Kidnappings Targeting Bitcoin Holders Increase Amid Exchange Data Breaches
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
On August 9, Alena Vranova, founder of SatoshiLabs, raised concerns over a growing wave of violent crimes targeting Bitcoin and crypto holders. She explained that these incidents include so-called “wrench attacks,” where victims are threatened or harmed until they reveal their private keys.
Data Leak Exposes Identities of 80 Million Bitcoin and Crypto Holders
Speaking at the Baltic Honeybadger 2025 conference in Riga, Latvia, Vranova stated that every week, at least one Bitcoiner is kidnapped, tortured, extorted, and sometimes even killed.
⚠️ “Every week, there is a Bitcoiner… who gets kidnapped, tortured, extorted, and sometimes even worse,” warns #SatoshiLabs founder Alena Vranova on rising wrench attacks! pic.twitter.com/wLHV2PBSc0
— Coinpaper (@coinpapercom) August 11, 2025
This threat is not limited to popular or wealthy investors. Modest Bitcoin and crypto holders are also being targeted.
She detailed that kidnappings have been reported for as little as $6,000 in crypto, with some victims murdered over holdings worth $50,000.
When addressing how criminals identify and locate these Bitcoin and crypto holders, Vranova explained that the problem often stems from data leaks at centralized crypto exchanges and other platforms.
These exchanges collect sensitive personal information through mandatory Know Your Customer (KYC) procedures.
When this data is leaked or hacked, criminals gain access to the identities and even home addresses of millions of crypto users.
According to the SatoshiLabs CEO, over 80 million Bitcoin and crypto holders have had their personal information leaked online, with 2.2 million of those records containing home addresses. This exposure makes it easier for criminals to find and target individuals and their families.
She also noted a strong link between the frequency of attacks and Bitcoin’s price movements. During bull markets, when prices surge, the number of violent attacks tends to rise as well.
Recent cases support Vranova’s warnings.
In May 2025, two men kidnapped a 28-year-old Italian crypto investor and held him captive for 17 days. The victim was reportedly tortured with electrical wires, forced to inhale cocaine, and even threatened with a dangerous fall down a stairwell.
William Duplessie is the second man arrested in kidnapping & torture of an Italian citizen at a townhouse in Nolita when he wouldn’t give up his bitcoin password. First suspect, John Woeltz, is known as the crypto king of Kentucky. Relationship between the 3 is unknown. @1010WINS pic.twitter.com/hb3gaca1mD
— Mack Rosenberg (@MackRosenberg) May 27, 2025
That same month, Didi Taihuttu, known as the “Bitcoin Family” father, changed how he protects his crypto assets. He now encrypts his 24-word seed phrase, divides it into pieces, and stores them across four continents.
Some pieces are secured in blockchain-based storage services, while others are hidden in secret physical locations from Europe to South America. Taihuttu’s approach combines digital and offline methods to create a resilient protection system.
Crypto Professionals and Developers Remain Prime Targets for Fraud Schemes
Crypto fraud is spreading rapidly, with schemes increasingly targeting crypto developers and professionals.
A recent report reveals a malware campaign linked to North Korean hackers. They used a Remote Access Trojan (RAT) to target blockchain and cryptocurrency experts.
These attackers rely heavily on fake job listings to lure victims, impersonating well-known crypto exchanges like Coinbase, Robinhood, and Uniswap to attract remote job seekers in development roles.
The attackers’ goals are clear. They want to steal credentials and infiltrate legitimate crypto firms by inserting fake employees. This gives them access to sensitive data and software infrastructure.
Another report confirmed that the North Korean-linked Lazarus Group tricked numerous Bitcoin and crypto holders working in development into downloading damaging malware.
The method follows a disturbing but familiar pattern. Criminals post convincing fake job listings on platforms like GitHub and freelance sites under company names such as Blocknovas LLC and Softglide LLC.
… and registered 2 of them as legitimate businesses in the United States.
The front companies are: BlockNovas LLC, Angeloper Agency, and SoftGlide LLC pic.twitter.com/Fg8w8hwLyB
— Zach Edwards (@thezedwards) April 24, 2025
To gain trust, they use altered photos that look real. When someone applies, the attackers ask for a short introduction video. While doing this, a fake error message shows up, telling the person to copy and paste a “fix.”
This action unknowingly installs malware that steals data and harvests crypto wallet keys and clipboard information.
