Certificate He noted that wrench attacks—brutal physical attacks aimed at forcing cryptocurrency holders to hand over private keys or digital assets—have evolved into a sophisticated, transnational criminal enterprise. These incidents combine open-source intelligence gathering, social engineering, and outright violence, including kidnapping and extortion (among other incidents). financial crime).
Accordingly blockchain security firm CertiK has already seen a sharp increase in such cases in the first four months of 2026, underlining how the human element has become the primary vulnerability in an otherwise hardened blockchain ecosystem.
From January to April 2026CertiK has documented 34 confirmed wrench attacks worldwide; This represents a 41 percent increase compared to the 24 events recorded during the same period in 2025.
The monthly figures reveal a shifting pattern: 13 cases in January, a drop to five in February (possibly due to pressure from European police in late January), a recovery to 10 in March and five in April.
Total estimated losses from ransoms, frozen funds and other demands reached approximately $101 million. If this pace continues, it could exceed 130 attacks for the entire year and result in losses of up to hundreds of millions of dollars.
These numbers Certificate The warnings represent just the tip of a global problem that is underreported.
Geographically, threatening has changed dramatically EuropeThis rate accounted for 82 percent of cases (28 out of 34 cases), compared to only 39.5 percent in the whole of 2025. France emerged as the epicenter, recording 24 cases; This is more than the previous year’s total for the country.
Other affected regions include the UK, US, Belgium, Hong Kong, Philippines, Spain and Turkey, while North America and Asia decreased significantly.
High-profile cases demonstrate the brutality and scope of these operations. in Istanbul, Chinese entrepreneur Yong Wang He was kidnapped, stolen crypto assets and murdered in January; This was the first confirmed crypto-related murder of the year.
In the United States, the 84-year-old mother of journalist Savannah Guthrie was held to ransom of $6 million in Bitcoin, highlighting the tactic of targeting family surrogates.
inside EnglandProminent crypto personality and game developer Sillytuna was overpowered by armed assailants, threatened with violence, and quickly forced to transfer nearly $24 million in laundered assets into Monero.
Certificate identifies several emerging patterns. Criminals now rely on “data-driven targeting,” accessing victims’ names, addresses and financial profiles without traditional surveillance.
Common methods of entry include “Doorbell Vector” (impersonation of delivery workers or police) and “Honeypot” schemes (fake business meetings or OTC deals).
more than half French The incidents involved family members (spouses, children, or elderly parents) used as leverage.
Alarmingly, authorities in France in late April charged 88 suspects, including more than a dozen minors, on charges ranging from kidnapping to money laundering.
According to CertiK, the main reasons for this lie in Europe’s concentrated crypto ecosystem.
France is home to large companies such as Ledger and. Binanceas well as a culture of voluntary personal information collection and high-profile data breaches.
Leaks from government databases, including tax records, exposing crypto assets were exploited by insiders and sold to criminal networks.
as on chain security Thanks to better protocols and wallets, attackers are rationally turning to physical pressure; the weakest link remaining.
Certificate‘s analysis It paints a rather worrying picture: What started as an end-state threat in 2025 has become a structural risk. until a link between identifiable individuals is established. data and if crypto assets are disrupted, organized groups will continue to view wrench attacks as the most effective route to illicit profits.
