Physical coercion attacks on cryptocurrency holders, known as 'wrench attacks,' have accelerated sharply in 2026, causing $101 million in losses in just the first four months, according to a new report by blockchain security firm CertiK. There have been 34 verified incidents globally, a 41% increase over the same period in 2025, putting 2026 on pace for an estimated 130 attacks and hundreds of millions of dollars in losses for the full year.
Europe has become the epicenter, accounting for 82% of all recorded attacks (28 of 34), with France alone reporting 24 assaults so far this year—already surpassing the 20 recorded throughout 2025. Last year, the French Ministry of the Interior met with industry leaders after the kidnapping and torture of Ledger co‑founder David Balland and his wife. CertiK attributes France’s prominence to the presence of high‑profile crypto companies like Ledger and Binance, numerous local data leaks, and a 'culture of flexing and voluntary doxxing' within the community.
The criminal modus operandi has evolved. Small ground crews of 3–5 individuals, often recruited via Telegram or Snapchat, now operate under orchestrators based abroad, frequently in Morocco, Dubai, or Eastern Europe. A data‑driven targeting model is replacing physical surveillance: attackers buy personal information—full names, home addresses, financial profiles—from online brokers. Moreover, more than half of this year’s incidents involve a family member (spouse, child, elderly parent) as either a direct victim or a pressure lever. Access techniques remain largely unchanged, with the persistent use of 'doorbell vectors' (fake delivery personnel, fake police) and 'honeypots' (fictitious business meetings, fake OTC deals).
CertiK warns that wrench attacks have become an established threat vector that software security alone cannot mitigate. Experts believe many assaults go unreported due to their nature, meaning the real toll is likely higher.
