TheBlock
Crypto security firm CertiK documented 34 verified wrench attacks globally in the first four months of 2026, a 41% jump from the same window in 2025, with cumulative victim losses estimated at roughly $101 million. Extrapolated, the firm projects around 130 incidents and several hundred million in losses for the full year — and warns that wrench attacks have become an "established threat vector for cryptocurrency holders."
Why it matters
The structural shift is what makes this report more than a crime tally. CertiK says attackers have moved to a "data-driven targeting" model — buying victims' full names, home addresses and financial profiles from online brokers rather than conducting long physical surveillance runs. Crews are also turning pressure on proxies: in more than half of 2026 incidents, a member of the primary target's family — spouse, child or elderly parent — was either a direct victim or a pressure lever.
Europe dominates the geography, with 28 of the 34 incidents recorded there. France alone has logged 24 assaults in 2025 and is on pace to surpass that in 2026, a concentration CertiK attributes to flagship employers like Ledger and Binance, a thick local pipeline of data leaks, and what the firm calls a "culture of flexing and voluntary doxxing that remains deeply embedded in the community." The U.S. and Asia, by contrast, have seen incidents fall — to three in Q1 2026 from nine in 2025 in the U.S., and to two from 25 in Asia.
Market impact
The operational read is a maturing criminal economy. CertiK describes small ground crews of three to five people, often young and recruited via Telegram or Snapchat, with orchestrators sitting abroad in Morocco, Dubai and Eastern Europe who purchase data lists, commission coordinators, and receive funds before laundering them. Access techniques still lean on the same physical vectors that worked in 2025 — the "Doorbell" approach using delivery personnel or fake police officers, and the "Honeypot" of fictitious business meetings and fake OTC deals.
Frequently asked questions
-
How many crypto wrench attacks has CertiK recorded in 2026?
CertiK documented 34 verified wrench attacks globally in the first four months of 2026, a 41% increase from the same period in 2025. Extrapolated to a full year, the firm projects roughly 130 incidents.
-
How much have victims lost to wrench attacks in 2026 so far?
CertiK estimates approximately $101 million in losses across the first four months of 2026. At that pace, full-year losses would reach several hundred million dollars.
-
What is the "data-driven targeting" model CertiK describes?
It refers to attackers buying victims' full names, home addresses and financial profiles from online data brokers rather than conducting long physical surveillance. Orchestrators purchase data lists, commission coordinators and receive funds before laundering proceeds.
-
Why are family members increasingly targeted in crypto wrench attacks?
CertiK says more than half of 2026 incidents involved a family member of the primary target — spouse, child or elderly parent — either as a direct victim or as a pressure lever to extract cooperation from the target.
-
Which countries are seeing the most wrench attacks in 2026?
Europe accounts for 28 of the 34 verified 2026 incidents. France leads with 24 assaults in 2025 and is on pace to exceed that in 2026, while U.S. Q1 incidents fell to three from nine in 2025 and Asia to two from 25.
WuBlockchain
WatcherGuru
CoinDesk
Crypto Capital Venture
CryptoSlate