French authorities have launched a probe into a Waltio data breach after an extortion attempt prompted the company to disclose that user email addresses and summary items from 2024 tax reports may have been exposed. Waltio says passwords, exchange credentials, wallet addresses and banking details were not compromised and has filed a criminal complaint while notifying CNIL. A December dark‑web listing described by cybersecurity firm Brinztech may or may not be linked to the January extortion; investigators are still determining the connection. The government also warned of kidnappings and impersonation scams targeting crypto holders.
Waltio Data Breach Investigated as France Warns of Kidnappings Targeting Crypto Holders
French authorities are investigating a data breach at crypto tax platform Waltio amid government warnings that kidnappings targeting cryptocurrency holders were reported in January 2026.
The Paris Public Prosecutor’s cybercrime unit opened a preliminary investigation and has assigned the case to France’s National Cyber Unit, according to a government cybersecurity alert. Investigators are working to determine exactly what data was taken and which users, if any, were affected.
What Waltio Says
Waltio acknowledged the incident in a Security Notice published on January 23. The company said the information exposed appears to be limited to user email addresses and summary items drawn from 2024 tax reports. Waltio stated that passwords, exchange account credentials, wallet addresses and banking information were not accessed.
Waltio has filed a criminal complaint for attempted extortion and unauthorized access and confirmed it is cooperating with law enforcement. The company also notified CNIL, France’s data protection authority, and advised users to verify the security code printed at the bottom of Waltio emails against the code shown in their account profiles.
Timeline And Unanswered Questions
Cybersecurity firm Brinztech reported that an alleged Waltio database was listed on a dark‑web marketplace on December 24, 2025. Waltio says it received an extortion demand on January 21, 2026 and learned of the breach through that extortion attempt rather than via dark‑web monitoring. Brinztech’s listing was described as containing names and phone numbers — data Waltio says it does not collect — leaving open the question of whether the December listing and the January extortion involve the same records.
Investigators have not confirmed whether the database referenced in December is identical to the information cited in the extortion attempt against Waltio.
Broader Context And Risks
The French government issued a specific warning that criminals are impersonating law enforcement to target people whose data may have leaked. The alert emphasized that real police will never call to request confidential information or appear unannounced at someone’s home claiming a data compromise.
Physical attacks on cryptocurrency holders have increased in France. Media reports cited a retired couple kidnapped in Sallanches on January 14 and an attempted abduction that was foiled in Paris on January 23. Separately, hardware wallet maker Ledger — also based in France — reported a separate breach earlier in January 2026.
Users of crypto services should remain vigilant: enable strong, unique passwords, use two‑factor authentication where available, verify communications, and report any suspicious contacts to the authorities.
Help us improve.
