Hacker Stole 1,000 Traders' Personal Data From Crypto Tax Reporting Service

A hacker made off with user data and in some cases financial information on more than 1,000 customers of CryptoTrader.Tax, a crypto tax filing website.

AccessTimeIconAug 24, 2020 at 9:15 p.m. UTC
Updated Sep 14, 2021 at 9:47 a.m. UTC

A hacker has stolen data on more than 1,000 users from CryptoTrader.Tax, an online service used to calculate and file taxes on cryptocurrency trades.

The hacker broke into a CryptoTrader.Tax marketing and customer service employee’s account on a support center platform, according to a source who came across the hacker on a dark web forum. With this access, the hacker could see customers’ names, email addresses, payment processor profiles and messages sometimes containing cryptocurrency incomes.

The hacker then screengrabbed samples of this sensitive information, posted them on the forum to entice potential buyers of the data trove and sent additional pictures to the source, who shared this evidence with CoinDesk.

David Kemmerer, a co-founder and the chief executive of CryptoTrader.Tax, confirmed to CoinDesk that a hacker gained unauthorized access on April 7 to the marketing and customer service employee’s account. The hacker was able to see support center details in the materials and downloaded a file containing 13,000 rows of information, including 1,082 unique email addresses, Kemmerer said.

CryptoTrader.Tax’s security team investigated the breach and found tax filing account passwords and CryptoTrader.Tax’s website were not compromised, Kemmerer said. The team then alerted parties affected by the breach and took steps to improve security measures and monitoring systems across internal and third-party applications, Kemmerer said. 

Operated by Kansas City-based Coin Ledger Inc., CryptoTrader.Tax allows users to import trades from 36 cryptocurrency exchanges and auto-generate cryptocurrency income gains and losses in tax reports exportable to TurboTax, the popular tax preparation software.

To pay for subscriptions, premium users also enter billing information into Stripe, a payment processor. Stripe is connected to CryptoTrader.Tax’s support center platform and shows customers’ email addresses and general locations, but it does not expose physical addresses or credit, debit and banking information, according to the Stripe website.

The hacker also accessed marketing communications, referral numbers, commission earnings and revenues from affiliates who promote the CryptoTrader.Tax service on websites and social media, according to the materials reviewed by CoinDesk and Kemmerer. 


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.