A new tax reporting rule in the United Kingdom now requires crypto platforms to submit detailed user data to HM Revenue & Customs and to authorities in more than 70 countries.
The regulation, which took effect in January, has sparked warnings that ordinary crypto users could face real-world security risks.
Analysts point to similar rules in France, where data exposure has been linked to a rise in violent crimes against crypto holders.
The system is based on the Crypto-Asset Reporting Framework, a global standard created by the Organisation for Economic Co-operation and Development.
Under the framework, UK exchanges and custodial wallet providers must collect and report user identities and transaction histories each year.
The information includes names, home addresses, birth dates, tax residency details, identification numbers, and full trading activity.
Authorities argue the system closes long-standing loopholes that allowed crypto tax evasion to flourish.
Platforms such as Binance and Kraken are among those now required to comply with the reporting rules.
Exchanges must also inform users that their data may be shared with foreign governments starting in 2027.
Freddie New from Bitcoin Policy UK warned that the database could become a list of potential targets for criminals.
“A bad actor that got hold of that data would immediately be able to sort it very quickly by softness of target and by amount of money,”
Freddie New said.
“And then they can merely pack their bags and go off and physically harm people.”
Security experts highlight so-called wrench attacks, where criminals use threats or violence to force victims to transfer crypto assets.
Unlike traditional banking systems, stolen crypto funds cannot be frozen or reversed once transferred under duress.
France has already experienced a wave of such incidents, including kidnappings and severe physical assaults targeting crypto investors.
Investigations in France uncovered cases where sensitive data was allegedly leaked by insiders within the tax authority.
The growing threat is not limited to one country, as global data shows a broader trend of increasing physical attacks.
A 2025 report from Chainalysis found that attacks on crypto holders could reach record levels.
Analysts observed that rising bitcoin prices often coincide with more frequent violent incidents.
Many cases are believed to go unreported, suggesting the scale of the issue may be larger than official figures indicate.
The framework’s global nature makes it difficult for any single country to change or withdraw from the system.
All 27 European Union member states adopted a similar approach through the DAC8 directive.
Dion Seymour of Andersen said the policy has already been endorsed by major global institutions.
“The problem is now CARF has already been created by the OECD,” Dion Seymour said. “It’s been ratified by the G20 around the world.”
As data collection begins across jurisdictions, questions remain about how securely this information will be handled in practice.
The UK now faces scrutiny over whether its approach could mirror the risks already seen elsewhere.