The tech offense: The virtual and physical manifestations of tech-enabled kidnappings
Editor
2025 saw a rise in kidnapping and extortion cases with one commonality: the use of advanced technology. Traditional kidnap for ransom continues to flourish in the global threat landscape, with perpetrators exploiting political and economic instability in long-time global hotspots. Increasingly, however, criminals are leveraging emerging technologies to improve the scale, ease and sophistication of both virtual and in-person kidnappings. Additionally, the embedded nature of digital platforms in everyday life has diversified the target profile to include a wider range of individuals and businesspeople globally. With individual actors and criminal groups displaying significant adaptability - in both their modus operandi and geographic location - authorities are increasingly challenged in their ability to protect potential victims against kidnapping and extortion attempts.
The changing landscape
To better understand the unfolding threat in the kidnapping landscape, S-RM spoke to Paul Padman, the Deputy Head of Crisis Response. He shared that while cash remains the preferred medium of exchange in the majority of kidnapping incidents, 2025 witnessed an increase in criminals demanding payment in crypto-currency across both traditional kidnap events and highly publicised ‘crypto kidnaps’ or ‘wrench attacks.’ These ‘wrench attacks’ — named after the hypothetical scenario where an assailant uses a wrench to coerce someone into revealing their crypto keys — have escalated in both frequency and severity.
Kidnappings involving crypto-currency 2018-2025
The crypto sector’s fast-rising value, strong returns, and anonymous and unregulated transactions make it highly attractive to criminal organisations. As such, it comes as no surprise that organised and transnational groups are driving crypto-related kidnappings. Cross-border criminal networks leverage young, low-level local criminals to execute the actual kidnappings, while plots are often devised and coordinated by criminals abroad, making it particularly difficult for authorities to trace or dismantle these complex webs.
Over the past two years, crypto-related abductions (successful and unsuccessful) have been reported in France, US, UK, Canada, Australia, Belgium, Brazil, Philippines and Russia among others. The common thread between these countries is their low barriers to entry to the crypto market and high concentration of well-performing crypto trading and investment companies. With the crypto market set to continue delivering meaningful gains, the threat of kidnapping and extortion within the industry is expected to prevail and expand to jurisdictions looking to benefit from the digital asset’s growing revenues.
Ransom demands in crypto-related kidnappings often exceed USD 1 million, and rather than relying on sophisticated cyber-attacks to access crypto accounts, threat actors leverage publicly available information to identify and target victims. For instance, social media platforms, visibility at crypto conferences and events, company reports documenting individual or business financial success, provide exploitable information. High-ranking executives, founders of crypto platforms, and their families will remain the top targets, particularly individuals with high public visibility and notable digital asset exposure. Recent incidents further show kidnappers deploying high-impact methods like home invasions or staged encounters with victims, while also relying on traditional extortion tactics – such as videos of physical assault and torture – as a means of pressuring the victim’s family or company to extract passwords to digital wallets.
The digital dilemma
Alongside the rising physical threat, technological advancements have also effected an increase in virtual kidnappings, including the use of deepfakes – doctored versions of photographs and videos, often taken from social media – to threaten relatives into paying extortion or ransom demands. These scams are easier to perpetrate, with fewer logistical requirements, and result in a quicker stream of revenue with lower risks of being caught. Further, virtual kidnappings are not tied to geographies in the same way that traditional kidnappings are to jurisdictions with high crime rates or political instability, as perpetrators are able to falsify information around their capabilities and locations to amplify the threat.
The embedded nature of social media and digital applications in daily life, alongside AI’s ability to generate increasingly believable content, provides criminals with greater opportunities for engagement with potential targets. Gen Z are common targets of virtual kidnappings due to their considerable social media usage, but with older generations progressively adopting technology and more likely to trust communications that appear to be from legitimate sources, such as banks, police, or government departments, perpetrators have and will increasingly exploit this vulnerability for financial gain. Ransom demands on this front tend to be lower, with perpetrators typically demanding fast and low friction payments to decrease time for verification – ranging from several hundred to several thousand US Dollars.
Looking ahead
With technology and digitisation expected to drive an evolution in threat actor capabilities and expand vulnerable victim pools, governments have begun developing legislation to more tightly regulate digital platforms, the application of AI and crypto-currencies. However, these regulations remain complex to implement and quickly become outdated in a constantly changing field. Looking ahead, as technological adoption deepens globally, threat actors are likely to further refine their tactics and build on their capabilities, especially in countries or situations with limited physical and virtual protection measures.