French Tax Database Turns Crypto Owners Into Hostages
A French tax employee sold crypto investor data to criminals, fueling 41 kidnappings in 2026. The EU's centralized data mandates have created a targeting list that organized crime now exploits across France.
A French tax office employee sold the names, addresses and bank records of cryptocurrency investors to organized crime. The buyers did not need to hack anything. They used the data to break down doors, sever fingers and demand ransoms. By mandating the collection of private financial data under EU directives and failing to protect it, France's government turned state databases into targeting lists for kidnappers.
Ghalia C., 32, a Bobigny tax office employee detained since June 2025, used internal government Mira software to search specifically for cryptocurrency investors. Prosecutors allege she sold their names, home addresses and financial records to criminal networks. She received payments via cash deposits and Western Union transfers. Her search history included queries on billionaire Vincent Bolloré, health inspectors, prison guards and a judge, in addition to crypto specialists.
France has recorded 41 crypto-linked kidnappings in 2026 alone, averaging one every 2.5 days, according to Jean-Didier Berger, Minister Delegate to the Interior Ministry. Specific cases include the Burgundy family abduction on April 13, a magistrate and her 66-year-old mother held for 30 hours in Lyon in February, and the home invasion targeting Binance France's CEO David Prinçay that same month.
The crisis represents 135-plus crypto kidnapping and extortion cases recorded since 2023. French prosecutors have charged 88 suspects across 12 active cases, with 75 in pretrial detention and more than 10 minors among the accused, according to PNACO chief prosecutor Vanessa Perrée. France accounts for approximately 40 percent of Europe's crypto "ransom attacks," the Interior Ministry states.
The structural cause lies in the EU's DAC8 directive, which took effect January 1. The measure mandates crypto exchanges to report full user identities, tax numbers and portfolio balances to tax authorities across the bloc. This creates a centralized database of crypto wealth, exactly the kind of targeting list that criminals now exploit across France.
Human costs mount with each attack. In the Burgundy case, four masked individuals broke into a family home in the Yonne region on April 13. They tied a father to a chair while abducting his partner and 11-year-old child, demanding €400,000 in cryptocurrency ransom. GIGN special forces later freed the hostages after a seven-day transfer delay forced attackers to flee. Ledger co-founder David Balland suffered a severed finger during his January 2025 kidnapping, when criminals demanded €10 million in Bitcoin.
The state's response remains inadequate and belated. As of April 2026, France has charged 88 people with crypto-related kidnapping but secured zero convictions. The Interior Ministry has promised a "protection plan" "in the coming weeks," after 41 kidnappings have already occurred. Berger announced a prevention platform that has attracted thousands of registrations.
International context shows France's crisis reflects a global trend. Seventy-two verified wrench attacks occurred worldwide in 2025, a 75 percent year-over-year increase with confirmed losses exceeding $40.9 million, according to CertiK. Eleven of 14 known physical attacks on crypto holders in 2026 have taken place in France, according to Jameson Lopp's Wrench Attack Tracker.
"We're seeing a shift from 'find a wallet' to 'hunt a person,'" said Phil Ariss, director of UK public sector relations at TRM Labs. "Attackers build profiles from social media, public appearances, and leaked datasets."
Telegram founder Pavel Durov went public this week blaming French tax database leaks for the kidnapping wave. "More data = more victims," Durov posted on X on April 24-25, directly referencing the Ghalia C. case. His warning comes as data breaches multiply: security expert Seb Tombe reports more than 300 French services breached since the start of 2026, with 23 million accounts compromised and 250 million records exposed.
The state's failure to protect data has made citizens vulnerable. As DAC8 spreads across the EU, the same centralized data collection model will apply elsewhere. France's experience demonstrates what happens when the state prioritizes surveillance over security, and leaves taxpayers to pay the price in blood.