France is facing a rise in crypto-related kidnappings, as so-called “key attacks” become more frequent, brazen and violent.
This change was visible this week during the organization of an annual international conference on blockchain and cryptography. A procession of police escorted VIP guests to a dinner at the Palace of Versailles. And security was also notably reinforced at the Carrousel du Louvre, where the conference was held.
The key attacks in France have put the country so much in the international spotlight that government officials took the stage at the conference in Paris to acknowledge their concern about the scale of the problem. They said that this year alone, the country has suffered at least 41 crypto-related kidnappings and home invasions. It’s one every two or three days.
Jean-Didier Berger, Minister Delegate to the Interior Ministry, said a new series of measures was being prepared with Interior Minister Laurent Nuñez to address this growing problem. A prevention platform has already generated thousands of registrations, but authorities say additional measures are needed as incidents continue to rise.
Key attack epicenter
The country has become the epicenter of a global increase in key attacks. In several jurisdictions, attacks against cryptocurrency holders are becoming more frequent and more violent, according to security researchers and law enforcement data.
Globally, the trend is also increasing. In 2025, there were 72 verified incidents of physical coercion worldwide, an increase of 75% from the previous year, according to data from Certik and cryptography researcher Jameson Lopp, which traces 188 attacks since 2014. Many more go unreported, he said. Cases of physical assault increased even faster, by 250% year-on-year.
The term “keystroke attack” refers to the use of physical force to gain access to digital assets. For some attackers, it is easier to coerce someone than to break encryption.
“Every time a key attack is successful, it signals to the world that crypto owners are juicy targets,” Lopp told CoinDesk.
Unlike traditional bank transfers, crypto transactions cannot be reversed. Once a victim authorizes a transfer under duress, funds can be moved quickly between wallets and chains.
Attackers look for weak points
Researchers say the way attackers identify their victims has also changed.
“We’re seeing a shift from ‘find a wallet’ to ‘hunt a person,’” Phil Ariss of TRM Labs told CoinDesk. Rather than looking for technical vulnerabilities, attackers create profiles, he added. They look at social media activity, public appearances and leaked data sets. They follow routines and identify weak points.
“The biggest avoidable mistake is tying real-world identity, location, and routine too closely to visible crypto wealth,” Ariss said.
The problem is exacerbated when attackers receive help from government authorities. In a well-known case, in which a French tax agent sold sensitive data to attackers. The case sparked concerns among security experts that internal leaks and compromised state data were directly fueling key attacks.
The pool of potential victims has expanded, with mid-level incumbents increasingly targeted, sometimes based on limited or indirect signals.
Anyone is a potential victim
Cases now include families, with children targeted alongside crypto-holding parents, making attacks harder to classify by severity.
In January 2025, David Balland, co-founder of Ledger, was kidnapped in France with his partner. During the attack, one of his fingers was cut off and sent to associates as part of a ransom demand. He was rescued after a police operation.
Other cases involve prolonged captivity and torture, such as one in New York, where a crypto investor was detained for more than two weeks. In Canada, a home invasion escalated into simulated drowning and sexual violence as attackers attempted to force access to funds.
Lopp said opportunistic and organized groups were involved, but there were signs of increasing coordination. “We seem to be seeing more organized groups now,” he said.
Ariss of TRM Labs says his team has observed similar patterns, noting that some groups operate with defined roles and pre-planning, including surveillance and in-home tracking tactics.
“It looks less like one-off thefts and more like small kidnapping or theft teams specializing in crypto work,” Ariss said.
Once funds are obtained, attackers tend to move quickly and the crypto assets they obtain are often converted to stablecoins and routed across multiple chains, making recovery more difficult.
France’s role in this trend may reflect a combination of factors, Lopp said, including cases involving personal data leaks and cross-border criminal networks.
Rising prices, bigger loot
More generally, rising asset prices have increased the potential gains from a single attack, while improvements in digital security have reduced the effectiveness of purely technical exploits.
“It’s a lot easier than trying to rob a bank,” Lopp said.
Another issue is visibility: keystroke attacks can be significantly underestimated, as many are reported as standard thefts or home invasions, with no mention of cryptography.
“A large portion of incidents are still recorded as simple thefts,” Ariss said, adding that the cryptographic element is often left out at the time of reporting, which can make it harder for authorities to link cases or identify broader patterns.
The increase in attacks raises questions about the risks associated with self-custody, the fundamental principle of cryptocurrency.
Some security experts point to measures such as multi-signature setups, withdrawal deadlines, and spending limits as ways to reduce risk by limiting access under duress.
“If coercion cannot produce immediate access to the majority of funds, the risk and return change,” Ariss said. Such measures do not eliminate the threat but can reduce the incentive for attackers.
As crypto adoption grows, attacks become more frequent and more severe, turning what was once a niche concern into a broader security risk.
