France sees 70% of 2026 crypto wrench attacks
Report: France accounted for 70% of crypto “wrench” attacks in 2026, with 41 kidnappings linked to KYC data leaks including Ledger’s 2020 breach.
About 70% of reported “wrench” attacks in 2026 have occurred in France, with 41 kidnappings recorded so far, Bitcoin journalist Joe Nakamoto reported. Nakamoto said the incidents amount to roughly one attack every two and a half days this year.
Nakamoto and other observers link the surge to the collection and storage of know-your-customer (KYC) data by exchanges and service providers. Centralized KYC databases have been exposed in several breaches, including a 2020 leak of hardware wallet maker Ledger’s customer database that revealed names, home addresses and emails for more than 270,000 customers worldwide.
Criminal groups operating from outside France typically organize the attacks and recruit local individuals to carry out physical assaults, according to Nakamoto. The attackers seek private keys, seed phrases or devices that provide immediate access to cryptocurrency wallets.
French authorities have made arrests in connection with the incidents. Vanessa Perrée, national prosecutor for organized crime, reported at least 88 detentions tied to wrench attacks. Prosecutors and police are investigating networks believed to be responsible for a significant share of the cases.
Custody and security firms offer measures intended to reduce risk for at-risk users. Some services allow a pre-agreed safety word or phrase that triggers emergency procedures such as freezing an account or notifying law enforcement. Other recommendations include keeping a low public profile about holdings and maintaining a small, separate “decoy” wallet that can be surrendered under coercion.
Security researchers and members of the crypto community are compiling databases of confirmed wrench attacks to identify patterns and alert potential targets. Analysts point to the combination of exposed personal data, organized criminal networks and local accomplices as factors in the concentration of attacks in France.
Jameson Lopp, CEO of key management firm Casa, commented: “France is the canary in the coal mine, demonstrating how financial regulations create a surveillance apparatus that causes direct harm to bitcoin holders.”
Background: Wrench attacks are crimes in which assailants use physical force, threats or kidnapping to obtain the keys, devices or credentials needed to move cryptocurrencies. Concerns about these attacks rose after multiple data breaches exposed customer lists for exchanges, wallet providers and other crypto services.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
