French Tax Database Sold to Criminals: Transparency Laws Create Honeypot for Home Invasions
A French tax agent sold crypto investor addresses to criminals for €800, fueling a surge in physical ‘wrench attacks’ and exposing the dangers of centralized KYC databases.
A French tax official’s appeal for release was rejected Jan. 6, cementing a case that exposes the fatal flaw in centralized crypto oversight. Ghalia C., 32, used the state’s “Mira” tax software to compile dossiers on crypto investors and sold them to organized crime groups. The price for a target’s home address? €800.
The Leak
Working from the Bobigny tax office, the agent bypassed internal controls to map the identities of crypto specialists, billionaire Vincent Bolloré, and prison officials. She did not just browse; she curated hit lists. In September 2024, three armed men utilized her data to storm a prison officer’s home in Montreuil, initiating a violent assault. Authorities traced Western Union transfers and cash deposits back to the agent, confirming the transaction.
This is not a sophisticated hack. The National Police Inspectorate describes it as the “uberization” of file trafficking. Privileged access to state identity systems, which map names to physical addresses and family structures, is being retailed on social networks like Snapchat and Telegram. The barrier to entry for a home invasion is no longer technical skill. It is a small bribe.
The Wrench Attack Surge
On-chain security has improved, so attackers are pivoting to the weakest link: the human. Security consultant Jameson Lopp’s database documented over 50 physical “wrench attacks” globally in 2025, nearly double the 2024 count. France has become a hotspot, leading global statistics with 14 recent incidents.
“The newest vector isn’t Telegram doxxing or compromised exchanges. It’s privileged access to state identity systems.”
The Regulatory Paradox
European regulators have spent years mandating comprehensive KYC and wallet reporting to combat money laundering. The unintended result is a high-value target for criminals: a centralized registry of wealth mapped to physical locations.
The French government acknowledged this vulnerability in an August 2025 decree, removing the home addresses of crypto business leaders from the public commercial registry. Yet, the Bobigny case proves the danger remains. Law enforcement and tax administrators retain full access, and as Ghalia C. demonstrated, that firewall is permeable.
