The proliferation of social media, digital currencies and artificial intelligence (AI) has provided new avenues for threat actors to enhance kidnapping and extortion schemes. As continued technological advancements diversify victim profiles and complicate efforts to curb these crimes, the threat is likely to persist and continue to evolve in the coming year, writes Shannon Lorimer.
2025 saw a rise in kidnapping and extortion cases with one commonality: the use of advanced technology. Traditional kidnap for ransom continues to flourish in the global threat landscape, with perpetrators exploiting political and economic instability in long-time global hotspots. Increasingly, however, criminals are leveraging emerging technologies to improve the scale, ease and sophistication of both virtual and in-person kidnappings. Additionally, the embedded nature of digital platforms in everyday life has diversified the target profile to include a wider range of individuals and businesspeople globally. With individual actors and criminal groups displaying significant adaptability - in both their modus operandi and geographic location - authorities are increasingly challenged in their ability to protect potential victims against kidnapping and extortion attempts.
To better understand the unfolding threat in the kidnapping landscape, S-RM spoke to Paul Padman, the Deputy Head of Crisis Response. He shared that while cash remains the preferred medium of exchange in the majority of kidnapping incidents, 2025 witnessed an increase in criminals demanding payment in crypto-currency across both traditional kidnap events and highly publicised ‘crypto kidnaps’ or ‘wrench attacks.’ These ‘wrench attacks’ — named after the hypothetical scenario where an assailant uses a wrench to coerce someone into revealing their crypto keys — have escalated in both frequency and severity.
* The 2025 figure reflects cases from January to July 2025, the end of year figure is expected to be higher. The figures illustrated are based on publicly available information and the actual number of incidents may differ.
The crypto sector’s fast-rising value, strong returns, and anonymous and unregulated transactions make it highly attractive to criminal organisations. As such, it comes as no surprise that organised and transnational groups are driving crypto-related kidnappings. Cross-border criminal networks leverage young, low-level local criminals to execute the actual kidnappings, while plots are often devised and coordinated by criminals abroad, making it particularly difficult for authorities to trace or dismantle these complex webs.
Over the past two years, crypto-related abductions (successful and unsuccessful) have been reported in France, US, UK, Canada, Australia, Belgium, Brazil, Philippines and Russia among others. The common thread between these countries is their low barriers to entry to the crypto market and high concentration of well-performing crypto trading and investment companies. With the crypto market set to continue delivering meaningful gains, the threat of kidnapping and extortion within the industry is expected to prevail and expand to jurisdictions looking to benefit from the digital asset’s growing revenues.
Ransom demands in crypto-related kidnappings often exceed USD 1 million, and rather than relying on sophisticated cyber-attacks to access crypto accounts, threat actors leverage publicly available information to identify and target victims. For instance, social media platforms, visibility at crypto conferences and events, company reports documenting individual or business financial success, provide exploitable information. High-ranking executives, founders of crypto platforms, and their families will remain the top targets, particularly individuals with high public visibility and notable digital asset exposure. Recent incidents further show kidnappers deploying high-impact methods like home invasions or staged encounters with victims, while also relying on traditional extortion tactics – such as videos of physical assault and torture – as a means of pressuring the victim’s family or company to extract passwords to digital wallets.
In May 2025, assailants kidnapped a relative of a crypto entrepreneur in Paris. The kidnappers demanded a ransom of between EUR 5 million and EUR 7 million and reportedly severed one of the victim's fingers to increase pressure during negotiations. French police rescued the victim after 58 hours and arrested five suspects.
In March 2025, two assailants posing as policemen kidnapped a businessman in the city of São Paulo, Brazil. The kidnappers reportedly stole USD 50 million in crypto-currency while the victim was in captivity. He was able to escape after five days. Police later arrested a former policeman in connection with the kidnapping, although other suspects in the abduction remain unidentified.
In November 2024, assailants kidnapped the CEO of a Toronto-based crypto firm. He was released following the payment of a CAD 1 million ransom. The incident occurred on the same day the company released its third quarter earnings results, which reflected a 153 percent earnings increase compared to its third quarter in the previous year.
Alongside the rising physical threat, technological advancements have also effected an increase in virtual kidnappings, including the use of deepfakes – doctored versions of photographs and videos, often taken from social media – to threaten relatives into paying extortion or ransom demands. These scams are easier to perpetrate, with fewer logistical requirements, and result in a quicker stream of revenue with lower risks of being caught. Further, virtual kidnappings are not tied to geographies in the same way that traditional kidnappings are to jurisdictions with high crime rates or political instability, as perpetrators are able to falsify information around their capabilities and locations to amplify the threat.
As criminals increasingly exploit AI-powered tools and platforms for financial gain, opportunities emerge for more sophisticated crimes on a significantly larger scale. In February 2025, for example, a prominent Italian businessman transferred nearly EUR 1 million to criminals who had used AI to mimic the voice of Italian Defence Minister Guido Crosetto. The AI simulated voice requested urgent financial assistance to secure the release of kidnapped Italian journalists in the Middle East, claiming the government could not be seen to be involved in the transaction. The victim had believed he would be reimbursed by the Bank of Italy, before realising it was a scam, and police were able to locate and freeze the stolen funds in the Netherlands.
The embedded nature of social media and digital applications in daily life, alongside AI’s ability to generate increasingly believable content, provides criminals with greater opportunities for engagement with potential targets. Gen Z are common targets of virtual kidnappings due to their considerable social media usage, but with older generations progressively adopting technology and more likely to trust communications that appear to be from legitimate sources, such as banks, police, or government departments, perpetrators have and will increasingly exploit this vulnerability for financial gain. Ransom demands on this front tend to be lower, with perpetrators typically demanding fast and low friction payments to decrease time for verification – ranging from several hundred to several thousand US Dollars.
With technology and digitisation expected to drive an evolution in threat actor capabilities and expand vulnerable victim pools, governments have begun developing legislation to more tightly regulate digital platforms, the application of AI and crypto-currencies. However, these regulations remain complex to implement and quickly become outdated in a constantly changing field. Looking ahead, as technological adoption deepens globally, threat actors are likely to further refine their tactics and build on their capabilities, especially in countries or situations with limited physical and virtual protection measures.