Actifs numériques
France Crypto Wrench Attacks: How to Stay Safe
Cryptocurrencies are among the most secure ways to store money, as the underlying encryption is virtually impossible to break using digital means. Although this might possibly change due to quantum computers, upgrades to post-quantum encryption methods will likely keep all major blockchain projects safe.
However, another type of risk is much trickier to handle with crypto assets, the so-called wrench attacks.
The term “wrench attack” comes from a famous satirical XKCD comic that illustrates a simple idea: instead of breaking complex encryption, the attacker simply threatens someone with a $5 cheap wrench until they reveal their password. Because the victim is physically present and being coerced, even the strongest cryptographic safeguards become irrelevant here.
Source: XKCD
And surely, personal threats, blackmail, and other “personal” targeting have long been known to be the weakest point in any security system. This is why, for example, institutions like the military or intelligence services are especially on the lookout for such risks.
The issue is that while military personnel and government employees can count on a massive and powerful apparatus to protect them, individual investors do not. So this makes wrench attacks especially popular with criminals looking to steal cryptos and willing to hurt or threatened to hurt innocents with wrenches, knives, guns, etc.
And of course, this puts the stealing of crypto within reach of “ordinary “ criminals, and not just cybercriminal masterminds.
A recent shocking criminal case illustrates this point, as the French authorities are charging 88 different people for a series of 12 successive “wrench attacks” in the country against crypto owners.
So what happened in France, and what does it say about how the cryptocurrency ecosystem can reduce the prevalence and risks of wrench attacks?
Cryptos’ Sensitivity To Wrench Attacks
The very nature of blockchain and cryptos also makes wrench attacks more difficult to handle than with other assets like bank accounts or valuable items.
Precious items are generally insured against theft and need to be physically carried away. Reselling them without getting caught can also be difficult for the thieves, especially for the most valuable items like luxury cars, antiques, or art pieces.
Meanwhile, bank transactions can be canceled once the transaction is proven to be fraudulent, or the funds can be recovered once proven to be from criminal origins. Baking institutions pay a lot for complying with extensive KYC (Know Your Customers) regulations for this very purpose (as well as avoiding accidentally laundering money).
However, crypto transactions are made to be anonymous, secure, and, more importantly, irreversible. There is no centralized authority to appeal to, no judge’s decision that can easily reverse a transaction.
In addition, most experienced criminals will quickly complete the transaction so that cryptos are sent out of the country, a seamless process enabled by blockchain’s natural ability for cross-border transactions, making the case more complex for the authorities to handle.
Another problem is that while some blockchains are focused on anonymity, transactions are often visible and permanent in the public ledger. If a crypto address is linked to a person’s real-life data, it gives criminals a clear view of exactly how much can be stolen. And of course, those who publicly discuss their crypto wealth at industry events or on social media can become attractive targets.
These characteristics are, of course, what make cryptos attractive in the first place. It makes them free from state interference, the risk of bank failures, and the persistent problem of fiat currency money printing.
But it also comes with the associated risks from wrench attacks.
The French Crypto Theft Explained
Rising Wrench Attack Numbers
In April 2026, the French authorities announced that at least 88 people, including 10 minors, were being indicted in connection with alleged wrench attacks against crypto owners in France.
75 of the alleged offenders are being held in pre-trial detention, with the arrests related to 12 cases currently under investigation by specialized investigating judges of the Paris Judicial Court and monitored by the National Prosecutor’s Office for Organized Crime (PNACO).
This is especially concerning as the number of wrench attacks in the country is steadily rising, as the value of crypto assets has risen, and criminals are getting more familiar with them. PNACO has recorded 18 incidents in 2024, 67 in 2025, and 47 so far in 2026.
“The acts in question, particularly under the legal classifications of arrest, abduction, organized group sequestration, extortion, and attempts of organized group extortion, are of particular seriousness, both due to the harm caused to individuals and the methods used to obtain transfers of crypto-assets under duress.”
Vanessa Perrée -France’s national prosecutor for organized crime
The French government is emphasizing the importance of “avoiding overexposure on social networks that could make them targets” and to remain wary of scams that could collect personal information and make wrench attacks easier, more likely, or more dangerous.
Government Data Mishandling To Blame?
VK and Telegram founder, cybersecurity expert, and crypto enthusiast Pavel Durov does not agree that the recent surge in wrench attacks in France is to blame only on crypto users. Instead, he claims that a massive tax database leak and a French tax official selling crypto data to criminals are the root cause of the surge in wrench attacks.
Source: Pavel Durov
And indeed, the French government has been compiling tax data related to crypto, indirectly revealing who owns how much. This gave corrupt government agents the opportunity to take these data and resell it to criminals.
“Ghalia C., a former French tax official, was detained in June 2025 after allegedly selling data on crypto professionals and investors to criminals, which was then used to facilitate physical attacks and extortion.”
How many of the recent wrench attacks are linked to these leaks
It should be noted that Pavel Durov is not on very good terms with the French government, after a row over his arrest in 2024 for refusing to moderate Telegram. So while Pavel’s criticisms ring true, he is also likely more than happy to show the risks of the French government having access to too much personal digital data. As he said himself:
“That’s why Telegram would rather leave the French market than give their corrupt bureaucrats access to private messages.”
As cryptos move to the mainstream, more and more third parties, such as government agents, bank employees, and others, are gaining access to an individual’s crypto holdings data.
And indeed, weak links in cybersecurity and more intrusion in crypto privacy by the government might explain the over-representation of Europe in wrench attacks in 2025, making it the most dangerous region in the world for this type of attack.
Source: Certik
This could be a dangerous trend, as the more encryption and cybersecurity increase, the more wrench attacks could become the default way for criminals to get their hands on crypto assets illegally. And while both digital and physical theft can cause several losses, wrench attacks also carry serious risks of physical harm.
“It is easier to frighten and threaten a human to transfer their cryptocurrency than it is to hack a protocol or a wallet.”
Comment se protéger des attaques à la clé à molette
Obviously, the best way to never become a victim of a wrench attack is for the criminal to have no idea you own any cryptos. Then the risk is not larger than the average risk of robbery or home invasion.
“In general, the best thing Bitcoiners can do to stay safe is to remain private. The goal should be to avoid becoming a target.”
Jameson Lopp, an early Bitcoiner and co-founder of Bitcoin security provider Casa
Another way is to not make crypto ownership obvious, so that an “ordinary” robbery does not get crypto stolen as well. This starts with not talking about it, but also by removing obvious signs of crypto activity.
“Remove crypto-related apps from your primary smartphone used in public, and use a dedicated laptop for high-value transactions that never leave your secure perimeter.”
Another element can, of course, be to increase your own physical security. Direct attacks on a person are nothing new and have been a risk for high-net-worth individuals since the dawn of time.
Many crypto-rich individuals are new to this level of wealth and might need to upgrade their security systems, change habits, and adapt to the fact that they have become high-value targets for hardened criminals and organized crime networks. Home protection systems or private security are a necessary expense beyond a certain level of wealth.
Lastly, large holdings, be it in cash, cryptos, or other assets, might not be possible to secure in a fully decentralized structure. One of the reasons the state and large institutions emerged as providers of safety of last resort is that they are rather good at it.
So to secure large holdings, crypto holders should also consider using institutional custody solutions, which often include insurance and off-site storage, thereby minimizing the risk of physical coercion.
Investing In Crypto Safety
There is no one way to fully remove the risk of wrench attacks, just as there is no perfect solution against any form of physical attacks from criminals targeting a person’s assets.
However, besides the general security advice already mentioned, a few extra options can be considered.
One is to invest primarily in privacy-focused blockchains, like, for example, Monero (XMR ). While not preventing coercion, privacy blockchains and privacy tools like SNARKs can make it harder for attackers to know exactly how much wealth you hold, reducing the likelihood of becoming a target.
Another technical option is time-locked wallets. These are highly effective because they allow you to submit a transaction, but it cannot be processed for 24–72 hours. This would, of course, not remove the risks in case of outright kidnapping for several days, but would give a victim or the police time to react compared to a traditional wallet and crypto transaction.
Another option is collaborative custody, for example, like the one provided by Casa. These services use multi-signature, where a 2-of-3 or 3-of-5 key setup ensures you keep one key at home, one in a safe deposit box, and one with a third party. This way, an attacker cannot force you to reveal all keys at once.
In any case, true security is only achieved through a combination of methods, and the more assets, the more risks and security requirements will be required to keep both the assets and the people safe.
