Waltio CEO files criminal complaint after extortion attempt as French government warns of physical threats to crypto holders.
By Zoran Spirkovski
Editor Hamza Tariq
Updated
3 mins read
French authorities are investigating a data breach at crypto tax platform Waltio as the government warns that kidnappings targeting cryptocurrency holders were reported to law enforcement in January 2026.
The Paris Public Prosecutor’s cybercrime unit ordered a preliminary investigation into the breach, which has been assigned to France’s National Cyber Unit, according to a government cybersecurity alert.
Investigations remain ongoing to determine the precise nature of stolen data and identify affected users.
Ce vendredi matin, nous avons déposé plainte pour tentative d'extorsion et atteinte à un système de traitement automatisé de données.
Le 21 janvier 2026, nous avons été destinataire d’une tentative d’extorsion. Celle-ci semble faire suite à une attaque particulièrement…
— Waltio (@Get_Waltio) January 23, 2026
Waltio acknowledged the breach in a Security Notice published January 23, stating that exposed data is limited to user email addresses and summary information from 2024 tax reports.
The company said passwords and exchange account access were not compromised. Wallet addresses and banking data also remained secure.
Crypto tax platforms collect sensitive transaction data under international reporting requirements.
French authorities issued specific warnings about criminals who pose as law enforcement officials to target breach victims.
The government alert cautioned that police will never call to request confidential data or appear unannounced at residences with claims that a user’s data was compromised.
Physical attacks on crypto holders have escalated in France. French media reported a retired couple was kidnapped in Sallanches on January 14, and an attempted kidnapping was foiled in Paris on January 23.
Hardware wallet maker Ledger, also based in France, reported a separate breach earlier in January 2026.
Waltio CEO Pierre Morizot said the company filed a criminal complaint for attempted extortion and unauthorized system access on January 23.
The company described the attack as particularly sophisticated and confirmed active cooperation with investigators.
Waltio also confirmed sending a notification to CNIL, France’s data protection authority.
The company advised users to verify the security code at the bottom of Waltio emails against codes displayed in their account profiles.
The breach timeline shows a gap between the data appearing for sale and Waltio’s awareness. Brinztech reported an alleged Waltio database appeared on a dark web marketplace on December 24, 2025.
Waltio stated it received the extortion attempt on January 21, 2026, nearly a month later. The company says it learned of the breach through the extortion attempt rather than dark web monitoring.
However, Brinztech’s report described the listing as containing names and phone numbers, data Waltio states the platform does not collect.
It remains unclear whether the database Brinztech identified in December is the same data referenced in the January extortion attempt against Waltio.
Disclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
As a Web3 marketing strategist and former CMO of DuckDAO, Zoran Spirkovski translates complex crypto concepts into compelling narratives that drive growth. With a background in crypto journalism, he excels in developing go-to-market strategies for DeFi, L2, and GameFi projects.