Wrench attacks targeting cryptocurrency holders surged across Europe in the first four months of 2026, with documented losses reaching $101 million and 82% of incidents concentrated on the continent, according to CertiK’s Web3 security analysis. France emerged as the epicenter, accounting for the majority of attacks, a dramatic shift from the geographic distribution seen in 2025 when $52.2 million in losses were spread across Asia and North America. The trend marks a fundamental change in how criminals target crypto wealth: as wallet security improves, attackers are abandoning digital exploits for physical coercion.
Data Breaches Fuel Targeting Precision
The Waltio data breach in January 2026 and subsequent leaks from crypto accounting and exchange platforms provided attackers with detailed victim profiles: full names, home addresses, and financial holdings. CertiK noted that early 2026 marked a shift toward a “data-driven targeting model in which prior physical surveillance becomes unnecessary once attackers have the victim’s full name, home address, financial profile, and so on.” A tax official, Ghalia C, was accused of selling holder data to criminal networks. This intelligence-gathering phase has made attacks more efficient and scalable, reducing the need for prolonged stakeouts.
France’s Criminal Infrastructure Expands Rapidly
France’s National Prosecutor’s Office for Organized Crime reported 47 wrench attack incidents in 2026, though CertiK’s independent count documented 24 cases in the country. In April 2026, French authorities indicted 88 people for wrench attacks, including 10 minors. Attackers typically operate in small teams of 3-5 members, recruited via Telegram and Snapchat for “a few thousand dollars,” often posing as delivery drivers or police officers. The use of juveniles signals an intentional strategy: “the growing proportion of minors signals an increasing externalization of criminal liability toward profiles less exposed to mandatory minimum sentences,” CertiK stated.
Protocol Strength Shifts Threat to Physical Layer
Improvements in wallet security and protocol hardening have made digital theft increasingly difficult, forcing criminals to target the human element. “As the security of protocols and wallets tends to improve, the threat migrates toward the human link,” CertiK observed. This migration reflects a broader reality: cold storage, multisig schemes, and hardware wallet adoption have made theft of digital assets harder, but a victim under duress can surrender private keys or seed phrases in minutes. Projections suggest 130 incidents could occur by year-end 2026, with total losses potentially reaching “several hundred million dollars.”
Law Enforcement Response Remains Fragmented
While French authorities have begun coordinated indictments, international law enforcement coordination against wrench attack networks remains unclear. Jameson Lopp, Casa’s chief security officer, documented 31 attacks and tracked four mistaken-identity cases where attackers targeted the wrong individuals. No public statements on enhanced security measures have been issued by major crypto firms with French operations, including Ledger, Paymium, or Binance. The scale of the problem—and the speed of its acceleration—suggests that custodial solutions and executive relocation may become necessary security measures for high-net-worth crypto holders in Europe.
