Cybercrooks getting violent more often to secure big payouts in Europe
Summary
Researchers report a sharp rise in “violence as a service” across Europe, with at least 18 violent crypto-related incidents so far this year. France has been hit hardest (13 cases). CrowdStrike’s European Threat Landscape Report, citing trackers of violent crypto crime, links many perpetrators to loosely affiliated eCrime networks known as The Com and associated groups such as Scattered Spider. High-profile incidents include the kidnapping and mutilation of Ledger co-founder David Balland and assaults targeting crypto holders in French cities, plus cases in the UK involving drugging and theft of wallet passkeys.
The report also highlights evolving tactics: recruitment of physical operators to gain close access to corporate networks (for example by bringing burner laptops to corporate HQs), collaboration between initial access brokers (IABs) and big-game-hunter gangs, and continued dominance of ransomware and data-theft adversaries in Europe.
Key Points
- At least 18 violent, crypto-related crimes recorded in Europe this year; 13 occurred in France.
- Incidents range from kidnappings and assaults to drugging victims to steal crypto passkeys and hardware.
- Perpetrators often belong to loose eCrime networks termed “The Com,” which supply close-access operatives and specialised tools.
- CrowdStrike finds over 2,100 claimed attacks on European organisations since Jan 2024; ~92% tied to ransomware and data theft.
- The UK is the most-targeted country in Europe by criminals posting on data leak sites; IABs and BGH groups actively collaborate.
- New close-access techniques discussed include sending recruits with burner laptops to corporate HQs to establish remote footholds.
- Sectors flagged as most at risk include academic institutions, professional services and retail, with manufacturing and tech not far behind.
Context and relevance
This trend marks an escalation from purely digital extortion to mixed physico-digital campaigns where violence is used to secure or coerce access to high-value crypto and corporate assets. For security teams, custodians of high-value keys, and C-suite decision-makers, it signals a need to widen threat models beyond remote-only threats to include personnel safety, physical security, and insider-risk scenarios.
The report links these physical crimes to existing online criminal economies (IABs, BGH gangs, Scattered Spider), underlining how online access brokers and underground forums translate to real-world harm. The UK remains a major focus for attackers, while France has seen particularly violent incidents aimed at cryptocurrency figures.
Author style
Punchy — this isn’t just another cyber-incident brief. The violent turn in crypto-targeted crime raises the stakes for anyone responsible for keys, high-value accounts or corporate access. Read the detail if you manage security, operations or executive protection: it changes what you need to defend against.
Why should I read this?
Because crooks are no longer content with phishing and ransomware alone — they’re getting physical. If you look after security, crypto keys, or run a big organisation, this is the kind of escalation that means rethinking both digital controls and real-world safety measures. We’ve read the messy bits so you don’t have to — and trust us, it’s worth a look.