QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
UNKNOWN
JANUARY 2022
UNITED STATES
TOKEN TAX
DESCRIPTION OF EVENTS
"TokenTax’s first version was created by co-founder Alex Miles back in 2017. This initial product imported data directly from Coinbase, and it won the Product Hunt Global Hackathon. Soon after, co-founder Zac McClure joined. Before starting TokenTax, Alex worked as a product designer for Readmill and Dropbox. Zac worked in impact capital, nonprofit corporate and legal structuring, investment banking, and as a mathematics teacher.
In 2019, TokenTax acquired Crypto CPAs, a cryptocurrency tax accounting firm led by CPA Andrew Perlin.
Now, TokenTax calculates cryptocurrency taxes and provides tax and accounting services for thousands of crypto investors around the world."
"Crypto taxes can be complex. But they don’t have to be painful. We‘re crypto tax calculation software, but we’re also a full-service crypto tax accounting firm."
"Crypto tax software + Crypto tax experts. When technology and human expertise combine, even the most sophisticated crypto tax cases can be stress free."
"People don’t love taxes. But they do love us."
"Big or small, we’ve seen it all. Our team has the experience to support every exchange or wallet and tackle crypto tax situations that range from HODLers to hedge funds."
"We offer advanced cryptocurrency reconciliation services. That means we can analyze your transaction history to backfill missing or incorrect data."
"I recently got hacked through my exchange API key linked to a popular tax service, all my funds were drained overnight. I somehow had transfers enabled on the API key which was my goof, but the fact of the matter is that the tax service seems to have lost control over their API keys or it was an inside job.
The API key had been copied from exchange and pasted into tax service on a clean corporate computer, and was never documented anywhere else. The exchange account was also highly secure (google auth, unique and regularly rolled password, clean devices), and there is no chance this was an issue with the exchange itself. This was a 100% verifiable loss of funds due to a compromised API key deriving from the tax service itself, whether through an inside job or through a leak.
I'm trying to connect with other victims as we may have stronger possibility of winning a case against the service if we can work together. There is strong evidence of another affected user. Please DM or comment if you were affected!! Even folks with read only keys may also be at risk of their data leaking from this site if this is confirmed.
Thanks for reading, also please don't disparage me for having the wrong permissions enabled in the first place, I know I already done goofed and I feel terrible about it.
Ps: I'm not naming the tax service for now as there is no reason to yet and I don't want to get hit with a stupid libel suit in the meantime."
"Major US exchange, I've generated keys for other tax software before and used read only. For some reason all three permissions were enabled on this key, but it is extremely unusual as I never would have done this. It was in 2020 so maybe my brain was fried and I just made a mistake."
"Yeah I've worked directly with the investigations team and we determined that it was the key and that apparently it had those permissions set from creation. I was really baffled when I heard that because I know way better than to do this and given I've set things up properly before it just feels unlikely.
Are you aware of any possibilities that a hacker could somehow change permissions to a key after it was created? I've been told there isn't. Also there was zero evidence that anyone actually got into the account."
"The CEO asked me to call him directly and was extremally dismissive and refuses to commit to investigating anything. He made claims that they "prevent API keys with the wrong permissions from being added in the first place", which isn't true. All he would say is "we haven't seen anyone access your key or anything else". It really feels like he isn't taking it seriously that this has wide implications to his overall customer base."
Reddit user SPT0615-JD accidentally provided his token tax software with a full authorization to transfer assets from his exchange account, rather than a view-only access key. This key was later breached and used to withdraw funds from his exchange account. Neither the exchange nor the amount lost are mentioned. It does not appear he was able to recover any funds.
Tradegrow comments on [deleted by user] (Oct 3)
[deleted by user] : CryptoCurrency (May 29)
Popular crypto tax service appears to have lost control of my exchange API key, resulting in hacked account. Anyone else recently experience this? Seeking other to connect with other victims. : CryptoCurrency (May 29)
SPT0615-JD comments on Popular crypto tax service appears to have lost control of my exchange API key, resulting in hacked account. Anyone else recently experience this? Seeking other to connect with other victims. (May 29)
SPT0615-JD comments on Popular crypto tax service appears to have lost control of my exchange API key, resulting in hacked account. Anyone else recently experience this? Seeking other to connect with other victims. (May 29)
SPT0615-JD comments on Popular crypto tax service appears to have lost control of my exchange API key, resulting in hacked account. Anyone else recently experience this? Seeking other to connect with other victims. (May 29)
TokenTax | Crypto Tax Software and Accounting (Jun 1)
About Us - TokenTax (Jun 1)
