Skip to main content

Europe records surge in wrench attacks on crypto assets, $101M lost



Crypto-wrench attacks—a violent, physically coercive form of robbery targeting crypto holders—escalated sharply in the first months of 2026, according to a report from Web3 security firm CertiK. The firm tallies 34 verified incidents worldwide through April, with estimated losses near $101 million. Europe accounted for the vast majority of these attacks, a shift CertiK described as a notable concentration after a gradual tilt toward Europe observed in 2025.



France sits at the center of the surge. CertiK records 24 wrench attacks in France this year, a figure echoed by the country’s own prosecutors who reported 47 incidents in 2026. The convergence of criminals near major crypto firms—such as Ledger, Paymium and Binance—appears to have helped propel France to the forefront of this new threat landscape. The trend is unfolding as data breaches and doxxing culture feed attackers with targets’ personal and financial details, enabling more precise, premeditated pressure on crypto asset holders.



Key takeaways



  • 34 wrench attacks documented through April 2026, with Europe representing about 82% of incidents—signaling a continental concentration of risk.

  • France has become the primary hotspot, recording 24 attacks this year; prosecutors have cited up to 47 incidents in 2026.

  • Criminal teams are typically small, operating from outside the target country, and often composed of three to five people who disguise themselves as delivery drivers or law enforcement.

  • The attackers frequently recruit via messaging apps for a few thousand dollars, reflecting a largely amateur ecosystem rather than highly professional syndicates.

  • Security improvements in protocols and wallets appear to be shifting risk toward the human layer, with data-driven targeting becoming more prevalent and potentially more dangerous.



Europe’s wrench-attacks: a continental escalation


The new CertiK data underline a troubling acceleration in wrench attacks, which combine physical coercion with the theft of crypto assets. The 34 incidents observed in the opening months of 2026 represent a doubling of the year-ago pace in losses, with Europe taking the lion’s share. CertiK’s analysts note a marked change in the threat model: as cyber protocols and wallet security strengthen, attackers increasingly pivot to the human vulnerability—the hand that holds the keys.



“Our 2025 report documented a gradual tilt from Asia and North America toward Europe, and these first four months of 2026 mark a European hyper-concentration,” CertiK said in presenting the update. The pattern suggests a broader, regionalized risk rather than a uniform, global threat, complicating law enforcement and private-sector defense alike.



Industry observers have long warned that wrench attacks exploit the weakest link in the security chain—the person with access to assets. The latest data reinforce that warning, indicating a shift from purely technical weaknesses to socially engineered, physically invasive schemes that rely on misdirection and coercion to seize crypto holdings.



France: a nexus of risk as data and criminals converge


France’s surge in wrench-attacks has raised alarms about both the criminal ecosystem and the data environment surrounding crypto. CertiK notes 24 attacks in France this year, while public FiscalĂ­a records and press reporting put 2026 incident counts in the mid-to-high 40s range. The country’s prominence in the wrench-attack narrative is linked to the presence of French- and international crypto firms and executives in major hubs, a factor CertiK says has attracted both legitimate activity and adversaries seeking easy targets.



Compounding the risk is a data leakage ecosystem: the Waltio breach in January and allegations against a crypto tax official—a case involving the alleged sale of asset-holder data to criminal networks—highlight how compromised personal data can empower attackers. CertiK argues that a broader culture of doxxing and public-facing crypto persona sharing also fuels this threat stream by enabling attackers to assemble precise victim profiles quickly.



“Early 2026 marks the shift to a data-driven targeting model in which prior physical surveillance becomes unnecessary once attackers have the victim’s full name, home address, financial profile, and so on,” CertiK observed. The practical consequence is a higher likelihood of successful coercion and a more devastating impact even when the overall security of a protocol remains high.



In the broader context, blockchain intelligence firm TRM Labs warned last year that wrench attacks have been rising, driven by the perceived pseudonymity of crypto transactions, visible wealth, and the ease with which assailants can assemble personal data online. The France-focused wave adds urgency to that assessment, suggesting that the country’s crypto ecosystem is increasingly visible and thus attractive to criminal networks.



How the teams operate—and why most are still amateurs


CertiK’s review paints a picture of relatively informal, ground-level criminal operations rather than tightly controlled, professional outfits. Across documented cases, the masterminds are often located outside the target country, while the on-the-ground crews consist of three to five people who frequently rely on plausible misdirections—delivery drivers, service providers, or even impersonating police—to coax victims into surrendering assets.



These groups commonly connect via messaging apps such as Telegram or Snapchat, with recruitment often paying only a few thousand dollars. In many instances, team members don’t know each other before joining a scheme, underscoring the ephemeral, loosely organized nature of this crime set. The trend suggests that wrench attacks are a flexible, bottom-up criminal model that can scale through simple, repeatable methods rather than through sophisticated, centralized planning.



The human element remains the most exposed target. Industry observers point out that even the most secure wallets and protocols can be undermined when a holder is pressured in person or over the phone, especially when attackers exploit personal data that victims themselves may have shared in professional or social contexts.



In a separate line of related reporting, Jameson Lopp, chief security officer at Casa, has tracked wrench-attacks transitions in real time, noting that several cases on his list were misidentified previously. He has documented 31 wrench-attacks so far this year, highlighting the ongoing challenge for researchers and law enforcement in verifying incidents in a fast-moving threat landscape. Separately, France’s crackdown appears to be expanding, with at least 88 people indicted in April over alleged wrench-attacks on crypto owners in the country, including 10 minors, illustrating how criminal liability is broadening in response to this crime wave.



Amid the rising incidence in France, CertiK’s analysis emphasizes a sobering takeaway: as the crypto ecosystem hardens against software exploits, the human layer—misinformation, intimidation, and social engineering—will likely remain the most efficient route for criminals to access and extract assets.



What this means for investors, users, and builders


The wrench-attack trend reframes risk for participants across the crypto space. For holders and ordinary users, the events underline the importance of operational security practices that go beyond securing keys and wallets—such as verifying identities, safeguarding personal data, and maintaining separation between online accounts and real-world contact information. For exchanges, custodians, and wallet providers, the data highlights the need to integrate risk signals that account for social engineering attempts and to support customers with education and verification protocols that can withstand rapid, in-person pressure.



For policymakers and law enforcement, the European concentration and France’s central role raise questions about cross-border cooperation and the speed with which they can identify, deter, and prosecute individuals involved in wrench schemes. The data also suggest that as on-chain analytics improve and the public profile of crypto wealth grows, the “human layer” will demand new layers of protection and faster, more targeted responses from authorities.



Looking ahead, CertiK’s forecast leans toward caution: if the pace of 2026 sustains through the rest of the year, the number of wrench-attacks could approach 130, with losses possibly entering the hundreds of millions of dollars. That projection makes ongoing vigilance and proactive defense essential for the crypto community as it navigates a threat landscape that now intimately ties digital wealth to real-world risk.



Readers should watch for official updates on incident counts as well as legal outcomes from French authorities, which will shed light on the evolving balance between personal privacy, data security, and the criminal behaviors that exploit both.



https://www.cryptobreaking.com/europe-records-surge-in-wrench/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=Europe%20records%20surge%20in%20wrench%20attacks%20on%20crypto%20assets,%20$101M%20lost%20
Labels:

Comments

Post a Comment

Popular posts from this blog

Coinbase's x402 launches AI agents app store for payments

Coinbase-backed x402 has unveiled Agentic.market, a dedicated marketplace aimed at increasing the usefulness of AI agents by aggregating thousands of apps and services that agents can access without any API keys. The rollout positions the platform as a central hub for agents to discover, evaluate, and deploy capabilities across a standardized payments layer. Coinbase product lead Nick Prince described Agentic.market in a video posted on X as a storefront for discovering, comparing, and using x402 services. The marketplace is designed to give both humans and their AI agents access to a wide range of tools—from data feeds to consumer apps—without the friction of managing API credentials. A storefront for discovering, comparing, and using x402 services. Thousands of services. Zero API keys. Powered by x402. Prince added that the market offers a web interface for humans to browse and assess services, alongside a programming layer that lets AI agents autonomously search, filter, and integra...
Post a Comment
Read more

Ethereum Foundation closes third OTC sale, moves 10,000 ETH to BitMine

The Ethereum Foundation has completed a third over-the-counter sale of ETH to BitMine Immersion Technologies, offloading 10,000 ETH at an average of $2,292 per coin — roughly $22.9 million. The move continues a pattern of regular Foundation exits into a single counterparty, with the latest transaction following a similar 10,000 ETH sale completed just a week earlier at $2,387 per ETH. In total, the Foundation has moved about $47 million worth of ETH to BitMine over the past week, according to an official post on X. The Foundation said the proceeds will support its core operations and activities, including protocol research and development, ecosystem development, and community grant funding. The disclosure comes after the Foundation unstaked 17,035 ETH last week, worth about $40 million, a move that appears to undercut a previously stated target of reaching 70,000 ETH staked. The evolution of the Foundation’s treasury activities has kept market observers watching how the ETH reserve is ...
Post a Comment
Read more

Top Cryptocurrencies to Watch: BTC, ETH, BNB, XRP, Solana, Dogecoin & More

Market Analysis and Price Predictions for Key Cryptocurrencies Recent market dynamics reveal a cautious sentiment across the cryptocurrency landscape, with Bitcoin struggling to maintain levels above $90,000 and many major altcoins facing downward pressure. Indicators point toward reduced participation from both institutional and retail investors, raising concerns about a potential consolidation phase after notable gains earlier in the year. Bitcoin has fallen below $87,000, reflecting waning demand at higher price points. Institutional fund flows into BTC and ETH ETFs have turned negative, indicating a period of subdued market activity. Active addresses and Binance deposit/withdrawal activities are at annual lows, suggesting market indecision. Most leading altcoins are approaching support levels, with some poised for potential breakdowns. Tickers mentioned: Bitcoin, Ethereum, Binance Coin, XRP, Solana, Dogecoin, Cardano, Bitcoin Cash, Chainlink, Hyperliquid Sentiment: Neutral to Sli...
Post a Comment
Read more