Crypto theft has a special kind of cruelty built into it. Even when your coins are gone, you can often still see them moving — hop by hop — across the public blockchain. It’s like watching your wallet being carried away through a glass corridor you’re not allowed to enter.
A BBC investigation into crypto crime puts hard numbers and human stories on a trend that’s been quietly shifting: while huge exchange hacks still dominate headlines, more criminals are turning their attention to individual investors — using old-school scams, leaked data, and, in the worst cases, physical violence.
Why crypto theft feels different from normal fraud
In traditional finance, the most common “happy ending” is boring: a bank reverses a transfer, a card company cancels a charge, or an insurer makes you whole. Crypto, by design, doesn’t work that way.
The BBC story opens with “Helen”, a UK resident who says she lost around $315,000 (£250,000) in cryptocurrency. For years she and her husband “Richard” (not his real name) had accumulated Cardano. They weren’t wealthy — she worked as a personal assistant, he as a composer — but they were methodical about saving and believed the asset could rise in value.
Then, in February 2024, criminals accessed a cloud storage account that contained information about their wallets and how to get in. After a small test transaction, the thieves moved all their coins into wallets they controlled. The couple watched for months as their funds were shuffled onward, powerless.
That helplessness is the psychological punch of crypto theft: the ledger is transparent, but the identity behind the wallet often isn’t.
The scale: millions of owners, billions stolen
Crypto ownership is no longer niche. The BBC cites an FCA survey from August 2024 suggesting roughly 12% of British adults had owned crypto-assets — about seven million people. Globally, estimates put crypto ownership around 560 million.
With more people holding crypto, more value is available to steal. Blockchain analysis firm Chainalysis estimates that 2025 saw total crypto thefts of more than $3.4bn (£2.5bn), a figure that has stayed in roughly the same range since 2020.
A significant share of those losses come from large-scale attacks on crypto companies. The BBC notes one of the biggest examples: North Korean hackers stole $1.5bn (£1.1bn) from the crypto exchange Bybit in February 2025.
But the story’s more worrying shift is what happens outside the exchanges.
The shift toward targeting individuals
Chainalysis research cited by the BBC suggests attacks on individual investors have surged: from about 40,000 in 2022 to 80,000 in 2025.
Chainalysis estimates that hacking, scamming, or coercing individuals accounted for around 20% of all crypto value stolen, totalling about $713m (£532m). And the firm warns this could be an undercount because many victims never report theft publicly.
Why would criminals bother with individuals when exchanges hold billions?
A few reasons emerge:
- Exchanges have improved security and incident response. Big firms can afford 24/7 security teams, withdrawal monitoring, and clawback strategies.
- Individuals are messy targets. People reuse passwords, store keys in cloud drives, fall for persuasive calls, and sometimes boast about holdings.
- Crypto “self custody” is unforgiving. If you’re your own bank, there’s no bank to call.
In short: the industry’s security improvements may be pushing attackers “downstream” to the easier prey.
Regulation and protection: what you don’t get in crypto
The BBC contrasts crypto with traditional finance protections in the UK, where victims can sometimes lean on banks, card companies, the Financial Ombudsman Service, or the Financial Services Compensation Scheme.
Crypto investors largely don’t have those cushions.
The FCA describes crypto in the UK as “largely unregulated and high-risk” and warns that if something goes wrong, you’re unlikely to be protected — so you should be prepared to lose all your money.
The BBC also notes the odd reality that even major players can have patchy support availability depending on jurisdiction: it cites Binance, described as the world’s largest crypto exchange, reporting about 1.4 million UK users, while an advice page for victims of theft is blocked in the UK.
That kind of gap doesn’t create crime, but it can worsen outcomes: fewer clear recovery paths means more desperation and more reliance on do-it-yourself “recovery” schemes that can become scams themselves.
Scams that look modern — but run on ancient instincts
A theme running through the report is that many crypto thefts succeed not because of advanced hacking, but because criminals understand people.
The BBC describes a US case involving Evan Tangeman, 22, who pleaded guilty to being part of a group dubbed the Social Engineering Enterprise. Prosecutors say the group stole more than $260m (£194m) between October 2023 and May 2025, often by tricking victims into thinking they were dealing with legitimate exchanges and persuading them to transfer coins.
That “persuading” part matters. If a victim authorises a transfer — even under manipulation — the blockchain will treat it as a valid, final transaction.
In other words: crypto doesn’t just amplify hacking; it amplifies social engineering.
When theft becomes physical: “wrench attacks”
The report also highlights the darkest edge of the trend: theft that leaves the screen.
In the crypto community, there’s a term for robberies that use threats or violence to force a transfer: “wrench attacks”, named after stories of attackers using tools like spanners to intimidate victims.
The BBC describes cases that show how real this has become:
- In Spain, criminals tried to force a couple to hand over cryptocurrency; the man was shot in the leg, held captive, and later found dead in woodland. Arrests followed in Spain and charges in Denmark.
- In France, an attempted kidnapping of a crypto executive’s family was captured on video.
- In early 2025, David Balland, co-founder of crypto security company Ledger, was abducted with his wife; police later rescued them, but Balland’s finger was cut off during the extortion attempt.
- In the UK, police arrested six people after masked men stopped a car travelling between Oxford and London and forced an occupant to transfer cryptocurrency valued at £1.5m.
The pattern is grimly logical: if crypto can be transferred instantly and irreversibly, then physical coercion becomes a “shortcut” for criminals who already operate violently.
Data breaches: how attackers build lists of targets
Another engine of crypto crime is data — not just “crypto data”, but ordinary consumer information.
The BBC interviews Matthew Jones, founder of crypto security firm Haven, who argues that as “Bitcoin millionaires are becoming so frequent,” stolen databases are constantly enriching criminals’ target lists.
One example in the report involves Kering (parent of brands including Gucci and Balenciaga). The BBC says a hacker claimed to have bought spreadsheets for $300,000 (£224,000) to identify high spenders, then cross-referenced them with another stolen database to target victims.
That hacker claimed to have scammed multiple Coinbase users out of at least $1.5m (£1.1m) in crypto, and showed the BBC evidence that he possessed the data and that he owned $700,000 (£522,000) in Bitcoin that he said came from one victim.
Kering previously told the BBC that its IT systems had been secured after the breach and that no bank account numbers, credit card information, or government ID numbers were stolen.
Even without payment details, contact info plus spending patterns can be enough to build a compelling scam script.
The security arms race: biometrics, geofencing, panic buttons
Because crypto is built around the idea of “self custody” — holding your own keys — the industry is trying to retrofit protections that people expect from banks.
Matthew Jones says he has had crypto stolen himself, and he is developing wallet security features like:
- Continuous biometric checks, to ensure only the owner can send coins.
- Geofencing, to block transactions outside approved locations like home or work.
- A panic button, presumably to quickly freeze activity when someone suspects coercion or compromise.
These are attempts to translate real-world safety concepts (identity verification, suspicious-location flags, emergency shutdowns) into a system that was designed to avoid central control.
But the BBC’s central warning remains: the more people treat crypto like a normal savings account, the more they can be blindsided by how few consumer protections exist.
Practical steps for ordinary holders
If you hold crypto — even a relatively small amount — the report suggests a few high-leverage defensive moves:
- Treat your seed phrase like cash and a passport combined. If it’s exposed, recovery is unlikely.
- Avoid storing wallet access details in cloud drives. Convenience can become an attack path, as in Helen and Richard’s case.
- Enable strong account security everywhere. Password managers, multi-factor authentication, and unique passwords reduce the chance of compromise.
- Be sceptical of urgent “exchange support” contacts. Social engineering often exploits time pressure.
- Consider the physical risk. Don’t publicise holdings, and think carefully about how easily you could be coerced.
Bottom line
Crypto crime isn’t just about elite hackers draining exchanges. It’s increasingly about criminals using leaked data, persuasion, and sometimes violence to target individuals — because the crypto system makes successful thefts fast, global, and hard to reverse. If you’re “your own bank,” you also inherit the bank’s security job — and right now, many people don’t realise how demanding that job is until after the money is gone.
English
العربية
Čeština
Dansk
Nederlands
Eesti
Suomi
Français
Deutsch
Ελληνικά
Magyar
Italiano
日本語
한국어
Latviešu valoda
Lietuvių kalba
Norsk bokmål
Polski
Português
Română
Русский
Slovenčina
Slovenščina
Español
Svenska
Türkçe