France Epicenter of Europe’s $101M Crypto Wrench Attacks

Estimated losses from crypto “wrench” attacks reached $101 million in January–April 2026, with 34 verified incidents worldwide and 24 occurring in France, CertiK reported. Europe accounted for 82% of the cases. The firm recorded a rise in frequency compared with 2025 and projected that incidents could reach about 130 by year-end and losses could climb into the several-hundred-million-dollar range if current patterns continue.

Wrench attacks use physical force or the threat of force to seize victims’ crypto holdings. They have taken the form of home invasions, kidnappings and extortion attempts. CertiK noted the increase in incidents began in 2025 and continued into early 2026.

CertiK identified France as an epicenter this year. The company counted 24 incidents in France, while the country’s National Prosecutor’s Office for Organized Crime reported 47 alleged incidents in 2026. CertiK pointed to the concentration of crypto executives from firms such as Ledger, Paymium and Binance in France as a factor in the country’s exposure. The firm also cited recent data breaches, including a January breach at crypto accounting firm Waltio, allegations that a tax official sold crypto-holder data to criminal networks, and public doxxing and boasting in parts of the crypto community.

The company described a shift to a data-driven targeting model in early 2026. Attackers increasingly rely on readily available personal information-full name, home address and financial profile-so prior physical surveillance is often unnecessary. CertiK added that as protocol and wallet security improves, the threat is moving to exploit the human element of security, and that when holdings are linked to identifiable financial data, physical coercion remains an economically rational option for criminals.

On-the-ground attack teams are typically small and often amateur, CertiK found. Groups usually number three to five people and frequently pose as delivery drivers or police officers or lure victims into ambushes with fake business meetings. Recruitment commonly occurs via messaging apps such as Telegram or Snapchat for a few thousand dollars. Independent tracking by a blockchain security researcher recorded 31 wrench attacks so far this year and noted several cases where thieves targeted the wrong person.

French authorities have taken action. In April, at least 88 people, including 10 minors, were indicted in connection with alleged wrench attacks on crypto owners. CertiK described the growing involvement of minors as an externalization of criminal liability toward profiles less exposed to mandatory minimum sentences.

Previous analysis by blockchain intelligence firms linked the rise in wrench attacks to perceived pseudonymity of crypto transactions, public visibility of crypto wealth and the ease of harvesting personal data online. CertiK’s findings indicate attackers are exploiting those conditions and shifting tactics toward data-driven targeting and direct physical coercion of holders perceived to control significant crypto assets.