The Alarming Rise of Crypto-Related Violence: How France Became a Hotbed for Wrench Attacks

A surge in crypto-related kidnappings has put France under the international spotlight, prompting government officials to take action against the escalating problem. This year alone, the country has seen at least 41 crypto-related kidnappings and home invasions, occurring at a rate of approximately one every two to three days. The French government has acknowledged the severity of the issue, with Minister Delegate to the Interior Ministry Jean-Didier Berger announcing plans to introduce new measures to tackle the growing threat. A prevention platform has already been launched, attracting thousands of registrations, but authorities recognize that further steps are necessary as incidents continue to rise. France has become the epicenter of a global increase in wrench attacks, which involve the use of physical force to extract access to digital assets. According to security researchers and law enforcement data, attacks on crypto holders are becoming more frequent and violent worldwide. Globally, the number of verified physical coercion incidents increased by 75% in 2025, with 72 reported cases, according to data from Certik and crypto researcher Jameson Lopp. Many more incidents are believed to go unreported. Cases involving physical assault rose by 250% year-over-year, highlighting the growing severity of the problem. The term 'wrench attack' refers to the use of physical force to coerce individuals into granting access to their digital assets. For some attackers, it is easier to use physical force than to attempt to break encryption. 'Every time a wrench attack is successful, it sends a message that crypto owners are vulnerable targets,' Lopp stated. Unlike traditional bank transfers, crypto transactions are irreversible, allowing attackers to quickly move funds across wallets and chains once a victim is coerced into authorizing a transfer. Researchers note that attackers are changing their tactics, shifting from targeting technical vulnerabilities to building profiles of potential victims. They use social media activity, public appearances, and leaked datasets to identify points of weakness. 'The biggest avoidable mistake is linking real-world identity, location, and routine too closely to visible crypto wealth,' Phil Ariss of TRM Labs warned. The problem is exacerbated when attackers receive inside help from government officials. In one notable case, a French tax official sold sensitive data to wrench attackers, raising concerns that insider leaks and compromised state data are fueling the attacks. The pool of potential victims has expanded, with mid-level holders increasingly being targeted based on limited or indirect signals. Anyone can become a victim, with cases now including families and children being targeted alongside crypto-holding parents, making it challenging to categorize the severity of the attacks. In January 2025, Ledger co-founder David Balland was kidnapped in France, along with his partner. During the attack, one of his fingers was severed and sent to associates as part of a ransom demand. He was rescued after a police operation. Other cases have involved prolonged captivity and torture, such as an incident in New York where a crypto investor was held for over two weeks. In Canada, a home invasion escalated into waterboarding and sexual violence as attackers attempted to force access to funds. Lopp believes that both opportunistic and organized groups are involved, but there are signs of increasing coordination among attackers. 'We seem to be seeing more organized groups now,' he said. Ariss' team has observed similar patterns, noting that some groups operate with defined roles and pre-planning, including surveillance and follow-home tactics. 'These attacks look less like one-off robberies and more like small kidnap or robbery crews specializing in crypto jobs,' Ariss stated. After obtaining funds, attackers tend to move quickly, often converting crypto assets into stablecoins and routing them across multiple chains, making recovery more difficult. France's role in this trend may be attributed to a mix of factors, including cases involving leaked personal data and cross-border criminal networks, Lopp said. Rising asset prices have increased the potential payoff from a single attack, while improvements in digital security have reduced the effectiveness of purely technical exploits. 'It's far easier than trying to rob a bank,' Lopp said. Another issue is visibility: wrench attacks might be significantly underreported because many are recorded as standard robberies or home invasions, with no mention of crypto. 'A large share of incidents are still recorded as simple robberies,' Ariss said, adding that the crypto element is often left out at the time of reporting, making it harder for authorities to connect cases or identify broader patterns. The increase in attacks has raised questions about the risks of self-custody, a core principle of cryptocurrency. Some security experts recommend measures such as multi-signature setups, withdrawal delays, and spending limits to reduce risk by limiting how much can be accessed under duress. 'If coercion cannot produce immediate access to the majority of funds, the risk and return change,' Ariss said. Such measures do not eliminate the threat but may reduce the incentive for attackers. As crypto adoption grows, attacks are becoming more frequent and severe, turning what was once a niche concern into a broader security risk.