In addition to hacker attacks, cryptocurrency tycoons also face security threats from the real world.
Written by: Sam Schechner, Robert McMillan, Angus Berwick
Translated by: Luffy, Foresight News
A wrench lies on spilled code, symbolizing crypto crime.
Early Tuesday morning, shouts echoed through the narrow streets of a fashionable district in Paris: "Help! Help! Help!"
Three masked men suddenly pounced on a 34-year-old woman, whose father is the head of the French cryptocurrency exchange Paymium. The assailants brandished pepper spray and what appeared to be a firearm, attempting to force the woman and her young child into a white van disguised as a delivery truck.
But the woman's husband immediately stepped between his family and the attackers, while a neighbor hurriedly took the child away. The woman shouted, "Let me go!" The attackers struck her husband with a baton, and video captured by nearby building cameras showed his head covered in blood.
Other neighbors quickly gathered, and a shop owner prepared to throw a fire extinguisher, but the would-be kidnappers fled in a panic after jumping into the back of the van.
This brazen attack is the latest case in a wave of violent kidnappings targeting cryptocurrency executives and their families worldwide. Victims have been beaten with gun stocks, kidnapped, and in two cases, had fingers severed.
The criminals have a clear target: millions of dollars in cryptocurrency ransom.
These types of attacks are often referred to as "wrench attacks," as criminals rely on simple tools to inflict pain to coerce victims, rather than employing complex hacking techniques to steal.
From digital defenses to real-world threats
For a long time, hacker attacks have been the primary risk faced by cryptocurrency tycoons. However, to guard against hackers, savvy investors are increasingly storing their cryptocurrencies in offline physical devices, making remote theft more difficult. Yet, real-world crypto crime bypasses these security measures.
"Many people have reached a level of security where they hide gold under their mattresses," said Jameson Lopp, co-founder of Bitcoin security company Casa. "But if you are a high-profile person… you have to be vigilant against physical attacks."
This week, cryptocurrency exchange Coinbase revealed that personal information of up to 97,000 customers (including addresses and account balance snapshots) was leaked, further heightening these concerns. The company stated that the data may have been stolen by bribed customer service contractors or employees and rejected a $20 million ransom demand.
Another factor fueling crime is the skyrocketing value of cryptocurrencies, with Bitcoin rising 54% in the past year, creating a large pool of potential high-net-worth targets.
According to government officials and industry experts, there have been at least five cryptocurrency-related kidnappings in France in recent months, with dozens of similar cases recorded globally in the past year. Local media reported that in July last year, an Australian cryptocurrency billionaire narrowly escaped kidnapping in Estonia, fighting off attackers disguised as painters. In March of this year, a cryptocurrency influencer in Houston was attacked at home, and her husband engaged in a gunfight with intruders demanding her laptop late at night.
Some of the attacks were clumsy, and the criminals were quickly apprehended, but there are signs that organized crime groups have recognized the significant profit potential.
"Criminals are testing the waters to see what the return on investment for 'wrench attacks' is," Lopp said.
In September last year, a Florida man was sentenced to 47 years in prison for leading a gang that committed interstate home invasions to steal cryptocurrency. In one of the attacks, he held a pink revolver to the head of a 76-year-old man in Durham, North Carolina, threatening to cut off his genitals. The victim ultimately transferred $150,000 in cryptocurrency to the attackers, and the man was later ordered to pay the victim over $500,000 in restitution.
On Friday morning, French Interior Minister Bruno Retailleau convened executives from cryptocurrency companies to discuss new security measures for the industry. Retailleau stated that Tuesday's attack was similar to other recent kidnappings in France, with officials saying the mastermind recruited young criminals they had never met through apps like Telegram and Signal, then "remotely controlled" the execution of the plan.
"These cases are likely connected," Retailleau said in a television interview.
The cost of flaunting wealth online
So far, reported victims of "wrench attacks" are mostly associated with industry celebrities, either known for their involvement in the cryptocurrency sector or for drawing attention by flaunting their wealth online.
Killian Desnos, an online gambling influencer known as Teufeurs, gained fame through YouTube and Twitch live streams. Prosecutors stated that in August 2023, a person disguised as an Amazon delivery driver rang the doorbell of his father’s home in a small town in northwestern France.
This individual, along with an accomplice, forcibly dragged Desnos's father into a car and quickly sent Desnos a ransom video: his father was bound, with a gun pointed at his head. Prosecutors said Desnos was living in Malta at the time, and while he called the police, he also paid the ransom. The next day, his father was rescued, and police quickly arrested two suspects.
"Now I realize that flaunting wealth online is not a good thing," Desnos wrote on the X platform at the time.
A key question now is how criminals identify targets in the real world and how to respond.
Members of the cryptocurrency community have stated that they have set their Instagram profiles to private and are trying to remove their and their families' addresses from public records. One executive expressed particular concern for his young children. After the Tuesday attack, Paymium called on authorities to ease disclosure obligations, stating that data leaks could put customers at risk.
In addition to Coinbase's data breach, there are two other leaks that have raised concerns among investigators: the first occurred in July 2020 when French cryptocurrency wallet company Ledger was hacked, resulting in the leak of names, emails, and mailing addresses of 272,000 customers online. The second involved risk consulting firm Kroll, which was breached, allowing hackers to obtain addresses and other personal information of creditors in the bankruptcy proceedings of cryptocurrency company Genesis.
Cybersecurity investigators stated that the data from these two hacks has circulated on criminal forums.
Others pointed out that a large amount of personal data has been stolen and leaked over the past decade. In France, publicly available company registration records may contain entrepreneurs' home addresses.
Taylor Monahan, a security researcher at cryptocurrency wallet company MetaMask, stated that cybercriminals excel at identifying victims' addresses by cross-referencing databases or even purchasing information. This information is often publicly used to threaten and expose victims' identities, a type of cyber attack known as "doxxing."
"The younger generation is very tech-savvy and skilled at doxxing," she said.
Some Ledger users have already complained that the data breach has exposed them to extortion and threats. In early 2021, Los Angeles filmmaker Naeem Seirafi began receiving phishing emails and texts asking him to enter his Ledger account information to verify new deposits or prevent assets from being lost due to "vulnerabilities."
Subsequently, someone sent him a message demanding a ransom of 0.3 Bitcoin (then worth about $10,000), threatening to attack his family otherwise. "You hold a lot of cryptocurrency," the sender said in the text, "I will share this information with the bad people in your area."
The threat came true: while Seirafi was out, his parents experienced a "virtual alarm" at home. Local police received a 911 call reporting that someone had been shot at Seirafi's home. According to police reports, nearly ten officers raided his residence, confirming afterward that it was a hoax.
Seirafi later joined a class-action lawsuit against Ledger in a California district court, seeking damages. The lawsuit stated: "For hackers, Ledger's customer list is a goldmine."
The attorney representing the class action declined to comment. Ledger argued in court that Seirafi did not suffer losses due to the data breach because he did not lose any funds. A company spokesperson declined to comment further.
"Fingers: 9/10"
David Balland is one of the co-founders of Ledger and is no longer directly involved in the company's affairs. In January of this year, on a Tuesday morning, he and his partner were kidnapped at gunpoint at their home near Vierzon in central France, according to French officials.
In January 2023, French police cordoned off the scene near Mereau Street in Vierzon after the kidnapping incident.
Hours later, other co-founders of Ledger (including Eric Larchevêque) received ransom messages from the mastermind, demanding a payment of 10 million euros. Insiders indicated that they determined the authenticity of the messages based on a T-shirt David was wearing, one of which contained a video of the attacker cutting off Balland's finger.
Police negotiators communicated with Larchevêque and the kidnappers, trying to buy time while approving an initial payment of over 1 million euros in ransom, as investigators searched for the location where Balland and his partner were being held.
"This was a race against time," Paris prosecutor Laure Beccuau later said in a television interview, "We needed to rescue two hostages and save their lives."
Police ultimately tracked the kidnappers to a rental house located next to a farmland, about a 40-minute drive south of where the two were abducted. Police raided the house and rescued Balland, but his partner was not there.
"We initially thought they would be held together, and when we discovered they were separated, the situation became very tricky," said Nicolas Bacca, another co-founder of Ledger.
It wasn't until the next day that Balland's partner was found in a stolen van: the vehicle was located an hour and a half away to the north, at which point another ransom had already been paid.
Paris prosecutor Laure Beccuau held a press conference after Balland and his partner were kidnapped.
Fortunately, the mastermind demanded the ransom be paid in the cryptocurrency USDT, which is pegged to the dollar and can be frozen. The Ledger team immediately initiated a freezing plan after the hostages were released, and sources revealed that they successfully recovered about 80% of the 3 million euros ransom that had been paid, with more being recovered in the following days.
"We experienced unimaginable violence," Balland posted on social media, requesting privacy for his family. According to screenshots from that time, he temporarily changed his profile description on the X platform to: "Fingers: 9/10."
It remains unclear how the attackers found Balland's address. Sources stated that his home address was not exposed in the Ledger data breach.
In April of this year, prosecutors filed preliminary charges against a man. Sources indicated that this individual had been imprisoned on related charges for the 2023 kidnapping of Desnos's father and allegedly assisted in planning Balland's kidnapping while in prison. Investigators are still tracing whether he was hired by other masterminds.
Earlier this month, the father of another cryptocurrency entrepreneur from Malta was kidnapped while walking his dog in Paris, with a ransom video showing the elderly man having a finger severed. According to prosecutors, several individuals aged between 18 and 26 were arrested in connection with the attack.
Just less than half a month later, another typical case occurred.
On Tuesday, the daughter of Paymium's CEO successfully escaped with the help of her husband after a fierce struggle. Police stated that the "firearm" at the scene was actually a toy.
Eric Larchevêque, co-founder of Ledger, 2018
Source: Bloomberg
"They are doing well at the moment," Paymium CEO Pierre Noizat said in a television interview last Friday, referring to his daughter and son-in-law, whom he called a "hero" for "stitching up a few wounds."
Noizat and other victims of the attacks expressed that this wave of crime is shaking their confidence in France's ability to control criminal gangs and drug dealers.
Ledger co-founder Larchevêque condemned on the X platform this week that France is heading towards "Mexicanization." "How many entrepreneurs, how many talents are seriously considering leaving this country that no longer protects its people?"
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
