Physical coercion attacks on crypto holders have accelerated sharply in 2026, with criminals broadening their target pool beyond individual owners to include spouses, children, and elderly parents, according to a report published Friday by blockchain security firm CertiK. The 34 verified incidents recorded between January and April represent a 41% increase over the same period in 2025, and losses of $101 million already nearly double the $52.2 million recorded across all of last year.

---

CertiK defines a "wrench attack" as a physical coercion event where criminals use violence or confinement to force victims to surrender private keys. The phrase references the XKCD comic (xkcd.com/538/), a widely recognized work illustrating that even unbreakable cryptography is vulnerable to physical intimidation.

What began as opportunistic street crime has matured into coordinated, transnational operations. Attackers now use open-source intelligence techniques, including social media scraping, leaked databases, and public blockchain analytics, to identify and profile targets before striking.

---

"Every time a wrench attack is successful, it tells the world that crypto owners are juicy targets," said Jameson Lopp, a Bitcoin developer who has maintained a global database of crypto-related physical attacks since 2014. His records show 188 total verified incidents spanning more than a decade, with the pace accelerating sharply: attacks logged between July 2024 and November 2025 alone accounted for more than a third of all incidents in his database.

Phil Ariss, a security expert at TRM Labs, described the evolution in simpler terms: "We're seeing a shift from 'find a wallet' to 'hunt a person.'"

---

Europe accounts for 82% of confirmed 2026 incidents, with France the center of the crisis. France's National Prosecutor's Office has recorded 47 attacks this year; CertiK's independently verified count stands at 24. In April, French authorities indicted 88 people in connection with alleged attacks, including 10 minors. The use of juveniles is a calculated tactic: organizers exploit juvenile participants to reduce exposure to mandatory minimum sentencing.

A French tax official was separately accused of selling sensitive taxpayer data on crypto investors to criminal networks, and a breach at Waltio, a French crypto tax platform, provided attackers with additional targeting information. French Interior Minister Laurent Nuñez and Minister Delegate Jean-Didier Berger have both publicly acknowledged the problem.

The most prominent individual case involved David Balland, co-founder of hardware wallet manufacturer Ledger, who was kidnapped alongside his wife in January 2025. A severed finger was sent to associates as a ransom demand. The family-targeting pattern extended further that same year: the daughter and grandson of a prominent crypto CEO were attacked in Paris's 11th arrondissement in May 2025, a case that illustrates how relatives have become deliberate primary targets rather than incidental leverage.

---

The reported geography of these incidents is likely incomplete. In South Asia and Africa, structural barriers suggest the actual numbers may be significantly higher than official counts indicate.

In Pakistan, a 23-year-old crypto influencer was kidnapped by roughly eight assailants in December 2025 and forced to transfer approximately $340,000 in Tether (USDT) before being released. In India, criminals have been documented using fake business meetings and manufactured romantic approaches to lure and isolate crypto executives. A former Coinbase customer service agent based in India was also arrested for allegedly accepting $250,000 in bribes connected to a crypto scam, reflecting how insider access has become a component of the broader targeting picture. India ranks among South Asia's largest retail crypto markets, making these patterns significant beyond individual cases.

In Nigeria, according to NBC News reporting, attackers have used "honey pot" tactics in which criminals pose as romantic partners to isolate and rob victims.

Victims in these regions face compounding reasons not to report: limited police capacity to investigate crypto-specific crime, fear of scrutiny over undisclosed wealth, and the absence of any legal framework that specifically addresses physical coercion attacks on digital asset holders. CertiK's verified dataset almost certainly undercounts incidents from Africa and South Asia, given the structural barriers to reporting in those regions.

---

Bloomberg Businessweek's investigation into the broader trend found that the victim profile has widened well beyond executives and founders. Teachers, construction workers, firefighters, and small retail investors have all been targeted.

This matters for users in emerging markets where crypto adoption is driven heavily by remittances and inflation hedging. In those communities, holdings are often visible within tight local networks, creating a practical reconnaissance opportunity for attackers who know which Telegram or WhatsApp groups to monitor.

---

CertiK projects up to 130 incidents and losses of several hundred million dollars by year-end 2026 if the current trajectory holds.

"Physical safety is now part of the crypto risk equation," the firm stated in its Skynet report.

Binance has begun rolling out its "Withdraw Protection" feature in response to the broader surge. Security best practices include multi-signature wallet setups, time-locked transactions that cannot be immediately drained under duress, and secondary "panic" wallets holding a small, plausible balance tied to a separate PIN.

For users anywhere, the most impactful behavioral change remains the most basic: do not publicly disclose holdings, on-chain or otherwise.