The new bounty hunting: why crypto investor kidnappings are rising

The risk of violent attacks and kidnappings has become a persistent threat for cryptocurrency holders. New data confirms this trend. GetBlock AML Research examines how crypto investor kidnappings are carried out and what people can do to improve their personal security.

The trend first gained attention about a year ago following the major Coinbase customer data breach. At the time, we took a detailed look at the incident and its consequences for the industry.

A wave of kidnappings and a trend for bodyguards: the aftermath of the Coinbase leak

In May 2025 alone, nine crypto investors have fallen victim to kidnappers. The kidnappings took place all over the world

Читать дальше

2026 Numbers: The Situation Is Getting Worse

Between January and April 2026, 34 confirmed cases of crypto-related attacks were recorded worldwide. During the same period in 2025, there were 24 incidents — a 41% increase year-over-year.

Monthly figures show the following pattern:

• January: 13 attacks vs. 9 a year earlier
• February: 5 vs. 6
• March: 10 vs. 7
• April: 5 vs. 2

The temporary decline in February is largely attributed to major law enforcement operations carried out across Europe at the end of January. However, attacks surged again in March.

Total losses across all incidents — including failed kidnappings, paid ransoms, frozen assets, and recovered funds — are estimated at roughly $101 million in just four months.

If the current trend continues, the number of attacks could reach around 130 cases by the end of 2026, with total losses climbing into the hundreds of millions of dollars.

Europe Has Become the New Epicenter

The biggest shift is geographical. While 2025 already showed a gradual move in criminal activity away from Asia and North America toward Europe, the first four months of 2026 revealed a clear European concentration.

Out of 34 recorded cases, 28 occurred in Europe — accounting for 82% of all global incidents. For comparison, Europe represented just 39.5% of attacks throughout 2025.

Meanwhile, attacks declined in other regions:

• North America: from 9 cases to 3
• Asia: from 25 to 2
• Middle East: from 2 to 1

France stands out in particular. The country recorded 24 publicly known cases during the first months of 2026 alone. During the same period last year, there were only four cases, while the entirety of 2025 saw 20 incidents. Similar attacks were also reported in the UK, US, Belgium, Hong Kong, the Philippines, Spain, and Turkey.

Why France Became the Global Epicenter

At Paris Blockchain Week 2026, France’s Ministry of the Interior officially acknowledged that 41 attacks involving physical violence against people connected to cryptocurrency had taken place since the beginning of the year — roughly one attack every 2.5 days.

French scammers steal $1 million in Bitcoin from married couple

The incident is part of a growing wave of attacks targeting cryptocurrency holders.

Читать дальше

There are several reasons behind this concentration.

First, France is home to major crypto companies and many high-profile industry figures.

Second, parts of the crypto community still embrace a culture of displaying wealth and sharing personal information publicly. Many digital asset holders voluntarily reveal details about themselves through social media, interviews, or public events.

Third, France has experienced repeated leaks of sensitive data. The country has long been considered particularly vulnerable to data breaches involving both government agencies and private companies.

One of the most notable examples involved a French tax authority employee identified as Galia S. Investigators believe she used government tax software to search for information on crypto holders before allegedly selling the data to criminal groups.

In January 2026, crypto accounting company Waltio also warned customers about a data leak. Several sources later linked similar breaches to the kidnapping wave that emerged in France this year.

The Most High-Profile Cases of 2026

Three incidents stand out in particular.

Yong Wang (Istanbul, Turkey — January 2026)

Yong Wang, a 38-year-old Chinese entrepreneur, disappeared on January 24 after arriving in Istanbul. His body was later discovered buried vertically in a shallow grave in the Arnavutköy district.

Investigators concluded that the motive was revenge tied to an earlier cryptocurrency-related conflict. Before the killing, attackers gained access to his digital wallets.

Following an Interpol Red Notice, ten suspects — including one woman — were arrested in China. The case is considered the first confirmed crypto-related murder of 2026.

Nancy Guthrie (United States — January 2026)

Nancy Guthrie, the 84-year-old mother of journalist Savannah Guthrie, was kidnapped in a ransom scheme demanding $6 million in Bitcoin.

The case highlights another growing trend: criminals increasingly target family members rather than crypto holders themselves in order to apply psychological pressure.

Sillytuna (United Kingdom — March 2026)

A well-known crypto community member and independent game developer known as “Sillytuna” was forced to hand over approximately $24 million in digital assets, primarily aEthUSDC.

Attackers used weapons and threatened the victim with kidnapping and sexual violence. According to the victim, four assailants were involved. The stolen assets were rapidly moved across multiple blockchains before being converted into Monero, a privacy-focused cryptocurrency.

Who Is Carrying Out These Attacks?

At the operational level, attacks are typically conducted by small groups of three to five people. Most are men between the ages of 16 and 50, often from disadvantaged urban areas.

In many cases, they are recruited through Telegram, Snapchat, and other messaging apps for a few thousand dollars. Members of the same crew often do not know each other and may have little serious criminal experience.

On April 25, 2026, France’s PNACO unit announced charges against 88 suspects across 12 criminal cases. More than ten suspects were minors, while 75 individuals were placed in pretrial detention.

Charges include kidnapping, unlawful detention, extortion, and money laundering as part of organized criminal groups.

The growing number of minors involved may indicate that organizers are deliberately recruiting people who face lighter criminal penalties.

Judge kidnapped in France for cryptocurrency ransom

Experts warn of a growing wave of organized crypto-related extortion schemes.

Читать дальше

The Organizers

The organizers behind these schemes are often located outside the country where the attack takes place — including Morocco, Dubai, and Eastern European countries. They buy leaked databases, recruit coordinators, receive stolen funds, and help launder the proceeds afterward.

How Criminal Methods Are Changing

Early 2026 marked a transition toward what could be described as “data-driven hunting.” In the past, criminals often had to physically monitor victims. Today, that is frequently unnecessary. A full name, home address, financial information, and proof of crypto ownership are often enough.

The methods used to approach victims have changed little since 2025. Fake couriers, impersonated police officers, and other believable cover stories remain common ways to gain access to victims’ homes.

Criminals also continue to use fake business meetings or OTC trading offers as traps. But the most notable trend is the systematic targeting of relatives. In more than half of all cases, victims were family members — spouses, children, or elderly parents.

The Threat From Inside Government Systems

The DGFiP leak demonstrated that even a mid-level employee could access sensitive tax information — including home addresses, asset records, and crypto transaction histories — without triggering automated alerts.

French authorities are now investigating possible additional leaks within the tax system and other institutions handling sensitive data, including state-owned banks and social services.

Some cybercriminal groups are actively seeking insiders with access to such databases.

This creates a systemic risk. As Europe expands oversight of cryptocurrency activity, government databases are storing increasing amounts of sensitive information about digital asset holders. That makes these systems an increasingly attractive target for organized crime.

A New Reality

The first four months of 2026 did more than confirm an existing trend — the situation has clearly worsened.

The key takeaway is that as cryptocurrency platforms and digital wallets become more secure, criminals are increasingly shifting their focus toward people themselves.

As long as crypto ownership remains tied to identifiable financial data, physical violence and coercion will remain among the most effective tools criminals use to steal money.