A report published by security firm CertiK on May 8, 2026 warns that Europe has become the global epicenter of so-called wrench attacks. A wrench attack is a physical “attack” aimed at gaining control of a virtual currency through coercion. From January to April this year, 34 confirmed cases were recorded around the world, of which 28 occurred in European territories, accounting for 82% of the total.
The study also points out, based on confirmed cases and official sources: 41% YoY increase compared to same period in 2025when 24 incidents were recorded. Associated losses, including actual thefts, ransoms paid, and recovered or frozen funds, amounted to approximately $101 million in just four months, and are projected to rise to approximately 130 cases per year if trends continue.
geographical distribution It shows that the phenomenon is clearly shifting towards Europe. While the continent is where most of the attacks are concentrated, other regions have recorded significant declines. During the same period, cases in Asia fell from 25 to two, in North America from nine to three, and in the Middle East from two to one.
Within Europe, France stands out as a major concentration point. The report noted that 24 incidents occurred in the country, compared to four in the same period last year. This increase is related to several structural factors, including the high presence of companies in the crypto sector and the public availability of relevant figures. Distribution of confidential data due to leakage In public and private organizations.
In this sense, the report refers to the ongoing investigation into tax abuses in France. Employee may have accessed taxpayer information To extract data related to cryptocurrency holdings. This data could then be used by criminal networks to identify targets.
Leaked data becomes the gateway
This analysis also identifies changes in attacker techniques. Unlike the previous stage, detailed personal information such as address, assets, and financial activities can be accessed, reducing the need for proactive physical surveillance. This has given rise to a “data-driven selection” model. Victims are selected from leaked or illegally obtained databases.
Another related element is Using family members and close friends as a means of pressure. According to the report, more than half of the incidents in France involve threats and attacks directed at the domestic environment, including spouses, children and even elderly parents, amplifying the psychological and operational impact on victims.
document It also includes some representative examples from this period. These include the case in which the mother of a journalist was kidnapped in the United States and held for ransom in Bitcoin (BTC), and the case in which a developer was physically threatened and forced to transfer approximately $24 million in digital assets. It has also been documented that a businessman associated with this sector was killed in Turkiye after a previous conflict related to cryptocurrencies.
In summary, the report concludes that risks within the ecosystem have evolved from a purely technical level to an identity-focused physical dimension, as reported by CriptoNoticias. As the security measures of networks and wallets improve, the weak points are Transferred to the user and their personal exposure.
As a precautionary measure, security experts recommend reducing the public exposure of cryptocurrency holdings, avoiding disclosing financial information on social networks or events, fragmenting asset custody, and using shared custody systems or institutional solutions where possible. Also Emphasizes the importance of digital discretion It is also important to minimize the personal data that is accessible online, as these have become a primary targeting vector.
(Tag translation) Bitcoin (BTC)
