CertiK: Europe drives rise in crypto ‘wrench’ attacks

Blockchain security firm CertiK reported 34 verified “wrench” attacks on cryptocurrency holders between January and April 2026, a 41% increase from the same period in 2025. The company estimated losses of about $101 million for those four months and projected roughly 130 such attacks by the end of 2026.

CertiK defines wrench attacks as physical assaults, kidnappings and extortion intended to force victims to surrender private keys or transfer digital assets.

January had the highest monthly count with 13 incidents, followed by five in February, 10 in March and five in April, CertiK reported.

The geographic pattern shifted sharply compared with 2025. Europe accounted for 82% of recorded attacks in the first four months of 2026, up from 39.5% for the full year of 2025. France logged 24 incidents in that period, exceeding its 2025 total of 20. Reported cases in North America fell from nine to three, and incidents in Asia dropped from 25 to two.

Telegram founder Pavel Durov posted that France saw 41 crypto-linked kidnappings in the first three-and-a-half months of 2026 and attributed part of the risk to leaked sensitive user data, including tax information. CertiK noted attackers increasingly buy names, addresses and financial profiles from online brokers rather than relying on physical surveillance.

More than half of the incidents in France involved a family member of the main target, and some relatives were attacked directly. Authorities in one case reported the 84-year-old mother of journalist Savannah Guthrie was kidnapped in an apparent $6 million Bitcoin ransom demand.

French prosecutors indicted 88 suspects in late April; more than ten of those charged were minors. Indictments included kidnapping, unlawful confinement, extortion and money laundering. CertiK observed that many alleged perpetrators in the cases reviewed are young.

Security specialists cited in CertiK’s report recommended reducing the public visibility of crypto holdings. They advised avoiding social media posts about wallet activity, profits or recent luxury purchases and keeping personal identities separate from crypto accounts when possible. CertiK added that strong passwords and hardware wallets do not by themselves prevent coercive physical attacks.

The phrase “wrench attack” comes from the joke that no encryption can withstand a “$5 wrench” applied to the right person. CertiK said if the current rate of incidents continues, total losses for the year could rise into the hundreds of millions of dollars.