New UK crypto tax rules have taken effect, requiring exchanges to share user data with tax authoriti

UK Implements CARF Crypto Tax Rules—Privacy Fears Grow as 'Wrench Attacks' Rise

The UK has flipped the switch on CARF. New rules now require crypto service providers to hand over user details—IDs and full transaction records—to tax authorities, with automatic data sharing across 70+ countries starting in 2027. Regulators say it's about catching tax cheats. Critics warn it's creating a "target list."

Policy expert Freddie New flags the risk: if databases leak, wealthy crypto holders become marked. France saw a spike in kidnappings and violent extortion after a similar regime, with even tax officials allegedly leaking data. The "wrench attack"—using physical force to force transfers—is becoming a buzzword. Bitcoin's irreversibility means once it's gone, it's gone. Chainalysis says 2025 could see record violent crypto crimes, correlated with BTC's price.

CARF is OECD-backed, G20-endorsed, and now embedded across Europe via DAC8. That global coordination makes it hard for any one country to go its own way—but also means risks aren't contained by borders. Dion Seymour notes the framework is powerful, but so are its potential downsides.

The next big question: how to tighten oversight without turning users into targets.