Crypto Wrench Attacks Surge 75% in 2025, Europe Becomes Epicenter

The 2025 data from CertiK reveals a grim new reality for the crypto ecosystem. The 72 verified incidents represent what the report calls ‘a clear inflection point,’ confirming that physical coercion has become a core threat vector. The financial toll is substantial, with confirmed losses exceeding $40.9 million, a 44% increase from 2024. The brutality of these attacks is intensifying; while kidnapping remained the most common method, incidents involving physical assault jumped by a staggering 250%. This trend underscores a shift from digital theft to direct, violent confrontation, targeting individuals for their private keys and wallet access.

The report details that the first quarter of 2025 alone saw 21 incidents worldwide, with May being the most violent month, recording 10 attacks. These figures likely represent only a fraction of the true scale, as experts like cybercrime consultant David Sehyeon Baek have emphasized that crypto crime is ‘heavily underreported.’ The high-profile January 2025 kidnapping of Ledger co-founder David Balland and his wife in France, where attackers severed his finger and demanded a €10 million crypto ransom, exemplifies the extreme tactics now being deployed. The incident, which ended with a police manhunt and 10 arrests, highlighted the severe personal risks facing even prominent industry figures.

The most dramatic geographical shift occurred in Europe, which accounted for over 40% of global attacks in 2025, nearly double its 22% share in 2024. This surge has repositioned the region as the primary hotspot for crypto-related violence, overtaking previous leaders. France has emerged as the undisputed epicenter, recording 19 attacks throughout the year—more than double the eight incidents in the United States. This data is corroborated by a public wrench-attack database maintained by Jameson Lopp, CTO of security firm Casa, which shows seven of nine documented incidents this year occurred in France.

CertiK attributes Europe’s surge to proliferating ‘crypto-jacking’ groups in France, Spain, and Sweden. The situation in France is particularly concerning, with analysts pointing to the country’s relatively high crime rates and sophisticated targeting methods. A June 2024 case, cited in the report, saw French prosecutors charge a tax official with abusing government databases to identify crypto investors and allegedly passing their details to organized crime groups. This indicates a level of insider access and coordination that makes investors exceptionally vulnerable. As David Sehyeon Baek noted, ‘What we are really seeing is just the tip of the iceberg.’

While Europe’s share grew, the United States saw its proportion of global incidents drop sharply from 36.6% in 2024 to 12.5% in 2025. However, Asia remained a persistent high-risk zone, accounting for 33.3% of attacks. The nature of targeting in Asia has shifted, with criminals increasingly focusing on crypto-tourists and expats in hubs like Thailand and Hong Kong, a change from earlier years when attacks were more concentrated among local residents in Asia and North America.

In response to this escalating physical threat, CertiK’s report outlines critical defense strategies for individuals and institutions. For individuals, key recommendations include maintaining decoy wallets with plausible amounts of cryptocurrency that can be surrendered immediately to satisfy attackers. The firm also advises enforcing geographic separation between seed phrases and hardware wallets and minimizing one’s public crypto footprint by avoiding portfolio screenshots and wallet address disclosures on social media.

For institutions and high-net-worth individuals (HNWIs), the recommended security architecture becomes more complex. CertiK advises implementing multi-signature wallet setups, such as 2-of-3 or 3-of-5 signature schemes, which require multiple approvals for transactions, thereby negating the value of coercing a single person. Other institutional safeguards include using time-locked smart contracts that enforce mandatory delays on large withdrawals and establishing formalized executive protection protocols that extend to family members and close associates. These measures are designed not just to protect assets like BTC and ETH but to fundamentally reduce the effectiveness of physical coercion as a criminal strategy.