A disturbing trend of kidnappings and extortion attempts targeting cryptocurrency firms and their owners is sweeping across France and other European Union nations, prompting urgent calls for increased governmental protection for individuals within the burgeoning digital asset industry. Authorities are increasingly convinced that these brazen attacks are orchestrated by organized criminal groups employing a chilling new tactic: targeting the families of wealthy cryptocurrency investors and business executives.The core tenet of cryptocurrency ownership, “not your keys, not your coins,” which emphasizes individual control over digital assets as a security measure against online theft, has inadvertently created a new vulnerability in the physical world. While storing cryptocurrency in “cold wallets” (offline storage) can safeguard against remote hacking, it exposes holders to the “$$$5 wrench problem” – the threat of physical coercion to surrender private keys and, consequently, their digital fortunes. Now, cryptocurrency industrialists and their families are finding themselves alarmingly susceptible to this very scenario.

Disturbing trend of family kidnappings

The latest incident unfolded in broad daylight in Paris, where a masked gang attempted to abduct the daughter of Pierre Noizat, the CEO of prominent French cryptocurrency firm Paymium, from a public street. This terrifying event marks at least the third such attack in France in recent months, signaling a dangerous escalation. In January, the co-founder of another leading French crypto company, Ledger, and his wife were brutally kidnapped. Then, in May, the father of a crypto company head was snatched. While all victims in these prior incidents were eventually rescued, both kidnapped fathers tragically suffered the amputation of a finger.In the most recent attack, the husband of Pierre Noizat’s daughter bravely fought off the assailants, sustaining a fractured skull in the process, before managing to flee after a quick-thinking shop owner intervened, chasing the attackers away with a fire extinguisher. Reports from Ars Technica indicate that similar attacks have occurred in Belgium and Spain in recent months, suggesting a coordinated effort across multiple European nations. Law enforcement agencies across the continent are actively investigating several of these cases, with growing suspicion that they are linked to sophisticated organized crime networks.In a bid to deter further attacks, investors within the cryptocurrency industry are actively working to raise awareness among criminals about the inherent traceability of most cryptocurrency transactions. While attackers may operate under the misconception that they can coerce victims’ families into transferring digital assets to untraceable wallets, the reality is more complex. Cryptocurrency transactions, even those involving privacy-focused coins, leave a digital trail that can be followed by skilled investigators. Indeed, police forces have successfully tracked and apprehended numerous individuals involved in these recent kidnapping and extortion attempts, demonstrating the limitations of anonymity in the blockchain ecosystem. The industry hopes that highlighting these successful arrests and the inherent risks of cryptocurrency-based extortion will serve as a deterrent.French Interior Minister Bruno Retailleau addressed the growing concerns this week, stating his intention to meet with French cryptocurrency entrepreneurs to discuss and encourage enhanced personal security measures. However, as of yet, there has been no concrete indication of broader governmental action or the provision of dedicated protection beyond these verbal assurances.For individuals holding their own cryptocurrency investments, these events serve as a stark reminder that while safeguarding digital assets offline can mitigate the risk of hacking, it does not eliminate the threat of real-world exploitation. In this evolving landscape of crypto-related crime, discretion and privacy regarding one’s holdings are proving to be increasingly vital. The most prudent strategy, security experts advise, is to maintain a low profile about one’s wealth and potential cryptocurrency holdings, as those unaware of your financial status are less likely to target you for extortion.

A Wellington man has been arrested as part of an FBI investigation into an organised criminal group that stole cryptocurrency valued at US$265 million ($450m).

The cryptocurrency is alleged to have been fraudulently obtained by manipulating seven victims and was subsequently laundered through multiple cryptocurrency platforms, according to police.

This occurred between March and August 2024.

“Over the past three days, search warrants have been executed in Auckland, Wellington, and California with several people arrested, including one in New Zealand. A total of 13 people are facing charges,” police said in a statement.

Coinbase, the largest cryptocurrency exchange based in the U.S., said Thursday that criminals had improperly obtained personal data on the exchange’s customers for use in crypto-stealing scams and were demanding a $20 million payment not to publicly re…

Coinbase, the largest cryptocurrency exchange based in the U.S., said Thursday that criminals had improperly obtained personal data on the exchange’s customers for use in crypto-stealing scams and were demanding a $20 million payment not to publicly release the info.

Coinbase CEO Brian Armstrong said in a social media post that criminals had bribed some of the company’s customer service agents who live outside the U.S. to hand over personal data on customers, like names, dates of birth and partial social security numbers.

“(The stolen data) allows them to conduct social engineering attacks where they can call our customers impersonating Coinbase customer support and try to trick them into sending their funds to the attackers,” Armstrong said.

Social engineering is a popular hacking strategy, as humans tend to be the weakest link in any network. Many large companies have suffered hacks and data breaches as a result of such scams in recent years.

Coinbase did not specify how many customers had their data stolen or fell prey to social engineering scams. But the company did pledge to reimburse any who did.

In a filing with the Securities and Exchange Commission, Coinbase estimated that it would have to spend between $180 million to $400 million “relating to remediation costs and voluntary customer reimbursements relating to this incident.”

The SEC filing said that the company had, “in previous months,” detected some of its customer service agents “accessing data without business need.” Those employees had been fired, and the company said it stepped up its fraud prevention efforts.

Coinbase said it received an email from the attackers on Sunday demanding a ransom of $20 million worth of bitcoin not to publicly release the customer data they had stolen.

Armstrong said the company was refusing to pay the ransom and would instead offer a $20 million bounty for anyone who provided information that led to the attackers’ arrest.

“For these would-be extortionists or anyone seeking to harm Coinbase customers, know that we will prosecute you and bring you to justice,” Armstrong said. “And know you have my answer.”