Global losses from crypto wrench attacks reached $101 million in the first four months of 2026, nearly doubling the $52.2 million recorded in all of 2025. According to Web3 security firm CertiK, 34 documented attacks occurred, with Europe accounting for 82% of incidents — a stark concentration compared to previous years. France emerged as an epicenter, hosting 24 attacks, which CertiK attributes to the presence of crypto executives and data leaks exposing holders' personal information. The attackers increasingly use a data-driven targeting model, leveraging leaked personal data from breaches — such as the Waltio accounting firm incident and a tax official accused of selling data — to identify victims without prior surveillance. Criminal teams are often recruited via messaging apps like Telegram or Snapchat, typically consisting of 3-5 amateurs posing as delivery drivers or police officers. As protocol and wallet security improves, physical coercion has become the most economically rational attack path. For wallet and key holders, this trend underscores the importance of operational security: limiting public disclosure of crypto holdings, using anonymous home addresses where possible, and being cautious of in-person meetings or unexpected deliveries. The rise of data leaks amplifies the risk, making it essential to monitor for compromised personal information and consider physical security measures, especially for high-value holders. The criminal liability shift toward minors also suggests a growing ecosystem of disposable attackers.

Key facts

• 34 crypto wrench attacks in early 2026 caused $101M in losses.
• Europe saw 82% of attacks; France had 24 incidents.
• Data leaks enable attackers without prior surveillance.
• Criminal teams are often amateurs recruited via messaging apps.
• 88 people indicted in France, including 10 minors.