Durov Warns Telegram Could Exit France After Blaming Data Leaks for 41 Kidnappings

Pavel Durov, the founder and chief executive of Telegram, alleged on 24 April 2026 that 41 cryptocurrency-related kidnappings in France during the first months of 2026 were facilitated by data leaks that exposed user information. In a post published via Telegram's official channel, Durov said the abductions were enabled by compromised user data — and that he was prepared to withdraw the platform from France entirely if the government continued pressing for access to user information.

The allegation places France's digital-security apparatus under uncomfortable scrutiny at the same moment Paris is negotiating its own encryption and platform-governance framework with European partners. It also raises questions about whether government-mandated data-sharing arrangements — however well-intentioned — create surface areas that bad actors can exploit.

The Kidnapping Allegation

Durov's post, distributed on 24 April 2026 via Telegram's platform, claimed the 41 kidnappings were directly linked to user data that was leaked — presumably through law-enforcement data requests or third-party integrations — and subsequently used by criminal networks to identify and target cryptocurrency holders. The sources Cointelegraph relayed do not independently verify the figure, and French authorities have not publicly confirmed the 41-kidnapping tally as of the time of writing.

What is established is that Durov has long resisted government demands for user data. His 2024 arrest at Paris–Le Bourget Airport on charges including complicity in fraud, organized crime facilitation, and refusal to cooperate with lawful data requests put the platform under sustained legal pressure. The charges remain subject to ongoing proceedings.

France has been pursuing an expanded legal framework for accessing encrypted communications. The 2024 LPM security law — the French military budget legislation — expanded surveillance powers in ways that platform operators argued could be leveraged to force decryption cooperation. Telegram contested those provisions, warning they would establish precedents other jurisdictions might copy.

The Platform's Exit Threat

Telegram has a combined European user base that runs into the tens of millions; France is among its larger Western European markets. An exit would not be cosmetic. It would strand active communities, disrupt verified-business accounts used by French enterprises for customer engagement, and create a gap in the encrypted-messaging landscape that other platforms — many of them US-controlled — would partially fill.

Durov's threat to withdraw is consistent with a pattern. He has previously pulled Telegram from markets where he judged legal pressure unsustainable — Iran in 2022, for example. The difference in France is that the platform is already under a formal judicial cloud from the 2024 arrest proceedings, making the exit threat both a negotiating tactic and a plausible contingency.

French interior ministry officials have not publicly responded to Durov's 24 April post as of this publication. The sources Cointelegraph relayed do not include any French government comment on either the kidnapping claims or the exit warning.

The Data-Leak Problem

The broader structural issue is the surface area that data requests create. When a government compels a platform to log metadata, retain message content, or share user identifiers on request, that data sits in systems that can in principle be breached, subpoenaed by other parties, or socially engineered into by determined criminal actors.

Crypto holders are a particular target class. Blockchain transactions are pseudonymous — wallets can be de-anonymized if an exchange, a platform, or a messaging app links a wallet address to a real identity. A single successful leak of that mapping — from any platform a target uses — can focus a kidnapping operation precisely. Whether the 41 incidents Durov cited involved Telegram data specifically, leaked from another source, or a combination, is not established in the available record.

The allegation nonetheless underscores a tension that digital-rights groups have flagged for years: mandatory data retention creates honeypots. The security benefit of centralized access must be weighed against the catastrophic downside if that centralized store is compromised.

Platform Governance in the Crosshairs

Telegram occupies an unusual position in the platform landscape. Unlike WhatsApp, Signal, or iMessage, it has historically offered limited compliance with government data requests, has not implemented default end-to-end encryption for most message types, and has marketed itself — correctly or not — as a privacy-preserving alternative. That posture attracts users who want resistance to surveillance; it also attracts the scrutiny of governments that view ungoverned encryption as a criminal-enabler.

France is not alone in this posture. The UK's Online Safety Act, Germany's ongoing platform-regulation debates, and the EU's revised ePrivacy framework all press in similar directions. The French case is notable because Durov's personal legal jeopardy — still unresolved from the 2024 arrest — gives the standoff a sharper edge than abstract policy disagreement.

The stakes are concrete: a Telegram exit from France would be felt most acutely by users who depend on the platform for uncensorable communication, by French businesses that use Telegram Channels for marketing and customer service, and by investigative journalists who rely on the platform's relative opacity for source protection. It would benefit competitors with more compliant data postures. Whether those competitors are more secure — or simply more surveilled — is a question the available evidence does not fully resolve.

What remains uncertain is whether French authorities will engage Durov's allegation directly — either to contest the 41-kidnapping figure or to address the specific data-access concerns Telegram is raising — or whether the dispute escalates quietly until an exit decision forces a public reckoning.

This publication covered Telegram's legal jeopardy in France in 2024 when Durov was first detained; this article updates that ongoing story with his most recent public statements and the specific allegation about crypto kidnappings connected to user data exposure.

Wire provenance

This editorial synthesis draws on the following public wire/social posts:

• https://t.me/Cointelegraph/26582
• https://t.me/Cointelegraph/26582