Saint-Martin-le-Vinoux, February 5, 2026. Four masked men break into the home of a 35-year-old magistrate. They’re not looking for her: they’re looking for her husband, CEO of a crypto startup. She and her 66-year-old mother are kidnapped, tied up, and held prisoner for 30 hours in a garage in the Drôme region. The kidnappers demand one million euros in bitcoin. The two women manage to free themselves only thanks to the intervention of a neighbor, alerted by their screams. Six arrests.

A week earlier, in Voiron, a 74-year-old retiree is grabbed off the street and mutilated: the criminals cut off his hand to extort three million euros from his son, suspected of working in the blockchain sector. Three arrests.

On February 12, three armed men attempt to break into the home of David Prinçay, CEO of Binance France. They get the wrong apartment, assault other residents, and flee with two phones. They will be arrested in Lyon a few hours later.

These are not isolated cases. They are the latest chapters in an escalation that has made France the world capital of crypto-related kidnappings.

According to the database maintained by Jameson Lopp, researcher and Chief Security Officer at Casa, approximately 70 “wrench attacks” were documented in 2025. A 75% increase from the 41 cases in 2024. CertiK, a blockchain analysis firm, confirms: 72 verified incidents, 25 kidnappings, 3 murders, over $40 million in losses.

Europe accounts for nearly 40% of global attacks. France alone recorded 19 in 2025 - more than double the United States. In 2026, by mid-February, 11 of the 14 documented wrench attacks worldwide occurred on French territory.

Lopp’s data reveals a taxonomy of terror: 25% of attacks are home invasions, 23% are kidnappings. Two-thirds succeed. 51% are classified as “severe” - armed robbery or kidnapping - 21% as “extreme,” involving torture. 5% end with the victim’s death.

There is one case, among all others, that reveals the true nature of the problem. It doesn’t involve a famous entrepreneur or an influencer. It involves a 32-year-old tax official, employed at the tax office in Bobigny, in the Parisian suburbs.

Ghalia C. was arrested on June 30, 2025, and charged with complicity in assault on a public official and criminal conspiracy. Investigations revealed that, for months, she had been using the tax software “Mira” to search for information on crypto investors, extracting addresses, declared assets, capital gains. She sold the data to organized criminal groups for approximately 800 euros per operation.

In January 2026, her request for release was denied. The prosecutor was clear: “This woman abused her position in a completely anomalous way to serve a hardened criminal. Her place is in prison.”

But Ghalia C. is not an isolated case. She is a symptom. French authorities are investigating whether other tax officials have been compromised by the same criminal network.

The point is simple: declaring bitcoin to the tax authorities means handing over to the State - and potentially to criminals - proof that you own easily transferable assets, difficult to recover, and that the holder can be reached at a precise address.

In January 2026, another piece was added to the mosaic. Waltio, a French platform used by 150,000 users to calculate cryptocurrency taxes, suffered a cyberattack. The hacker group Shiny Hunters stole data from approximately 50,000 clients - emails, 2024 tax reports, gains, losses, year-end balances - and attempted to extort a ransom.

Waltio exists because European regulations require citizens to declare their crypto assets. Its users are neither rich nor famous. They are ordinary people who followed the law. Now their data is potentially in the hands of criminals.

Waltio’s CEO admitted that the main risk is social engineering: “Some attackers could use contextual elements - such as the existence of a tax report or aggregated information - to appear credible.” Translation: the stolen information can be used for targeted scams or, worse, to identify physical targets.

Add to this the fact that on January 1, 2026, the DAC8 directive came into force. All Crypto-Asset Service Providers operating in the European Union are now required to collect and transmit detailed data on their users to national tax authorities: full identity, tax identification number, portfolio value, transaction amounts.

This data will be automatically exchanged between member states by September 2027. The stated objective is to combat tax evasion. The practical effect is the creation of a centralized database of cryptocurrency holders - with name, surname, address, and wealth - accessible to thousands of officials in 27 countries.

To this is added the Travel Rule, FATF Recommendation 16, which requires VASPs to share sender and recipient data for every transfer exceeding 1,000 euros. In the European Union, there is no threshold: data must be transmitted for any amount.

The infrastructure is already complete. Every exchange, every custodial wallet, every tax reporting platform becomes a potential vulnerability point. A corrupt employee, a cyberattack, a security flaw: and the data of thousands of citizens ends up in the wrong hands.

The French case demonstrates that these are not theoretical hypotheses. It has already happened and will happen again.

The French government’s response was, in its own way, revealing. In May 2025, after yet another kidnapping, Interior Minister Bruno Retailleau met with crypto industry entrepreneurs and announced extraordinary measures: priority access to police emergency lines, security briefings from elite units, home inspections, specialized training for law enforcement.

In other words: the State that imposes total financial surveillance on citizens then offers special protection to those who suffer its consequences. But only if you’re rich or important enough to deserve it. For Waltio’s 50,000 users, for those who simply declared a few thousand euros in bitcoin, there is no priority line. There is only exposure.

There’s a phrase that has circulated in cypherpunk circles for years: “KYC is the illicit activity.”

Know Your Customer - the requirement for financial institutions to identify their clients - is presented as a tool for fighting crime. But in practice, it creates exactly the infrastructure that criminals need: centralized databases of people with digital assets, complete with personal information and addresses.

When Know Your Customer becomes Kill Your Customer, perhaps institutions should start asking themselves some questions.

Leave a comment