Durov Warns Telegram Could Exit France Over Crypto Kidnapping Surge
Telegram founder Pavel Durov says data leaks exposing user information have facilitated dozens of cryptocurrency-related kidnappings in France, warning the platform may withdraw from the EU’s largest economy. The claim escalates a confrontation with European regulators over platform liability and encryption policy.
Pavel Durov said on 24 April 2026 that Telegram may pull out of France, citing what he described as a wave of cryptocurrency-linked kidnappings facilitated by data leaks that exposed user information. The Telegram founder said 41 such incidents had been recorded in France during the first months of 2026. The warning marks the latest escalation in a running standoff between the encrypted messaging platform and European authorities over content moderation, data access, and the legal obligations of large technology companies.
The allegations, if accurate, point to a significant data-security failure with direct consequences for personal safety. Whether the responsibility lies with Telegram, with third-party actors who obtained the data, or with broader weaknesses in how personal information circulates across cryptocurrency platforms remains an open question — and one with considerable implications for how the EU enforces its digital governance framework.
The data leak allegations
Durov's core claim is that a data breach or series of breaches exposed information about Telegram users in France, and that criminal actors used that information to identify and target individuals for cryptocurrency-related kidnappings. The mechanism he describes — leaking user data used to select and profile victims — is consistent with how organised groups have historically operationalised stolen databases. What distinguishes this cycle is the cryptocurrency dimension: once a target's digital asset holdings are identifiable on-chain, the ransom calculus shifts from generic intimidation to a precise extortion model tied to known portfolio values.
French authorities have not independently confirmed the 41-incident figure or publicly attributed the kidnappings to a specific data breach. The sources do not specify what category of data was exposed — whether it involved login credentials, communication metadata, wallet addresses, or some combination. Monexus has been unable to independently corroborate the scope and attribution of the alleged leaks.
The Paris-based arrest of Durov in August 2024 on charges including complicity in criminal activity conducted via Telegram gave French investigators leverage over the platform's operations that few other jurisdictions possess. That leverage appears central to how Durov frames his warning: France has legal tools to compel cooperation, and he is drawing a direct line between regulatory pressure and a deteriorating security environment for French users.
France's regulatory position
France has been among the most aggressive EU member states in demanding that large encrypted messaging platforms cooperate with criminal investigations. The charges against Durov, which he contests, centre on allegations that Telegram failed to respond adequately to judicial requests for user data and did not cooperate with law enforcement investigating criminal activity on the platform. If convicted, Telegram could face substantial fines, and Durov personally could face a prison sentence of up to ten years under the framework of France's 2024 legislation tightening platform liability.
The broader EU Digital Services Act creates additional enforcement pressure. Platforms operating in Europe are required to maintain legal representative presence in an EU member state, respond to removal orders from national authorities, and document their content moderation and data-sharing policies. Telegram has historically resisted providing backend access to law enforcement, arguing that its encryption architecture and data minimisation practices make it technically unable to produce information it does not store. French prosecutors have disputed this, alleging the platform retains more user data than it publicly discloses.
The French Ministry of the Interior had not responded to requests for comment at time of publication. Reuters and Le Monde have covered the ongoing criminal proceedings against Durov in detail, noting that the defence argues the charges conflate Telegram's technical architecture with intentional non-compliance.
The crypto kidnapping dimension
Cryptocurrency has changed the structural economics of kidnapping for ransom. Traditional abductions require cash delivery mechanisms — physical exchange points, bank drops, trusted intermediaries — that create opportunities for intervention. Crypto transfers can settle within minutes across jurisdictions with no physical rendezvous required, making the model particularly resilient to law enforcement disruption. When kidnappers can additionally identify a victim's approximate digital asset wealth before making contact, the ransom demand can be calibrated precisely to what the target can actually pay, reducing negotiation time and increasing compliance rates.
France's cryptocurrency ownership rates are among the highest in continental Europe, with surveys consistently placing it in the top five EU member states by retail adoption. That user base, combined with gaps in identity verification compliance across smaller exchanges and peer-to-peer marketplaces, creates a pool of identifiable targets whose on-chain exposure makes them viable subjects for this extortion model. The Durov framing implies that this exposure was amplified by the data leaks — information that reduced the reconnaissance burden for criminal actors substantially.
Whether Telegram bears legal responsibility for data leaks that it did not itself cause depends on whether it can be shown to have had prior knowledge of the vulnerability, to have failed to notify users in a timely fashion, or to have stored data in a manner that made the breach possible. These questions are distinct from the charges already filed in France and would likely require separate investigation.
The exit calculation
An exit from France would remove Telegram from the EU's largest digital economy by user count and dealt a significant blow to the platform's standing in European regulatory proceedings. France's positions on platform liability tend to influence the direction of travel at EU level — the Digital Services Act implementation was heavily shaped by French advocacy during the German-French compromise that produced the final text. Losing France as a jurisdiction for Telegram's EU operations would complicate the platform's legal standing across the entire bloc.
It would also create a precedent. Platforms that have historically resisted EU regulatory mandates — operating in defiance of content removal orders, failing to appoint legal representatives, or providing insufficient cooperation to criminal investigations — have typically been subjected to escalating financial penalties under DSA procedures. A voluntary departure in response to security concerns rather than regulatory enforcement would be a different kind of signal: one that frames the regulatory framework itself as incompatible with platform operations.
The counterpoint is straightforward: France has pressing interests in both public safety and platform accountability, and a threat to withdraw rather than comply with judicial cooperation requests may itself be a negotiating tactic rather than a firm operational decision. Durov has previously signalled Telegram's willingness to contest legal proceedings at length — the 2024 arrest did not produce an immediate compliance resolution, and the platform has maintained its core product functionality in France throughout.
What remains unclear — and what the source items do not resolve — is whether the data leaks Durov cites represent a single identified breach with known attribution, a series of unrelated incidents that his framing bundles together, or a category of third-party data harvesting that Telegram itself did not authorise or enable. The 41-incident figure cited by Durov is the only quantitative claim in the source material. The investigative and judicial record in France has not independently corroborated it.
Desk note: Cointelegraph's Telegram posts provided the primary disclosure. The 41-incident figure is Durov's claim, not a figure independently cited by French authorities. The piece distinguishes between the alleged data leak mechanism and the criminal outcomes he attributes to it, flagging the verification gap explicitly rather than treating the connection as established.
Wire provenance
This editorial synthesis draws on the following public wire/social posts:
- https://t.me/Cointelegraph/10845
- https://t.me/Cointelegraph/10846