Authorities in France have charged 25 individuals, including six minors, in connection with a series of attempted kidnappings aimed at cryptocurrency executives and their families—part of a broader wave of physical threats now facing the digital asset sector.
That development comes as the global crypto industry recorded a sharp decline in losses from digital hacks during May, with a single $223 million breach on decentralized exchange Cetus accounting for the vast majority of thefts.
Crypto Crime Wave Hits France as 25 Charged Over String of Kidnapping Attempts
French prosecutors have charged 25 individuals, six of them minors, in connection with a wave of attempted kidnappings targeting cryptocurrency entrepreneurs and their families, marking one of the most alarming crackdowns yet on crypto-related crime in Europe.
The charges stem from multiple coordinated plots to abduct prominent figures in France’s digital asset sector, according to a May 31 statement by the Paris public prosecutor’s office. The group, aged between 16 and 23, faces serious charges including attempted kidnapping, assault, and organized criminal conspiracy.
Le Monde first reported the development, citing sources familiar with the sprawling investigation that spans multiple cities and countries of origin.
Failed Paris Kidnapping Sparks Major Probe
The investigation was catalyzed by a high-profile kidnapping attempt on May 13 in the 11th arrondissement of Paris. The targets were the daughter and grandson of Pierre Noizat, CEO of the longstanding French crypto exchange Paymium.
In disturbing scenes caught on widely circulated video, four masked assailants violently attacked Noizat’s daughter, her husband, and their young child. All three victims sustained minor injuries and received treatment in hospital. Police believe the attackers aimed to use the victims as leverage to extract private keys or access to significant cryptocurrency holdings.
This attack followed an earlier failed attempt on May 12 and was swiftly followed by another foiled plot outside Nantes, underscoring what officials now say is a coordinated campaign.
According to officials, the 25 suspects hail from a wide array of regions, including the Paris area, Châtellerault, Senegal, Angola, and Russia. While some have been described as opportunistic criminals, others are believed to have acted under the direction of a still-unidentified leadership structure.
Eighteen of the accused are currently in pre-trial detention. Three have requested a deferred hearing, while four remain under strict judicial supervision.
The alarming rise in crypto-targeted kidnappings has put the industry on edge. The failed May attacks are the latest in a series of high-stakes criminal operations targeting crypto figures across France.
In January, Ledger co-founder David Balland and his partner were abducted in an attack that drew national outrage. On May 1, another case made headlines when the father of a known crypto millionaire was kidnapped. Investigators now believe this event is directly linked to the same network behind the Noizat family attacks.
Although authorities have apprehended several low-level operatives and logistics coordinators, the masterminds of these plots remain at large.
Crypto Industry Rallies for Protection
The escalating threat has triggered swift government and industry responses. French Interior Minister Bruno Retailleau met with key crypto stakeholders in mid-May to discuss national security implications and public safety strategies.
Following the meeting, the Interior Ministry announced a series of enhanced protective measures, including collaboration between police, gendarmerie units, and crypto firms to perform residential security audits for high-risk individuals.
The surge in violence has created a niche for specialized services in the crypto industry. According to a report by NBC News, at least three insurance firms are developing kidnap and ransom (K&R) policies specifically for crypto holders, aiming to mitigate the unique risks faced by wealthy investors in the sector.
Meanwhile, private security companies are also seeing a spike in demand. Infinite Risks International, a Netherlands-based security firm, recently reported a significant increase in contracts from crypto executives and investors seeking personal protection.
A Global Pattern Emerges
Though France is currently in the spotlight, the pattern of targeted physical attacks on crypto figures is not isolated. Similar incidents have been reported in the United States, the United Kingdom, and various parts of Asia.
Analysts warn that as digital wealth becomes more common—and more easily tracked via blockchain forensics—criminals may increasingly resort to physical coercion, bypassing traditional cybersecurity barriers.
In France, the crypto community is on high alert as the investigations continue. Prosecutors, meanwhile, are racing to uncover the full extent of the conspiracy and determine who is truly pulling the strings.
Crypto Hack Losses Fall Sharply in May as Industry Tightens Security
Meanwhile, after a turbulent start to the year marked by billion-dollar breaches, May 2025 delivered a rare moment of relief for the crypto sector. Losses from crypto hacks fell significantly during the month, even though a single devastating incident accounted for nearly 90% of the total amount stolen.
According to blockchain security firm PeckShield, approximately 20 major hacking events were recorded in May, with combined losses amounting to $244.1 million. This figure marks a 39.29% drop from April and shows the ongoing efforts by exchanges, decentralized protocols, and cybersecurity providers to shore up vulnerabilities across the industry.
Feb 2025 recorded the largest crypto hack losses this year (Source: PeckShield)
Cetus DEX Breach Dominates May’s Crypto Theft Landscape
The most consequential incident of the month occurred on May 22, when decentralized exchange Cetus, which operates on the Sui Network, was exploited in a sophisticated attack resulting in user losses of approximately $223 million within a single day.
According to blockchain analysis firm Dedaub, the attackers exploited a vulnerability in the most significant bits (MSB) check of the protocol. The exploit allowed bad actors to inflate the value of liquidity pool parameters by several magnitudes, creating disproportionately large positions with minimal input, effectively gaming the protocol’s mechanics in their favor.
Fortunately, the response from Cetus and the Sui Network was swift. PeckShield confirmed that $157 million of the stolen funds — roughly 71% — have since been frozen, offering hope that some portion of user losses may be recoverable.
While the Cetus breach dominated headlines, several smaller but still significant attacks were also recorded in May. The second-largest incident targeted the DeFi platform Cork Protocol, where attackers siphoned off around 3,761 Wrapped Staked Ether (wstETH) — valued at about $12 million — by exploiting a vulnerability in the platform’s smart contract infrastructure.
Cybersecurity firm Cyvers, which tracked the attack, said the stolen wstETH was rapidly converted into regular Ether (ETH), potentially complicating recovery efforts.
Other notable attacks during the month included:
A suspected North Korean (DPRK)-linked breach resulting in $5.2 million in losses.
An MBU token exploit that drained $2.2 million.
A MapleStory Universe breach costing $1.2 million.
These incidents brought May’s total tally to just under a quarter-billion dollars. Despite the scale of individual attacks, especially Cetus, the overall downward trend offers a glimmer of optimism for the embattled crypto security space.
January to May: A Year of High-Stakes Crypto Crime
Even with the recent decline, 2025 remains on track to be one of the most damaging years for crypto security breaches. According to PeckShield data, more than $1.63 billion was stolen in Q1 alone.
The most devastating incident to date was the Bybit exploit in February, which accounted for over $1.5 billion in losses and remains one of the most costly crypto hacks in history.
January saw comparatively modest losses of $87 million, but the sharp spike in February served as a wake-up call for the entire industry, prompting new risk protocols, security audits, and inter-agency collaboration.
As attackers grow more sophisticated, the crypto industry is also evolving. Exchanges and DeFi platforms have increasingly turned to on-chain monitoring, automated alerts, and proactive protocol hardening to mitigate damage and respond in real time.
On May 31, BitMEX’s internal security team successfully uncovered operational flaws within the Lazarus Group, a North Korean state-linked hacking syndicate believed to be behind numerous crypto heists. The BitMEX counter-operations reportedly exposed IP addresses, databases, and even tracking algorithms used by the group, a breakthrough that could aid future takedowns or defensive strategies.
In addition, more security collaborations are forming between blockchain firms and traditional insurers. As crypto becomes increasingly mainstream, insurance companies are now rushing to develop tailored kidnap-and-ransom (K&R) policies and theft protection for digital asset holders and platforms.
Cautious Optimism for the Months Ahead
While May’s sharp drop in total theft may offer a temporary reprieve, cybersecurity experts caution against complacency.
Still, the rapid freezing of funds in the Cetus case and the visible clampdown on state-linked actors suggest that the crypto industry’s security infrastructure is beginning to mature — albeit under heavy pressure.
With billions in assets at stake and an evolving threat landscape, the coming months will test whether these new strategies can meaningfully tilt the balance away from cybercriminals.
