Inside the rise of wrench attacks against crypto holders and how France has become the focus

France is facing a rise in crypto-related kidnappings as so-called “wrench attacks” become more frequent, brazen and violent.

That shift was visible this week amid the staging of an annual international blockchain and crypto conference. A police motorcade escorted VIP guests to a dinner at the Palace of Versailles. And security was also notably reinforced at the Carrousel du Louver, where the conference was taking place.

Wrench attacks in France have put the country so notably under the international spotlight that government officials took the stage at the conference in Paris to acknowledge their alarm at the scale of the problem. They said that this year alone, the country has suffered at least 41 crypto-related kidnappings and home invasions. That’s one every two to three days.

Jean-Didier Berger, Minister Delegate to the Interior Ministry, said a new set of measures is being prepared with Interior Minister Laurent Nuñez to tackle the growing issue. A prevention platform has already drawn thousands of registrations, but authorities say further steps are needed as incidents continue to rise.

Wrench attack epicenter

The country has become the epicenter of a global rise in wrench attacks. Across multiple jurisdictions, attacks on crypto holders are becoming more frequent and more violent, according to security researchers and law enforcement data.

Globally, the trend is also on the rise. In 2025, there were 72 verified physical coercion incidents globally, a 75% increase from the previous year, according to Certik and crypto researcher Jameson Lopp’s data, which tracks 188 attacks since 2014. Many more go unreported, he said. Cases involving physical assault rose even faster, up 250% year-over-year.

The term “wrench attack” refers to the use of physical force to extract access to digital assets. For some attackers, it is easier to coerce a person than to break encryption.

“Every time a wrench attack is successful, it tells the world that crypto owners are juicy targets,” Lopp told CoinDesk.

Unlike traditional bank transfers, crypto transactions cannot be reversed. Once a victim authorizes a transfer under duress, the funds can be moved quickly across wallets and chains.

Attackers seek points of weakness

Researchers say the way attackers identify victims has also changed.

“We’re seeing a shift from ‘find a wallet’ to ‘hunt a person,’” Phil Ariss of TRM Labs told CoinDesk. Rather than scanning for technical vulnerabilities, attackers build profiles, he added. They look at social media activity, public appearances and leaked datasets. They track routines and identify points of weakness.

“The biggest avoidable mistake is tying real-world identity, location and routine too tightly to visible crypto wealth,” Ariss said.

The problem is exacerbated when attackers get a helping hand from government officials. In one widely known case, in which a French tax official sold wrench attackers sensitive data. The case raised concerns among security experts that insider leaks and compromised state data were feeding directly into wrench attacks.

The pool of potential victims has widened, with mid-level holders increasingly being targeted, sometimes based on limited or indirect signals.

Anybody is a potential victim

Cases now include families, with children targeted alongside crypto-holding parents, making the attacks harder to categorize by severity.

In January 2025, Ledger co-founder David Balland was kidnapped in France along with his partner. During the attack, one of his fingers was severed and sent to associates as part of a ransom demand. He was rescued after a police operation.

Other cases have involved prolonged captivity and torture, such as one in New York, where a crypto investor was held for more than two weeks. In Canada, a home invasion escalated into waterboarding and sexual violence as attackers attempted to force access to funds.

Lopp said both opportunistic and organized groups are involved, but there are signs of increasing coordination. “We do seem to be seeing more organized groups now,” he said.

TRM Labs’s Ariss says his team has observed similar patterns, noting some groups operate with defined roles and pre-planning, including surveillance and follow-home tactics.

“These look less like one-off robberies and more like small kidnap or robbery crews specializing in crypto jobs,” Ariss said.

After funds are obtained, attackers tend to move quickly and frequently the crypto assets they attain are converted into stablecoins and routed across multiple chains, making recovery more difficult.

France’s role in this trend may reflect a mix of factors, Lopp said, including cases involving leaked personal data and cross-border criminal networks.

Rising prices, heftier loot

More broadly, rising asset prices have increased the potential payoff from a single attack, while improvements in digital security have reduced the effectiveness of purely technical exploits.

“It’s far easier than trying to rob a bank,” Lopp said.

Another issue is visibility: wrench attacks might be significantly underreported because many are reported as standard robberies or home invasions, with no mention of crypto.

“A large share of incidents are still recorded as simple robberies,” Ariss said, adding that the crypto element is often left out at the time of reporting, which can make it harder for authorities to connect cases or identify broader patterns.

The increase in attacks has raised questions about the risks of self-custody, a core principle of cryptocurrency.

Some security experts point to measures such as multi-signature setups, withdrawal delays and spending limits as ways to reduce risk by limiting how much can be accessed under duress.

“If coercion cannot produce immediate access to the majority of funds, the risk and return changes,” Ariss said. Such measures do not eliminate the threat but may reduce the incentive for attackers.

As crypto adoption grows, attacks are becoming more frequent and severe, turning what was once a niche concern into a broader security risk.