invasion that escalated to waterboarding and sexual assault when attackers attempted to extract crypto access.
Organization and money movement
Researchers see a mix of opportunistic and organized actors. Lopp and TRM Labs’ Ariss both note growing signs of coordination: teams with defined roles, surveillance, and “follow-home” tactics that resemble professional kidnap or robbery crews.
Once funds are coerced, attackers commonly convert assets to stablecoins and quickly route them through multiple chains to obscure the trail, complicating recovery.
Why France?
Experts point to several overlapping factors for France’s outsized share of cases: leaked personal data, cross-border criminal networks operating in and through French territory, and broader market dynamics — rising asset prices raise the payoff for a single attack while better technical security reduces the success of purely digital hacks. “It’s far easier than trying to rob a bank,” Lopp said.
Underreporting and data gaps
A big challenge is underreporting: many wrench attacks are recorded as generic robberies or home invasions with no public mention of crypto, making it harder for authorities to detect patterns and connect cases. “A large share of incidents are still recorded as simple robberies,” Ariss said.
Mitigations and best practices
Security experts emphasize that self-custody remains riskier in a world where physical coercion is rising. Practical defenses include multi-signature wallets, withdrawal delays, spending limits, and other custody designs that prevent immediate access to most funds under duress. “If coercion cannot produce immediate access to the majority of funds, the risk and return changes,” Ariss said. These measures won’t eliminate the threat but can reduce incentives for attackers.
The bottom line
As crypto adoption grows, wrench attacks are moving from a fringe risk to a mainstream security crisis. Law enforcement and industry are racing to adapt: improving prevention, tightening data protection, and pushing custody solutions that limit what attackers can grab in a single violent incident. But with organized groups reportedly coordinating and much of the problem hidden in standard robbery statistics, the road ahead will require sustained action across government, exchanges, custodians and users.
Read more AI-generated news on: undefined/news
