France is facing a rise in crypto-related kidnappings as so-called “key attacks” become more frequent, brazen and violent.
That shift was visible this week amid the holding of an annual international blockchain and crypto conference. A police motorcade escorted VIP guests to a dinner at the Palace of Versailles. And security was also particularly strengthened at the Carrousel du Louver, where the conference took place.
Wrench attacks in France have thrust the country so remarkably into the international spotlight that government officials took to the stage at the Paris conference to acknowledge their alarm at the scale of the problem. They said that this year alone, the country has suffered at least 41 crypto-related kidnappings and home invasions. That’s one every two to three days.
Jean-Didier Berger, Minister Delegate to the Interior Ministry, said a new set of measures is being prepared with Interior Minister Laurent Nuñez to tackle the growing problem. A prevention platform has already pulled thousands of registrations, but authorities say further steps are needed as incidents continue to rise.
Wrench attack epicenter
The country has become the epicenter of a global rise in wrench attacks. Across multiple jurisdictions, attacks on crypto holders are becoming more frequent and violent, according to security researchers and law enforcement data.
Globally, the trend is also increasing. By 2025, there were 72 verified physical brute force incidents globally, a 75% increase from the previous year, according to Certik and crypto researcher Jameson Lopp’s data, which tracks 188 attacks since 2014. Many more go unreported, he said. Cases involving physical assault rose even faster, up 250% year-on-year.
The term “key attack” refers to the use of physical force to extract access to digital assets. For some attackers, it is easier to force a person than to break encryption.
“Every time a wrench attack is successful, it tells the world that crypto owners are juicy targets,” Lopp told CoinDesk.
Unlike traditional bank transfers, crypto transactions cannot be reversed. Once a victim has authorized a transfer under duress, the funds can be quickly moved across wallets and chains.
Attackers look for weak points
Researchers say the way attackers identify victims has also changed.
“We’re seeing a shift from ‘find a wallet’ to ‘hunt a person,'” Phil Ariss of TRM Labs told CoinDesk. Instead of scanning for technical vulnerabilities, attackers build profiles, he added. They look at social media activity, public appearances and leaked datasets. They track routines and identify weak points.
“The biggest avoidable mistake is tying real-world identity, location and routine too tightly to visible crypto-wealth,” Ariss said.
The problem worsens when the attackers get a helping hand from government officials. In one well-known case, a French tax authority sold sensitive data to wrench attackers. The case raised concerns among security experts that insider leaks and compromised government data were leading directly into wrench attacks.
The pool of potential victims has widened, and mid-level holders are increasingly being targeted, sometimes based on limited or indirect signals.
Anyone is a potential victim
The cases now include families, with children targeted along with parents holding crypto, making the attacks harder to categorize by severity.
In January 2025, Ledger co-founder David Balland was kidnapped in France along with his partner. During the attack, one of his fingers was cut off and sent to employees as part of a ransom demand. He was rescued after a police operation.
Other cases have involved prolonged captivity and torture, such as one in New York where a crypto investor was held for more than two weeks. In Canada, a home invasion escalated into waterboarding and sexual violence as the attackers tried to force access to funds.
Lopp said both opportunistic and organized groups are involved, but there are signs of increasing coordination. “We seem to be seeing more organized groups now,” he said.
TRM Labs’ Ariss says his team has observed similar patterns, noting that some groups operate with defined roles and pre-planning, including surveillance and follow-home tactics.
“These look less like one-off heists and more like small kidnapping or robbery teams that specialize in crypto jobs,” Ariss said.
After funds are obtained, attackers tend to move quickly, and often the cryptoassets they obtain are converted to stablecoins and routed across multiple chains, making recovery more difficult.
France’s role in this trend may reflect a mix of factors, Lopp said, including cases involving leaked personal data and cross-border criminal networks.
Rising prices, fiercer exchange
More generally, rising asset prices have increased the potential payoff from a single attack, while improvements in digital security have reduced the effectiveness of purely technical exploits.
“It’s a lot easier than trying to rob a bank,” Lopp said.
Another issue is visibility: wrench attacks can be significantly underreported because many are reported as standard robberies or home invasions, with no mention of crypto.
“A large proportion of incidents are still recorded as simple robberies,” Ariss said, adding that the crypto element is often left out at the time of reporting, which can make it harder for authorities to connect cases or identify broader patterns.
The rise in attacks has raised questions about the risk of self-storage, a core principle of cryptocurrency.
Some security experts point to measures such as multi-signature setups, withdrawal delays and usage limits as ways to reduce risk by limiting how much can be accessed under duress.
“If coercion cannot provide immediate access to the majority of funds, the risk and return will change,” Ariss said. Such measures do not eliminate the threat, but may reduce the attackers’ incentive.
As crypto adoption grows, attacks are becoming more frequent and more severe, turning what was once a niche concern into a broader security risk.
