Crypto Up, Kidnapping Up? — Dissecting Cases from 2022 to 2025
2025 is on track to set a record for violent crimes against persons (VCAP) involving cryptocurrency theft. With May not yet over, at least 27 such incidents (kidnapping, burglary, robbery) have already been publicly reported worldwide. At this pace, the total could exceed 65 cases by year’s end — nearly doubling the previous record of 36 set in 2021, and marking the highest number in the past decade.
Yearly Publicly Reported Cases (2022–2025) of Crimes Against Persons (Kidnapping, Robbery, Burglary) Committed for Cryptocurrency Theft — Data compiled by Nefture based on Jlopp Github reporting.In the past three and a half years, 113 cases have been publicly reported, resulting in over $166 million in losses, the deaths of six victims, and the unspeakable torture of many others.
Those figures are only the very tippy-top of the VCAP iceberg, as they represent only the publicly reported cases — typically because the perpetrators were arrested, the victims were high-profile, or the incident was particularly violent or unusual.
These are the types of cases that make it into the press and are thus recorded by “JLopp”, who maintains a public GitHub database cataloging physical attacks related to cryptocurrency.
Source: Jlopp Github
We analyzed data dating back to 2022 and identified patterns and peculiarities within this multifaceted and malicious industry.
Crypto Market Up, Physical Attacks Up?
A closer look at a GitHub repository quickly reveals that the occurrence of these crimes is intrinsically linked to the state of the crypto market.
If the market is up, physical attacks are up.
A trend confirmed by the GitHub creator, Jameson Lopp, co-founder and Chief Security Officer of Casa, a self-custody solution, in an interview with the CBC.
According to him:
“The rates of these kinds of incidents tend to correlate with the exchange rate of bitcoin. […]As the price goes up, more awareness of the space permeates throughout society, and as a result, more criminally minded people decide they want to try to figure out what the ROI of executing a physical attack against a known crypto holder is.”
For Lopp, violent attacks in crypto theft are also motivated by how convenient they can be for criminals compared to robbing a bank or an armored truck.
When you think about it, “crypto kidnapping” can be considered, from a criminal perspective, as one of the most efficient forms of extortion.
In this method, criminals can demand extremely large sums of money in the form of cryptocurrency, which can be transferred in a matter of minutes with just a few clicks.
This makes the process faster, more discreet, and less physically demanding than traditional kidnapping.
In contrast, traditional kidnappings often involve more logistical challenges. Victims are unlikely to have millions of dollars lying around their homes, meaning family members must be mobilized to acquire the ransom from banks or other sources, adding complexity to the process.
Moreover, the physical delivery of money in more traditional kidnapping settings — or even classical bank wiring — creates more opportunities for law enforcement to track the ransom exchange, increasing the risk for the perpetrators.
On the other hand, with crypto kidnapping, the use of digital currencies allows criminals to bypass these obstacles.
With Bitcoin making headlines worldwide after surpassing $100,000 in value, it’s highly likely that large cryptocurrency holders will face an increased risk of such crimes in 2025 — a trend already evident so far.
One of its latest absurd victims isn’t even human. A crypto ATM was stolen after a truck-ramming raid at a shopping center in Melbourne. Apparently, the digital nature of Bitcoin has eluded the thieves.
Source: The Bitcoin Express
The Rise of Kidnapping as the MO of Choice in VCAP
After collecting data since 2022, we categorized the cases by modus operandi — kidnapping, burglary, and robbery — to identify potential trends.
It quickly became clear that kidnapping has seen a sharp rise over the past few years, increasing from just 7 reported cases in 2022 to 15 in 2024, with 15 cases already recorded by May 2025.
Yearly Typology of Publicly Reported Cases (2022–2025) of Crimes Against Persons — Kidnapping, Robbery, and Burglary — Committed for Cryptocurrency Theft — Data compiled by Nefture, based on Jlopp’s GitHub reporting
Across the many cases we reviewed, we found that in several instances, the perpetrators had prior experience with kidnapping — they simply shifted their focus to crypto holders, likely drawn by both a more straightforward modus operandi and the promise of larger payouts (in theory).
Among 49 documented kidnappings, at least $127.5 million was stolen. However, this figure underrepresents the true total, as the amount taken is often not publicly disclosed.
By comparison — and keeping in mind this same limitation — 40 robberies brought in over $17 million, while 28 burglaries resulted in approximately $21.5 million in stolen assets.
Those kidnapping doesn’t always target the crypto holder themselves, parents, spouses and children are also kidnapped either alongside or on their own.
Those attacks have proven to have a high success rate, even though the amount successfully stolen is often well below the kidnappers’ expectations.
Unfortunately, kidnapping also have a high lethal rate. They are the most lethal VCAP, as they account for 4 deaths, one each year since 2022.
One of the most tragic cases occurred on July 28th, 2024, when a 29-year-old Moroccan Bitcoiner was kidnapped from his apartment, forced to transfer 3 BTC, and then strangled to death before being buried in a forest in Ukraine.
The victims who escaped death shared harrowing accounts of their ordeal. One man, for example, was dragged from his bed and tortured over six days — during which his teeth were pulled out — as his captors tried to extort $5 million from his girlfriend’s wealthy crypto-trader relative.
Another man’s story seems straight out of a B movie, with the victim repeatedly overvictimized over the course of one year.
It began with an armed robbery at his front door in January 2023, followed by a similar attack one month later by another associate from the same gang as the first perpetrator. In October 2023, he was coerced into going to the gang’s hideout, where he was kidnapped and subjected to a horrific reign of terror: drugged, threatened, deliberately burned, beaten with weapons, locked in a cupboard, and bound with cables.
This torture lasted several days until he gave up money. Although he was released, days later the gang returned, kidnapped him again, extorted him, and released him once more.
On November 30th, they picked him up directly from a friend’s home, threw him into a van, and imprisoned him again. This time, however, the police — acting on a tip-off — were able to rescue the victim and finally put an end to his tormentors.
The gang behind this ordeal— Source: GTCVWhat stands out most about the recent rise in kidnappings is that one country — France — has been driving this trend over the past several months.
The Country Musical Chairs of Physical Attacks: France Emerges as the New Front-Runner
Since 2022, there have been significant shifts in the countries where VCAPs occur.
The U.S. has consistently been a prime target, dominating the landscape between 2022 and 2024. Meanwhile, Dubai, the UK, and India — each of which saw a notable share of cases in 2022–2023 — have reported almost no such incidents since 2024.
However, the most interesting recent developments involve Thailand — which we will discuss shortly — and France.
Yearly Publicly Reported Cases (2022–2025) of Crimes Against Persons (Kidnapping, Robbery, Burglary) Committed for Cryptocurrency Theft by Country — Data compiled by Nefture based on Jlopp’s GitHub reporting
While France experienced sporadic physical attacks related to crypto between 2022 and 2024, such incidents surged in the early days of 2025, starting with the kidnapping of a crypto influencer’s father on New Year’s Eve.
Twenty days later, the most high-profile crypto kidnapping yet on the global stage took place when David Balland, a founder of Ledger — a major crypto company — was abducted along with his romantic partner. This launched a days-long manhunt by police involving 230 officers. The abductors demanded a €10 million ransom and sent a video showing Balland’s severed finger to his business partner.
Days later, a French crypto miner was also kidnapped and later rescued. Since then, three additional kidnapping cases have occurred.
The most recent case to date had an even greater social impact in France than the Balland kidnapping, as it happened in broad daylight, involved the target’s daughter, was caught on video, and ended with the woman being saved by passersby.
https://medium.com/media/b0cd03f244064972e73d11438fa2e5b3/href
The true target was Pierre Noizat, a French entrepreneur and one of the pioneers of Bitcoin in France, best known as the founder of the crypto exchange Paymium.
The French crypto community has called for action in response to the rising number of crimes on French soil.
In reaction to the increasing kidnappings targeting crypto entrepreneurs, French Interior Minister Bruno Retailleau has pledged to enhance security measures for those in the crypto industry. These include prioritizing emergency police response and providing security assessments for the homes of at-risk individuals.
As of now, France is the most targeted country for VCAP in 2025, with 6 kidnappings taking place — accounting for nearly one-quarter of VCAP activity this year.
The Russian Gang Problem of Thailand
While France is grappling with a surge in crypto-related kidnappings within its borders, Thailand has also got its share of physical attacks targeting crypto owners.
However, the profiles of both victims and assailants differ between the two countries. In France, both criminals and victims are predominantly French nationals, whereas in Thailand, no Thai nationals have been identified as either targets or perpetrators in VCAP cases reported since 2022.
What quickly jumped out during our analysis of Thailand’s VCAP cases is that they’ve got a Russian gang problem.
Top 5 Countries for Physical Attacks on Individuals Targeted for Cryptocurrency, 2022–2025 — Data Compiled by Nefture Based on Jlopp’s GitHub Reporting
The first Thailand-based VCAP case recorded in the Jlopp database is dated January 15, 2018. Its two victims, a young Russian couple — Maxsim Latsoka and Anna Nikurina — were targeted by a Russian gang posing as Interpol agents, from whom they extorted $110,000.
Between 2022 and 2025, 10 VCAPs were reported in Thailand. Of these, 7 involved Russian perpetrators, usually gangs, who most often targeted other Russian nationals through kidnapping and/or armed robbery.
But how do Russian gangs know to target these crypto-rich compatriots?
In a March 2024 case involving yet another Russian gang and Russian victim, police revealed that the gang tracked the victim by monitoring the activities of Russian Bitcoin investors and their visits to Thailand.
This means that Russian Bitcoin investors effectively have a red target painted on their backs.
It seems unlikely that these gangs simply stake out and wait for an identified Russian victim to arrive in Thailand. Rather, they appear to hunt them down there. For example, in February 2024, a Russian couple was kidnapped by a Russian gang. According to the investigation, while the couple arrived in Thailand in December 2023, the gang arrived in January and launched their criminal operation just days later.
Why choose Thailand? The perpetrators seem to believe that Thai police are ineffective or nonexistent. However, they are mistaken, as the Thai authorities seem to have been relentless in pursuing and apprehending them.
But they may have learned their lesson, the most recent reported VCAP involving a Russian gang occurred in Bali at the end of 2024, rather than in Thailand.
At the same time, since 2024, there has also been a rise in attacks by Chinese gangs targeting Chinese nationals in VCAP incidents — not only outside of China in Vietnam and South Korea, but also within Hong Kong and mainland China.
Nowhere is Safe, No One Is Safe
There is a complete misunderstanding that criminals “wouldn’t dare” to commit certain acts, and that somehow, in some places or around certain people, we are safe.
If criminals are anything, it’s daring.
Nowhere is safe, and no one is safe.
Public places will not save you.
On November 6th, 2024, Dean Skurka, CEO of the Toronto-based crypto firm WonderFi Technologies, endured a terrifying ordeal when he was kidnapped.
WonderFi CEO Dean Skurka. Source: LinkedIn
Forced into a car in downton Toronto during rushhour by multiple individuals, Skurka was told to pay up $1 million for his release. Left with little choice, he wired electronically and was later released in Centennial Park in Etobicoke, thankfully uninjured.
WonderFi CEO Dean Skurka reportedly said in an email that he is “safe” now and that no company funds and data were impacted.
After CBC broke the news, Skurka confirmed the kidnapping, assuring the public that he was safe and that no company funds or data had been stolen.
OTC traders are prime targets in VCAP attacks because they are accustomed to handling large sums of money openly, often in public spaces or upscale hotels, spaces where they feel safe. They often don’t expect that at some point, no deal will actually take place — and instead, they will be robbed in broad daylight while people mill around.
For example, in January 2025, on Jeju Island in South Korea, an OTC trader was swindled out of over $580,000 by fake traders at one of the island’s most luxurious hotels.
Enjoying breakfast at a charming little café with your spouse? Well, six men might suddenly join you for a “discussion” where you’ll be forced to transfer all your assets immediately — or die. That’s exactly what happened to a Russian couple in September 2022.
Walking in the street in the middle of other workgoers? Kidnapped. Just as we have seen recently with the Noizat case.
Trust no one — not even the rich, not even your friends.
If criminals don’t come looking for you, they’ll find a way to make you come to them — and they can be pretty creative about tricking you.
In November 2023, Binance executives in charge of VIP clients were “invited” on a fake business trip to Montenegro. They were flown there, then held hostage and forced to transfer $12.5 million to their kidnappers.
At the end of May 2025, John Woeltz, known as the “Crypto King,” with over $100 million in holdings, was arrested along with his partner on charges of kidnapping, unlawful imprisonment, assault, and torture.
“Crypto King” John Woeltz — Source: New York Post
The victim, an Italian citizen, had arrived in New York on May 6, 2024, only to be entrapped by his business partners, who demanded he hand over his Bitcoin password. We may never know what could have happened to him since he knew the true identity of his torturers — if he hadn’t managed to escape on his own.
Another case of don’t trust your business partner or friend happened in India, where a couple staged a fake robbery in their own home. Their “friend” — crypto-rich from significant Bitcoin investments — was invited over, only to fall into their trap.
The couple, struggling financially, had recruited fake robbers hoping to coerce him into handing over his private keys. He did not. During the investigation, the couple was revealed as the real masterminds behind the robbery, and the “friendship” was irreparably broken.
Speaking of friendship, this UK tourist in Spain thought he was well on his way to welcoming new friends into his life after chatting with a group of fellow UK tourists at his hotel, who quickly invited him to their apartment — a trap disguised as a friendly gesture. Once they discovered he was a crypto broker, these “new friends” seized the opportunity and, without any prior planning, organized his kidnapping purely to cash in.
Fortunately, the victim managed to contact a friend during his captivity and was eventually rescued by the police.
There have been multiple cases of attackers disguising themselves as police officers, but the most intriguing impersonation cases involve fake Uber drivers.
After all, if there’s one person you’re least likely to guard against, it’s your taxi chauffeur.
In May 2025, an American tourist in London named Jacob had a few drinks at a bar and decided to order an Uber. Minutes later, a man calling him by name — “Jacob” — and resembling the assigned driver under dim lighting picked him up.
Tired and a bit buzzed, Jacob didn’t pay much attention when the “Uber” arrived in a dark sedan instead of the Toyota Prius he expected. Unusually, Jacob was seated in the front passenger seat beside his very friendly — and unusually attentive — driver. While chatting, the driver offered him a cigarette, which Jacob accepted.
Unbeknownst to him, the cigarette was spiked. Not long after smoking it, Jacob passed out. He vaguely remembers feeling unusually docile, and ultimately complying when the driver demanded he hand over his unlocked phone “for directions.”
Whether the attackers’ main target was the crypto assets in Jacob’s account or they simply stumbled upon it while rifling through his phone remains unclear. The end result was the same: $123,000 stolen from his crypto accounts.
A few months earlier, an ocean away in the United States, Nuruhussein Hussein was arrested for posing as a fake Uber driver to rob two unsuspecting victims of their crypto holdings.
In both cases — like the one in London — the fake Uber driver somehow knew the victims’ names and called them out after they ordered a ride.
Unlike the London case, Hussein didn’t use drugs to extort his victims. Instead, he came up with excuses to get hold of their phones — claiming his own phone was dead, for example.
Once he had their phones, he quickly transferred their crypto to his own accounts. In total, he stole $223,000 from his victims’ Coinbase accounts.
As previously noted, these crimes have a high success rate — at least for those publicly reported. With Bitcoin recently breaking the $100,000 mark and remaining around that level, kidnappings, robberies, and burglaries targeting individuals for cryptocurrency could see a significant increase in the coming year.
The promise of substantial ransom payouts is not only putting a target on the backs of prominent crypto holders but also on smaller investors.
Large crypto holders have been spooked through and through in recent years — to the point that some have even started taking training to prevent abduction, such as learning how to escape from bindings.
Crypto holders taking Station70 classes to learn how to protect themselves in case of VCAP — Source: Station70 via The New York Post
Anyone who owns cryptocurrency should exercise caution and discretion about their holdings, keeping such information strictly private — unless their profession requires public identification as a crypto holder.
It’s not only wise but essential for crypto owners to adopt strong privacy practices, including limiting what they share online.
About us
Nefture is a Web3 real-time security and risk prevention platform that detects on-chain vulnerabilities and protects digital assets, protocols and asset managers from significant losses or threats.Nefture core services includes Real-Time Transaction Security and a Threat Monitoring Platform that provides accurate exploits detections and fully customized alerts covering hundreds of risk types with a clear expertise in DeFi.Today, Nefture proudly collaborates with leading projects and asset managers, providing them with unparalleled security solutions.Book a demo 🤝
Crypto Up, Kidnapping Up? — Dissecting Cases from 2022 to 2025 was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.