Crypto Holders Lost $100M to Kidnappings and Coercion in Four Months

Wrench attacks are back.

Crypto investors lost more than $100 million to physical extortion in the first four months of 2026, according to blockchain security firm CertiK. These aren’t digital hacks or phishing scams. Criminals kidnap people, threaten them with violence, and force them to transfer funds or hand over private keys. The old-fashioned way, basically. And it’s working.

CertiK’s data shows a 41% jump in these incidents compared to the same stretch last year. If things keep going this way, annual attacks could blow past 130 cases. But the real number is probably higher. Victims don’t always report these crimes. Getting kidnapped and robbed at gunpoint isn’t something people want to talk about publicly, so tracking wrench attacks is harder than spotting on-chain exploits.

France Takes the Lead

Europe is the hotspot, and France is leading the pack. The country accounted for 82% of CertiK’s verified cases in the region. During Paris Blockchain Week, France’s Ministry of the Interior confirmed 41 incidents involving physical coercion tied to digital assets. That’s not a small number for a single country.

France has a big crypto ecosystem. High-profile companies operate there. Big events happen there. And criminals notice. Visibility is great for the industry, but it also paints targets on people’s backs. Data breaches made things worse. A tax official named Ghalia C. allegedly used government software to identify crypto holders and sold that information to criminal networks. The breach shows how insider access to sensitive data can turn into a direct threat. Criminals don’t need to guess who holds crypto when someone hands them a list.

Kevin Loaec, founder of Bitcoin security firm Wizardsardine, said crypto holders in high-risk areas need to think about physical security now. It’s not just about cold wallets anymore.

Why Criminals Love This Method

Wrench attacks bypass digital defenses entirely. No need to crack encryption or exploit smart contract bugs. Just grab someone, threaten them, and wait for the transfer. It’s simple. It’s effective. And it doesn’t require technical skills, which means more criminal groups can pull it off.

Crypto’s features make it attractive for this kind of crime. Digital assets move fast. They can be obscured through mixers and decentralized exchanges. Even when funds are traceable on-chain, recovery is tough once they’re converted into privacy coins like Monero. Criminals know this. Groups already comfortable with violence see an easy opportunity.

Recent cases show how tactics are changing. In January, a Chinese entrepreneur was kidnapped in Istanbul over a crypto dispute and later killed. Same month, an elderly relative of a prominent journalist was abducted in the U.S. for a $6 million Bitcoin ransom. Attackers are targeting associates and family members now, not just the crypto holders themselves. That adds a whole new layer of risk. You can secure your own devices and keys, but can you secure everyone around you?

Related: PayPal and Google Cloud Push Open Protocols for Device-to-Device Crypto Payments

In the UK, a crypto figure and indie game developer known as Sillytuna was forced by armed attackers to transfer about $24 million in aEthUSDC. The attackers moved the funds across multiple chains and converted them into Monero. Once that happened, tracing became nearly impossible. The case shows how quickly stolen assets can disappear into decentralized systems.

Industry Tries to Respond

Some companies are trying to help. Binance rolled out a lockdown feature that delays withdrawals for up to seven days. The idea is to give victims time to alert authorities or freeze accounts before funds leave the platform. It’s a start, but it’s not foolproof. Criminals willing to wait out the delay still pose a threat. And the feature only works for exchange-held funds. Self-custody users face a different problem.

If you hold your own keys, you need advanced setups like multisignature arrangements. But even that doesn’t solve the physical threat. Cryptography can’t stop a gun. Experts say the industry needs to pay more attention to personal security and rapid response protocols. Digital security is necessary, but it’s not enough anymore.

The visibility of crypto wealth is part of the problem. Social media posts, public appearances at conferences, and even tax records can expose individuals to risk. Attackers gather information from these sources and plan their moves. The human element remains the weakest link, no matter how strong the encryption is.

Public figures in crypto are especially vulnerable. They attend events, speak on panels, and build personal brands. That visibility brings opportunities but also danger. Some have started hiring security or keeping a lower profile, but not everyone has the resources or inclination to do that.

Underreporting makes the problem harder to measure. CertiK’s numbers are based on verified cases, but plenty of victims stay silent. The trauma of being kidnapped or threatened keeps people from coming forward. Without accurate data, it’s hard to know the full scale of the threat or develop effective countermeasures.

More context: Santa Ana Teen Gets 78 Months for Breaking Into Homes, Stealing $250M in Crypto

The shift from digital to physical attacks is a big deal for the crypto industry. For years, the focus was on securing networks, smart contracts, and private keys. Now, the conversation is expanding to include bodyguards, secure transportation, and operational security. It’s a different world.

Criminals adapt fast. As digital defenses improve, they look for easier targets. And right now, the easiest target is the person holding the keys. France’s data breach case is a wake-up call. When government officials with access to tax records can sell information to criminals, the threat isn’t just external. It’s systemic.

The crypto industry is growing, and with that growth comes increased risk. More people hold significant amounts of digital assets. More events bring holders together in public. More visibility means more targets. The industry needs to catch up on the physical security side, or these attacks will keep climbing.