Crypto security firm CertiK has reported a significant increase in “wrench attacks,” a form of extortion that involves physical coercion and threats, with an estimated $101 million lost by victims in the first four months of 2026. This trend suggests that annual losses could reach several hundred million dollars if the current rate persists. The firm notes that these attacks, which overcome even robust digital security measures, have become an established threat vector for cryptocurrency holders.
Key Takeaways
- Crypto wrench attacks have seen a 41% increase globally in the first four months of 2026 compared to the same period in 2025, with 34 verified incidents.
- Victims have lost approximately $101 million in 2026, projecting potentially hundreds of millions in annual losses.
- There is a shift towards “data-driven targeting,” where attackers acquire victim information from online brokers.
- Attackers are increasingly targeting family members of primary targets, either directly or as leverage.
- Europe, particularly France, accounts for the majority of these attacks, with 24 incidents recorded in France in early 2026.
While 2025 marked a record year for reported crypto-related wrench attacks with approximately 70 physical assaults, CertiK’s latest report indicates a continued escalation in 2026. The firm has verified 34 incidents globally thus far in 2026, representing a 41% surge over the comparable period in the previous year. This trajectory could lead to an estimated 130 incidents and substantial financial losses for the full year.
Geographically, Europe has emerged as the primary hotspot for these attacks, with 82% of the reported incidents (28 out of 34) occurring on the continent. France, in particular, continues to be a focal point, recording 24 assaults in early 2026, surpassing its total from the previous year. This situation has prompted discussions between the French Ministry of the Interior and crypto industry leaders, particularly following the high-profile kidnapping of Ledger co-founder David Balland and his wife.
CertiK attributes the heightened activity in France to several factors, including the presence of major industry players like Ledger and Binance, a history of significant data leaks, and a perceived culture of ostentatious wealth display and voluntary personal information sharing within the community. The report also sheds light on the operational structure of these attacks, often involving small, young teams recruited via social media platforms for ground operations, with orchestrators frequently located abroad in jurisdictions like Morocco, Dubai, and Eastern Europe.
A notable evolution in attack methodology is the increasing adoption of a “data-driven targeting” model. This approach involves purchasing comprehensive victim profiles, including personal and financial details, from online data brokers. This minimizes the need for extensive physical surveillance and allows attackers to prepare more effectively. The process often includes acquiring data lists, employing coordinators, and subsequently laundering the illicit gains.
Furthermore, there is a concerning trend of attackers targeting “proxies,” with over half of the incidents in 2026 involving family members of the primary target, such as spouses, children, or elderly parents. These family members are either victimized directly or used as instruments of pressure to extort the primary target.
Despite the increasing reliance on digital intelligence gathering, the methods for gaining physical access remain consistent with previous years. Common tactics include impersonating delivery personnel or law enforcement officers (the “Doorbell Vector”) and exploiting opportunities presented through fictitious business meetings or fake over-the-counter trading deals (the “Honeypot”).
Regulatory Precedent and Legal Implications
The escalating sophistication and geographical concentration of wrench attacks present significant challenges for global regulatory bodies and law enforcement agencies. The reliance on international coordination for investigation and prosecution is paramount, especially given the trans-national nature of the operations, with orchestrators often based in different jurisdictions than the victims. This underscores the need for robust international cooperation frameworks to combat cryptocurrency-related crime. The increasing targeting of individuals’ families introduces a complex ethical and legal dimension, potentially escalating the severity of penalties for perpetrators if such tactics are deemed to constitute aggravated coercion or kidnapping.
Original article : www.theblock.co