One of the biggest fears of cryptocurrency traders is losing control of their personal information. And that fear has become a reality for QuadrigaCX former users.

Ernst & Young, the trustee overseeing the bankruptcy case for the failed Canadian crypto exchange, will be turning over all of Quadriga’s user info and data to the country’s tax collector.

In its sixth report of the trustee posted Tuesday, EY said the Canadian Revenue Authority, or CRA, asked it to hand over information about the failed crypto exchange. In response, the accounting firm wants to send over a mountain of data, which has a lot of Quadriga user data mixed in. And it is seeking an order from the court authorizing it to do so. (The exchange estimated it had 115,000 affected users at the time of its collapse in January 2019.*)

We’ve known this was coming. In August 2019, the CRA sent a letter to EY saying it wanted Quadriga’s records from Oct. 1, 2015, to Sept. 30, 2018. The CRA’s request for documents and information is “significant,” the trustee said at the time. (See the third report of the trustee.)

The long list of requests

Following that, on Feb. 26, the CRA sent EY a seven-page production demand letter. The list of requests includes financial records and documents for tax years ended in 2016 to 2018, corporate legal records, and things like the platform’s raw database, files of AWS accounts, wallet addresses, fiat transaction records from payment processors, and so on

As this is coming from the taxman, EY is obligated to comply. But since it doesn’t have most of the info that the CRA is asking for (Quadriga kept no books), it simply plans to forward a copy of the full EDiscovery Database, redacted only for privilege. The database contains 750,000 individual documents.

In a letter, posted on its website Thursday, Miller Thomson, the law firm representing Quadriga’s creditors, said that it would not oppose the move. At this point, it wants to minimize costs and make sure funds get distributed to the exchange’s users as soon as possible.**

Personal information

The problem for Quadriga’s users though is that a lot of their personal information is mixed in with those documents in the database. What can they do about it? Not a lot.

On Sept. 17, 2019, when EY was granted an order from the Ontario Superior Court of Justice that would make it easier for them to comply with requests for information from law enforcement, regulators and tax authorities, it also got authorization to produce:

“…material, documents or data that contain any personal information including information related to Affective Users notwithstanding any previous orders of the Nova Scotia Court with respect to confidentiality of Affected User information, as defined in the Representative Counsel Appointment Order dated February 28, 2019…” [Link to order added.]

That order allowed EY to heap all of its Quadriga documents into a single giant database called the EDiscovery Database, and share that entire database with authorities every time they put in a request. This was a lot easier than tailoring each response individually. But it came at the price of giving out personal data about the exchange’s users.

Now what?

According to Miller Thomson, the cost of trying to fight the CRA’s request would be between CA$50,000 and CA$100,000, notwithstanding the cost of EY and its lawyers.

Alternatively, the law firm could redact or pull anything considered private. But that could potentially come at an even bigger cost because it would require manually going through every single document in the massive database. (And as we know, EY has already spent roughly CA$637,000 compiling that database and responding to legal requests in the second half of 2019.)

Still, Quadriga users aren’t happy. Magdalena Gronowska, one member of the official committee that represents Quadriga creditors, wrote in a Twitter thread on Thursday that the CRA’s request is “an unprecedented affront” to individual privacy. She thinks they are just going on a fishing expedition.

Important 📢 to the #Bitcoin #crypto industry & community In an unprecedented affront to individual #privacy, the Canada Revenue Agency has demanded ALL #QuadrigaCX customer data This may set precedents for privacy & 🎣 expeditions, & impact how #crypto companies operate in 🇨🇦 — Mags (@Crypto_Mags) March 26, 2020

Why is the CRA doing this?

After allowing Quadriga to operate for years with no oversight, the CRA has suddenly decided that it wants to audit the exchange. That’s a problem given that Quadriga maintained no traditional books or accounting records since 2016, and it did not file returns. Most years, Gerald Cotten, the exchange’s now-deceased founder, neglected to even file a personal tax return. When he did file, he claimed no income from Quadriga.

I don’t know what the CRA plans to do with all of this information. Are they planning to find out how much Quadriga should have paid them? Most of that money is long gone, thanks to the massive fraud that took place on the exchange after 2016. And if the CRA wants to make sure that Quadriga’s users pay taxes on any money they get back, there are certainly easier ways to get that information.

Read my full Quadriga timeline here.

* An early affidavit estimated that the exchange had 115,000 affected users when it collapsed. But, in its trustee’s preliminary report, published in May 2019, EY said it anticipated receiving omnibus claims from 76,319 affected users.

**Roughly CA$215 million of user funds (crypto and fiat) was on the exchange at the time it shuttered. EY has so far only recovered about CA$45 million—if you count the CA$12 million that should come from selling properties that Cotten and his wife accumulated after 2016. (See my earlier story in Decrypt and the fourth report of the trustee.)