In addition to hacking, crypto millionaires also face security threats from the real world.
Written by: Sam Schechner, Robert McMillan, Angus Berwick
Compiled by: Luffy, Foresight News
A wrench lies on spilled code, symbolizing crypto crime
Early Tuesday morning, cries of 'Help! Help! Help!' echoed down a narrow street in a fashionable district of Paris.
Three masked men suddenly pounced on a 34-year-old woman whose father is the head of the French cryptocurrency exchange Paymium. The assailants brandished a can of pepper spray and an object resembling a gun, attempting to force the woman and her young child into a white van disguised as a delivery truck.
But the woman's husband immediately stepped between the family and the attackers, while a neighbor rushed to take the child away. The woman shouted, 'Let me go!' The attackers struck her husband with a stick, and video footage from nearby buildings showed blood on his head.
Other neighbors soon gathered around, and a shop owner prepared to throw a fire extinguisher as the thwarted kidnapper jumped into the back of the van and fled in a hurry.
This brazen attack is the latest case in a wave of violent kidnappings targeting cryptocurrency executives and their families worldwide. Victims have been beaten with gunstocks and kidnapped; in two cases, individuals even had fingers cut off.
The criminals had a clear target: millions of dollars in cryptocurrency ransom.
Such attacks are commonly referred to as 'wrench attacks' because criminals rely on simple tools to inflict pain to coerce victims rather than employing complex hacking techniques to carry out theft.
From digital defense to real-world threats
For a long time, hacking has been a major risk faced by wealthy cryptocurrency individuals. However, to guard against hackers, savvy investors are increasingly storing cryptocurrency in offline physical devices, making remote theft more difficult. However, real-world crypto crime bypasses these security measures.
'Many people have reached a level of safety where they hide gold under their mattresses,' said Jameson Lopp, co-founder of Bitcoin security company Casa, 'but if you are a high-profile person... you have to be vigilant against physical attacks.'
This week, cryptocurrency exchange Coinbase disclosed that personal information of up to 97,000 customers (including addresses and account balance snapshots) had been leaked, further exacerbating these concerns. The company stated that the data may have been stolen by bribed customer service contractors or employees and rejected a $20 million ransom demand.
Another factor fueling crime is the skyrocketing value of cryptocurrency, with Bitcoin rising 54% in the past year, creating a large pool of potential high-net-worth targets.
According to government officials and industry experts, there have been at least five cryptocurrency-related kidnappings in France in recent months, with dozens of similar cases recorded globally in the past year. Local media reported that in July last year, an Australian cryptocurrency billionaire narrowly escaped kidnapping in Estonia, fighting off attackers disguised as painters. In March this year, a cryptocurrency influencer in Houston was attacked at home, resulting in a gunfight between her husband and an intruder demanding her laptop late at night.
Some attacks were clumsy, and the criminals were quickly caught, but there are signs that organized crime groups have seen significant profit potential.
'Criminals are testing to see what the return on investment for a 'wrench attack' is,' Lopp said.
In September last year, a Florida man was sentenced to 47 years in prison for leading a gang that carried out interstate home invasions to steal cryptocurrency. In one of the attacks, he held a pink revolver to the head of a 76-year-old man in Durham, North Carolina, threatening to cut off his genitals. The victim eventually transferred $150,000 worth of cryptocurrency to the attacker, who was later ordered to pay the victim over $500,000 in restitution.
On Friday morning, French Interior Minister Bruno Retailleau convened executives from cryptocurrency companies to discuss new security measures for the industry. Retailleau stated that Tuesday's attack was similar to other recent kidnappings in France, and officials said the masterminds recruited previously unknown young criminals through applications like Telegram and Signal, then 'remotely controlled' the implementation of the plan.
'These cases are likely related,' Retailleau said in a television interview.
The cost of flaunting wealth online
So far, most reported 'wrench attack' victims have been associated with industry celebrities, either due to their notoriety in the cryptocurrency industry or for flaunting their wealth online.
Killian Desnos is an online gambling influencer known by the nickname Teufeurs, widely recognized through YouTube and Twitch livestreaming. Prosecutors said that in August 2023, a person disguised as an Amazon delivery person rang the doorbell at his father's house in a small town in northwestern France.
This individual and an accomplice forcibly dragged Desnos' father into a car and quickly sent Desnos a ransom video: his father was bound, with a gun to his head. Prosecutors said Desnos was living in Malta at the time, and while he reported it to the police, he also paid the ransom. The next day, his father was rescued, and police quickly arrested two suspects.
'Now I realize that flaunting wealth online is not a good thing,' Desnos wrote at the time on the X platform.
A key question today is how criminals lock onto targets in real life and how to respond.
Members of the cryptocurrency community have stated that they have set their Instagram profiles to private and are attempting to remove their and their families' addresses from public records. One executive expressed particular concern for his young children. Following the attack on Tuesday, Paymium called on authorities to ease disclosure obligations, stating that the data leak could put customers at risk.
In addition to the data leak incident involving Coinbase, there are two other leaks that have raised concerns among investigators: the first occurred in July 2020 when the French cryptocurrency wallet company Ledger was hacked, and the company produces physical devices for offline storage of cryptocurrency keys. Hackers accessed Ledger's database, leading to the leak of names, emails, and mailing addresses of 272,000 customers online. The second incident involved a breach at risk consulting firm Kroll, where hackers obtained the addresses and other personal information of creditors in the bankruptcy proceedings of cryptocurrency company Genesis.
Cybersecurity investigators say that data from these two hacks has circulated on criminal forums.
Others pointed out that a large amount of personal data has been stolen and leaked over the past decade. In France, public company registration records may include entrepreneurs' home addresses.
MetaMask security researcher Taylor Monahan stated that cybercriminals are adept at identifying victims' addresses through cross-referencing databases or even purchasing information. This information is often publicly used for threats and to expose victims' identities, a cyberattack known as 'doxxing.'
'The younger generation is very proficient in the internet and skilled at doxxing,' she said.
Some Ledger users have already complained that data leaks have put them at risk of extortion and threats. In early 2021, Los Angeles cinematographer Naeem Seirafi began receiving phishing emails and texts asking him to enter his Ledger account information to verify new deposits or prevent assets from being lost due to 'vulnerabilities.'
Subsequently, someone sent him a message demanding a ransom of 0.3 Bitcoin (worth about $10,000 at the time), threatening to attack his family otherwise. 'You hold a large amount of cryptocurrency,' the sender said in a text message, 'I will share this information with the bad people in your area.'
The threat became reality: while Seirafi was out, his parents experienced a 'virtual alarm' at home. Local police received a 911 call stating that someone had been shot at Seirafi's home. According to police reports, nearly ten officers raided his residence and confirmed it was a prank after the search.
Seirafi later joined the class action lawsuit against Ledger filed in a California district court, seeking damages. The lawsuit stated, 'For hackers, Ledger's customer list is a gold mine.'
The lawyer representing the class action declined to comment. Ledger argued in court that Seirafi did not suffer losses due to the data leak, as he did not lose any funds. A company spokesperson declined to comment further.
'Fingers: 9/10'
David Balland is one of the co-founders of Ledger and is no longer directly involved in company affairs. In the early hours of a Tuesday in January this year, he and his partner were kidnapped at gunpoint from their home near Vierzon, central France, officials said.
In January 2023, French police blocked off the scene on Mereau Street near Vierzon, France, after a kidnapping incident.
Hours later, other co-founders of Ledger (including Eric Larchevêque) received ransom messages from the mastermind demanding payment of 10 million euros. Sources say they determined the information was credible based on the T-shirt David was wearing, one of the messages included a video of the attacker cutting off one of Balland's fingers.
Police negotiators communicated with Larchevêque alongside the kidnappers, trying to buy time and approve initial payments of over 1 million euros in ransom while investigators searched for Balland and his partner's location.
'This is a race against time,' Paris prosecutor Laure Beccuau later said in a television interview, 'We want to rescue the two hostages and save their lives.'
Police eventually tracked the kidnappers to a rental house located next to a field, about a 40-minute drive south of the location where the two were kidnapped. Police raided the house and rescued Balland, but his partner was not there.
'We thought they would be held together, and when we found out they were separated, the situation became very tricky,' said Nicolas Bacca, another co-founder of Ledger.
It wasn't until the next day that Balland's partner was found in a stolen van: the vehicle was located an hour and a half drive away in the north, at which point another ransom had already been paid.
Paris prosecutor Laure Beccuau held a press conference after Balland and his partner were kidnapped.
Fortunately, the mastermind requested the ransom to be paid in the cryptocurrency USDT, which is pegged to the dollar and can be frozen. The Ledger team immediately initiated a freezing plan after the hostages were released, and it is reported that they successfully recovered about 80% of the 3 million euros ransom that had been paid, with more being recovered in the following days.
'We experienced unimaginable violence,' Balland posted on social media, requesting privacy for his family. According to screenshots at the time, he temporarily changed his X platform profile description to: 'Fingers: 9/10.'
It is still unclear how the attackers found Balland's address. Sources say his home address was not exposed in the Ledger data leak incident.
In April this year, prosecutors filed preliminary charges against a man. Sources say this individual has been imprisoned for charges related to the 2023 kidnapping of Desnos' father, allegedly assisting in the planning of Balland's kidnapping while in prison. Investigators are still looking into whether he was hired by other masterminds.
Earlier this month, the father of another Maltese cryptocurrency entrepreneur was kidnapped while walking his dog in Paris, and a ransom video showed the elderly man with a finger cut off. According to prosecutors, several people have been arrested in connection with the attack, all aged between 18 and 26.
Just less than half a month later, another typical case occurred.
On Tuesday, the CEO of Paymium's daughter fought back with help from her husband and successfully escaped. Police stated that the 'firearm' at the scene was actually a toy.
Eric Larchevêque, co-founder of Ledger, in 2018. Source: Bloomberg
'They are doing well at the moment,' Paymium CEO Pierre Noizat said last Friday in a television interview when discussing his daughter and son-in-law, whom he referred to as a 'hero,' 'he stitched up a few stitches.'
Noizat and other attack victims stated that this wave of crime is shaking their confidence in France's ability to control criminal gangs and drug dealers.
Ledger co-founder Larchevêque condemned on the X platform this week that France is heading towards 'Mexicanization.' 'How many entrepreneurs, how many talents are seriously considering leaving this country that no longer protects its people?'
