A report from security firm CertiK, published on May 8, 2026, warns that Europe has become the main global focus of so-called wrench attacks, which are physical “assaults” aimed at gaining control of cryptocurrencies through coercion. Between January and April of this year, 34 verified incidents were recorded globally, of which 28 occurred in European territory, representing 82% of the total.
He studybased on confirmed cases and public sources, also points out a year-on-year increase of 41% compared to the same period in 2025when 24 incidents were recorded. The associated losses—including actual thefts, ransoms paid, and recovered or frozen funds—reach approximately $101 million in just four months, with a projection that places the year at around 130 cases if the trend continues.
Geographic distribution shows a clear shift of the phenomenon towards Europe. While the continent accumulates the majority of attacks, other regions register significant drops: Asia goes from 25 to 2 incidents, North America from 9 to 3 and the Middle East from 2 to 1 in the same period.
Within Europe, France stands out as the main concentration point. The report documents 24 incidents in the country, compared to 4 in the same period last year. This increase is linked to several structural factors, including the high presence of companies in the cryptocurrency sector, the public exposure of relevant figures and the circulation of sensitive data from leaks in public and private organizations.
In this sense, the report mentions ongoing investigations into the misuse of tax systems in France, where employees would have accessed taxpayer information to extract data related to cryptocurrency holdings. This data would have subsequently been used by criminal networks to identify targets.
Leaked data is the gateway
The analysis also identifies a change in the attackers’ methodology. Unlike previous stages, access to detailed personal information – such as addresses, assets or financial activity – reduces the need for prior physical surveillance. This has favored a “data-driven selection” model, in which Victims are chosen from leaked or illegally acquired databases.
Another relevant element is the use of family members or close people as a pressure mechanism. According to the report, more than half of the cases in France involve threats or attacks directed at family environments, including spouses, children or even elderly parents, which amplifies the psychological and operational impact on the victims.
The document It also includes several representative cases of the period. Among them is the kidnapping of a journalist’s mother in the United States, with a ransom demand in bitcoin (BTC), and an attack in which a developer was forced to transfer approximately $24 million in digital assets under physical threats. The murder of a businessman linked to the sector in Türkiye is also documented after a previous conflict related to cryptocurrencies.
Altogether, the report concludes that the risk within the ecosystem has evolved from a purely technical level to a physical dimension focused on identity, as reported by CriptoNoticias. As security measures in networks and wallets improve, the weak point is transferred to the user and their personal exposure.
As a preventive measure, security experts recommend reducing public exposure of cryptocurrency holdings, avoiding the disclosure of financial information on social networks or events, segmenting asset storage, and using shared custody systems or institutional solutions when possible. Also The importance of digital discretion is emphasized and the minimization of personal data accessible online, as these have become the main targeting vector.