France has quietly become ground zero for a disturbing new wave of attacks on crypto holders — and the trend is getting louder, more violent and more organized.
The surge was impossible to miss this week as Paris hosted a major international blockchain conference. VIPs were escorted by a police motorcade to a dinner at the Palace of Versailles, and security was significantly tightened at the conference venue in the Carrousel du Louvre. The heightened presence reflected an urgent reality: authorities say France has recorded at least 41 crypto-related kidnappings and home invasions so far this year — roughly one every two to three days.
Officials are scrambling to respond. Jean-Didier Berger, Minister Delegate to the Interior, said he and Interior Minister Laurent Nuñez are preparing new measures to counter the wave. A government prevention platform has already attracted thousands of registrations, but ministers warned more action is needed as incidents continue to climb.
What’s happening in France mirrors a global escalation. Data compiled by Certik and researcher Jameson Lopp shows 72 verified physical-coercion incidents in 2025 — a 75% increase from the year before — and 188 attacks tracked since 2014. Cases involving physical assault rose even faster, up about 250% year-over-year. Many more incidents likely go unreported.
What is a “wrench attack”
The term describes the use of physical force — threats, kidnappings, torture — to coerce people into giving up access to their crypto. For criminals, it can be simpler and faster to force a person to reveal keys or authorize a transfer than to try to break encryption. “Every time a wrench attack is successful, it tells the world that crypto owners are juicy targets,” Lopp told CoinDesk.
A shift in tactics
Researchers say attackers have shifted from hunting vulnerable wallets and exploiting technical weak spots to “hunting a person.” Phil Ariss of TRM Labs told CoinDesk attackers now build human profiles using social media, public appearances and leaked datasets. They surveil routines and identify points of vulnerability. “The biggest avoidable mistake is tying real-world identity, location and routine too tightly to visible crypto wealth,” Ariss said.
Insider leaks and widened victim pool
The problem is compounded when state data or insiders are implicated. In one high-profile case, a French tax official sold sensitive information that reportedly aided attackers. Targets have expanded beyond high-net-worth whales; mid-level holders and whole families — sometimes with children present — are increasingly being targeted based on limited or indirect signals.
Brutal examples
The violence can be extreme. In January 2025, Ledger co-founder David Balland and his partner were kidnapped in France; an attacker severed one of Balland’s fingers and reportedly sent it to associates as part of a ransom demand before a police operation rescued him. Other cases include a New York investor held for more than two weeks and a Canadian home invasion that escalated to waterboarding and sexual violence.
Organized and fast-moving
Both opportunistic actors and organized crews appear active. Lopp sees growing signs of coordination; Ariss’s team has identified groups with defined roles, pre-planning, surveillance and follow-home tactics. These operations increasingly resemble small kidnap or robbery crews specializing in crypto. After seizing access, attackers often move assets quickly into stablecoins and across chains to frustrate recovery.
Why France?
Analysts point to several factors: leaked personal data, international criminal networks operating across borders, and the high potential payoff as crypto markets rise. At the same time, improved digital security makes technical exploits harder, pushing criminals toward physical coercion.
Underreporting and data gaps
The scale of the problem could be larger than official statistics show. Many incidents are recorded as ordinary robberies or home invasions at the time of reporting, and the crypto element is sometimes omitted, making it harder for law enforcement to see patterns and connect cases.
How to reduce risk
Security experts emphasize mitigations that reduce the value of immediate coercion. Multi-signature wallets, withdrawal delays, and spending limits can limit what a coerced individual can hand over instantly. “If coercion cannot produce immediate access to the majority of funds, the risk and return changes,” Ariss said. These steps don’t remove the threat, but they can lower incentives for attackers.
As crypto adoption grows, wrench attacks are transitioning from a niche threat to a mainstream security concern. That evolution is forcing governments, platforms and individual holders to rethink safety practices for a world where the weakest link may be a person rather than a protocol.
Read more AI-generated news on: undefined/news
