Three men in black masks had jumped on a 34-year-old woman whose father runs Paymium, a French cryptocurrency exchange. Brandishing canisters of mace and what looked like a gun, the masked men attempted to force the woman and her toddler into an idling white van disguised as a delivery truck.

But her husband threw himself between his family and the attackers, while a neighbor hustled away their child. “Let go of me!" the woman yelled as the assailants bludgeoned the husband, his head seen spattered with blood in videos taken from nearby buildings.

With other neighbors closing in, and a shopkeeper readying to throw a fire extinguisher, the would-be abductors jumped in the back of their van and sped off.

The brazen attack was the latest in a wave of violent abductions around the world, including several in the U.S., targeting crypto executives and their families. Victims have been pistol whipped, abducted, and—in two cases—had fingers severed.

The criminals’ goal: millions of dollars in ransom in cryptocurrency.

The assaults are often called “wrench attacks" because they rely on simple tools for inflicting pain to coerce victims, rather than sophisticated tools for hacking them.

Hacking has long been the primary risk for the crypto rich. But to thwart hackers, savvy cryptocurrency investors have increasingly taken their digital wallets offline in favor of physical devices, making remote theft more difficult. Real-world crypto crime bypasses those safeguards.

“A lot of people are getting to the hide-your-gold-under-the-matress level of security," said Jameson Lopp, the co-founder of bitcoin security company Casa. “But if you are a high-profile person…that’s when you have to worry about the physical attack."

Those concerns intensified this week with cryptocurrency exchange that as many as 97,000 customers have had their personal information stolen, including addresses and balance snapshots. The company said the data was likely stolen by bribed contractors or employees working in customer support, and that it had refused a $20 million ransom demand.

Another factor motivating criminals: Cryptocurrencies have surged in value, with bitcoin up 54% in the last year, minting a whole new array of potential deep-pocketed targets.

At least five crypto-related abductions have taken place in France in recent months, and there have been dozens of other recorded cases around the world in the last year, according to government officials and specialists in the sector. An Australian crypto billionaire narrowly escaped abduction in Estonia last July, local media reported, by fighting off attackers posing as painters. And in March a Houston crypto influencer was assaulted before her husband got in a shootout with robbers who invaded their home in the middle of the night demanding her laptop.

Some of the assaults have been clumsy, with the criminals quickly caught. But there are signs that organized-crime rings see major profit potential.

“The criminal element is poking around trying to find out what is the [return on investment] on these wrench attacks," Lopp said.

In September, a Florida man was sentenced to 47 years in prison for leading a ring that carried out a string of home-invasions across multiple states in search of crypto riches. In one of the attacks, the man held a pink revolver to the head of a 76-year-old Durham, N.C. man and threatened to cut off his genitals. The victim eventually transferred $150,000 worth of crypto to the attacker, who was later ordered to pay more than $500,000 in restitution to his victims as part of the sentencing.

On Friday morning, French Interior Minister Bruno Retailleau gathered leaders of crypto companies for a meeting to present new security measures for the sector. Retailleau said Tuesday’s attack appears similar to other recent abductions in France, in which officials say ringleaders recruited young criminals they never met using apps like Telegram and Signal and then “remote controlled" them to execute their plan.

“It’s probable that these cases are linked," Retailleau said in a televised interview.

So far, most of the victims of reported wrench attacks have been tied to prominent names, either known for working in the crypto sector or for flaunting their wealth online.

Killian Desnos, an online gambling influencer under the name Teufeurs—which means “partier" in French—was well-known for his YouTube and Twitch streams when prosecutors say a person posing as an Amazon delivery driver rang his father’s doorbell in a small town in northwestern France in August 2023.

That person and an accomplice forced the father into a vehicle—and soon sent Desnos a ransom-demand video of his father, bound, with a gun to his head. Desnos, who was based in Malta, alerted the police but also paid the ransom, prosecutors said. His father was recovered the following day. Police soon arrested two people, who face kidnapping charges.

“Flexing on the internet wasn’t a good idea—I realize that now," Desnos wrote on X at the time.

A major question now is how criminals are finding their targets in the real world—and what to do about it.

Already, members of the crypto community say they are turning their Instagram profiles private and are trying to remove their physical addresses, and those of their families, from public records. One executive said he is particularly worried because he has a young child. Following Tuesday’s attack, Paymium urged authorities to lessen disclosure obligations that the company argues could put customers at risk in the event of a data leak.

In addition to the Coinbase hack, two data leaks in particular have investigators worried. The first was the July 2020 hack of Ledger, a French crypto-wallet company that makes sleek physical devices that keep the keys to your cryptocurrency offline. In that hack, which accessed Ledger’s marketing database, the names, email and postal addresses of 272,000 customers were eventually dumped online. The second was a breach of risk advisory company Kroll, which gave hackers access to addresses and other personal information belonging to creditors in the bankruptcy proceedings of the cryptocurrency company Genesis.

Data from both of these hacks has been made available in criminal forums, cybersecurity investigators say.

Others point out that a vast amount of personal data has been stolen and dumped in the past decade. In France, in particular, public incorporation records can include entrepreneurs’ home addresses.

Cybercriminals have become adept at figuring out their victim’s home address by cross-referencing databases and even using paid sources of information, said Taylor Monahan, a security researcher at cryptocurrency wallet company MetaMask. This information is often made public in order to threaten and de-anonymize their victims, a form of online attack known as doxxing.

“The younger generation is just very internet savvy and they’re very good at doxxing people," she said.

Some Ledger users have already complained that the hack exposed them to extortion and threats. In early 2021, Naeem Seirafi, a cinematographer based in Los Angeles, started to receive phishing emails and text messages asking him to enter his Ledger account information to verify new deposits, or prevent a bug from wiping out his assets.

Ledger Flex crypto wallets in a vending machine at the bitcoin 2024 conference in Nashville, Tenn.

Next, someone sent him a message asking for a ransom of 0.3 bitcoin, then worth about $10,000, to prevent an attack on his home. “You also happen to keep quite a lot of crypto," the person texted him. “I’m going to share all that information (and more) with local area bad guys in your area."

The threat was carried out, when his home was “swatted" while he was away but his parents were inside. The local police department received a 911 call from a person who claimed he had just shot a friend at Seirafi’s address, according to a police report. Almost a dozen officers swarmed Seirafi’s home. After clearing the property, police confirmed it was a hoax.

Seirafi later joined a class-action lawsuit seeking damages from Ledger that was filed in a district court in California. “To the world of hackers, Ledger’s customer list is a gold mine," their complaint said.

A lawyer representing the class-action claim declined to comment. Ledger has argued to the court that Seirafi wasn’t harmed by the hack because he hadn’t lost any money. A spokesman declined to comment further.

David Balland is one of the co-founders of Ledger. No longer involved directly in the company, he lives with his partner near Vierzon, in central France—where French officials say they were abducted at gunpoint before dawn one Tuesday in January.

French police on a street in Méreau, near Vierzon in central France in January, as they secure the area following the kidnapping of David Balland, a Ledger co-founder.

Within hours, other Ledger co-founders, including Éric Larchevêque, heard from the ringleader demanding ransom of 10 million euros—messages they knew were authentic because of the T-shirt David was wearing, people familiar with the case said. One message included a video of the abductors chopping off one of Balland’s fingers.

Police negotiators sat with Larchevêque while he communicated with the hostage takers. The negotiators tried to stall, authorizing an initial ransom payment of more than a million euros, while investigators scoured for clues to where Balland and his partner were being held.

“It was a race against time," Laure Beccuau, the Paris prosecutor, later said in a televised interview. “It was about liberating these two hostages, it was about saving their lives."

The police eventually tracked the kidnappers to a rental house surrounded by farmland some 40 minutes drive south of where the couple was grabbed. The police raided the house and freed Balland—but his partner wasn’t there.

“We were convinced that they would actually be together. And well, when we realized that they were separated, that was really, really complicated," said Nicolas Bacca, another Ledger co-founder.

Balland’s partner wasn’t found until the next day, in the back of a stolen van an hour and a half north, after another ransom had been paid.

Paris prosecutor Laure Beccuau addresses a press conference after Balland and his partner were kidnapped from their home.

Fortunately, the ringleader had asked to be paid in a dollar-pegged cryptocurrency called tether that is possible to freeze. Since the Ledger team put in place a plan to do that as soon as the hostages were freed, they were able to claw back roughly 80% of the 3 million euro ransom they’d paid, and more in subsequent days, people familiar with the case said.

“We’ve lived through unimaginable violence," Balland said in a social-media post asking for privacy for his family. He temporarily changed his profile description on X to read, “Fingers: 9/10," according to a screenshot from the time.

It’s unclear how the attackers found Balland. His home address wasn’t leaked in the Ledger hack, a person familiar with the breach said.

Prosecutors in April filed preliminary charges against a man who people familiar with the case said was already being held in jail for charges related to the 2023 kidnapping of Desnos’s father, and who allegedly had helped organize Balland’s abduction while incarcerated. Investigators are still probing whether he was working for another boss, one of the people said.

Earlier this month, the father of another Malta-based crypto entrepreneur was abducted while he was walking his dog in Paris. One ransom demand showed the father getting a finger chopped off. Several people were arrested in that attack, all between the ages of 18 and 26, according to prosecutors.

Officials had to wait barely two weeks for another example to study.

On Tuesday, the Paymium CEO’s daughter only escaped by fighting back along with her husband, according to police, who said the gun brandished at the scene turned out to be a toy.

Éric Larchevêque, a co-founder of Ledger, in 2018.

“They’re doing as well as can be expected," Paymium CEO Pierre Noizat said of his daughter and son-in-law, whom he called a hero, in a televised interview on Friday morning. “He has a few stitches."

Noizat and others involved in prior attacks say the crime wave is shaking their faith in France’s ability to control criminal gangs and drug dealers.

Writing on X this week, Ledger’s Larchevêque decried what he called the “Mexicanization" of the country. “How many entrepreneurs, how many talented individuals, are seriously considering leaving a country that no longer protects its people?"