France's Crypto Kidnapping Surge Traced to State Data Leaks, Durov Warns Telegram Will Exit

France recorded 41 kidnappings of crypto holders between January and mid-April 2026. Philippe Chadrys, deputy national director of the French judicial police, confirmed the figure at a press briefing on April 16. The cases span kidnappings, hostage takings, and extortion attempts targeting both institutional digital currency players and individual investors.

The scale of the problem is new. Annabelle Vandendriessche, head of the Interior Ministry’s Sirasco unit, described the phenomenon as “marginal” in 2024. Around 30 cases were documented across all of 2025. The 2026 pace is already well beyond that.

Durov Points Directly at State Data as the Source

Pavel Durov, founder and CEO of Telegram, addressed the crisis directly on X. According to Durov on X, the kidnapping surge traces to a specific chain: a French tax official identified as Ghalia C. allegedly sold crypto investor data to criminals, compounded by what he described as massive tax database leaks. As Durov posted on X: the state now also wants IDs and private messages of social media users, and “More data = More victims.”

41 kidnappings of crypto holders in France in 3.5 months of 2026.

Why?

🥖 French tax officials selling crypto owners' data to criminals (Ghalia C.) + massive tax database leaks.

Now the state also wants IDs and private messages of social media users.

More data = More victims.

— Pavel Durov (@durov) April 24, 2026

The judicial case involving Ghalia C., detailed by Le Parisien, reportedly involved a tax agency employee targeting prison guards and crypto investors for an unknown client. That case predates the ANTS breach. But it established that investor data was already moving from government systems into criminal hands before 2026 even started.

Then came the ANTS breach. France’s National Agency for Secure Documents confirmed on April 20 that its portal was compromised on April 15. The exposed data includes full names, email addresses, dates of birth, postal addresses, and phone numbers. A threat actor operating under the alias “breach3d” began selling what it claims is a database of 18 to 19 million records on April 16, one day before ANTS went public.

The ANTS portal handles national ID cards, passports, driver’s licenses, and vehicle registration. It is not a crypto-specific platform. A person’s name, address, date of birth, and phone number are exactly what a criminal crew needs to locate and approach a target.

19 Million Records Exposed, Cascade Still Running

The ANTS confirmation triggered notifications to CNIL, France’s data protection authority. A report was also filed with the Paris Public Prosecutor under Article 40 of the French Code of Criminal Procedure. ANSSI, the national cybersecurity agency, was separately notified. All three were mobilised at once.

Le Monde reported that French prosecutors have now charged 88 individuals across at least a dozen crypto-related kidnapping cases, including more than 10 minors. Chadrys noted that masterminds are often based abroad and targets are sometimes revealed to foot soldiers only at the last moment.

One case from April involved a woman and her 11-year-old son kidnapped in the Burgundy region. Around 100 officers were deployed. The pair were freed within two days and seven arrests followed. A separate case on April 10 in Anglet involved five individuals hunting a crypto investor. They allegedly took computers, phones, and luxury jewelry before being arrested at Paris’s Montparnasse station. Chadrys said the group “mistook their target.”

David Balland, co-founder of Ledger, was kidnapped in January 2025. His finger was severed during captivity before he was released the following day. His girlfriend was found bound in the boot of a car outside Paris. That case set the tone for how French authorities and the public now understand what is at stake.

Telegram Refuses and Says It Would Rather Leave

Durov posted a second statement on X. As Durov wrote on X, Telegram would rather leave the French market than give what he called “corrupt bureaucrats” access to private messages. The argument was direct: France has already proven it cannot secure what it holds. Giving it more data does not protect citizens. It makes them easier targets.

That’s why Telegram would rather leave the French market than give their corrupt bureaucrats access to private messages.

— Pavel Durov (@durov) April 25, 2026

The position is not new for Telegram. But this time Durov attached it to a documented chain of state-level failures rather than a general privacy principle. The Ghalia C. case and the ANTS breach give the argument a factual base it did not carry before.

The ANTS investigation is still ongoing. The agency confirmed that documents submitted during administrative procedures, including uploaded attachments, were not part of the exposure. No immediate user action is required, though ANTS warned the public to treat suspicious SMS messages, calls, or emails claiming to be from the agency with extreme caution.

France’s data problem is not one breach or one rogue official. It is layered. And Durov’s argument is that collecting more data from social platforms is the wrong answer entirely.