What To Do If Your Crypto Tax Platform Is Breached

A Note on Industry Security

A crypto tax platform in our industry recently disclosed a security incident. We are not going to name names — this post is not about them. It is about what you should do if it ever happens to any platform you use, including us.

No platform is unhackable. If something ever happened to Blockchain Smart Tax, we would notify you immediately, tell you exactly what was exposed, and give you clear steps — just like this post. That is a promise.

Why Exchange API Keys Are More Sensitive Than a Password

Most data breaches expose emails and hashed passwords. A breach at a crypto tax platform can expose something more dangerous: the API keys you used to connect your exchanges.

Even read-only API keys give an attacker your full transaction history, wallet balances, and trading activity across every exchange you connected. That is enough to craft phishing attacks that are frighteningly convincing — because they will reference your actual holdings and real transaction amounts, making them look legitimate.

If Any Crypto Tax Platform Notifies You of a Breach, Do This Immediately

1. Go directly to each exchange and revoke the API key. Do not just disconnect from the tax platform — delete the key at the source (Coinbase, Kraken, Binance, etc.). Create fresh keys only when you are ready to reconnect.
2. Be suspicious of any email that seems suspiciously specific. If a message references your actual wallet addresses or exact transaction amounts, that is not proof it is legitimate — it may be proof of the breach.
3. Do not click links in emails for the next few weeks. Navigate directly by typing URLs into your browser. This applies to emails claiming to be from the tax platform, the IRS, or your exchanges.
4. Enable multi-factor authentication everywhere if you have not already — your tax platform, email accounts, and every exchange account.

What We Do To Protect Your Data

We want to be transparent about our own practices — not to boast, but because you deserve to know:

• Exchange API keys are encrypted at rest with per-user encryption keys
• We only ever request read-only permissions — never trade or withdrawal access
• All privileged operations are logged for audit purposes
• We conduct regular penetration testing and will always accelerate it after any industry incident

We are a small team and we take this seriously. Security is not an afterthought — it is built into how we handle your data from day one.

Good Habits Regardless of Which Platform You Use

• Use API keys with the minimum permissions needed — read-only, never withdrawal or trading access
• Rotate your exchange API keys periodically — most exchanges make this straightforward
• Use a dedicated email address for crypto services, separate from your primary inbox
• Never share your seed phrase or private keys with any tax platform — no legitimate platform will ever ask for them

Questions or Concerns?

If you ever have questions about how we handle your data, reach out to our support team anytime. We read every message and will always give you a straight answer.

Track and Protect Your Crypto Tax Data

Blockchain Smart Tax is built with security as a foundation — encrypted API key storage, read-only exchange access, and full audit logging across 550+ supported blockchains.

How we compare to other crypto tax platforms:

• Koinly ($49+/year) — established platform with strong exchange integrations and a large user community
• CoinTracker ($59+/year) — polished interface with strong Ethereum and exchange support
• CoinLedger ($49+/year) — competitive pricing with good NFT and exchange support
• Blockchain Smart Tax (from $25/year) — all cost basis methods free on every plan, automatic wallet discovery across 550+ chains, spam filtering, free during beta with 10,000 transactions

Start your free import — 10,000 transactions included during beta →