Cyber Security

Bull Bitcoin Files Landmark Legal Challenge to Annul France’s DAC8 Crypto Data Surveillance Rules

The Bull Bitcoin exchange, recently licensed under MiCA, is challenging a European order in French courts establishing a mass surveillance database, putting millions of crypto users at risk.

Bull Bitcoin, the world’s oldest Bitcoin and non-custodial exchange, recently licensed under MiCA by the French financial market regulator AMF, has filed a legal challenge before the Conseil d’État, France’s highest administrative court. The challenge aims to overturn Decree No. 2025-1276, the main measure that transposes the European DAC8 directive into French law, on the grounds that it creates a large surveillance grid and a database of institutions that cannot be protected from data leakage and hacking, ultimately putting citizens at risk of kidnapping and physical harm.

Alongside the legal action, the company is making dac8.com public: “a comprehensive, fully accessible resource for citizens, journalists and policymakers,” according to a press release shared with Bitcoin Magazine.

In recent years, there has been an alarming increase in kidnappings and physical attacks on crypto users, mostly in Europe, with France being a hotbed. Organized crime appears to be exploiting poor data reporting laws for law-abiding crypto users who, by paying taxes, disclose their ownership of crypto assets. Given that Bitcoin and other cryptocurrencies are irreversible and can be transferred internationally easily, criminals prey on crypto users. France had the second physical attack on crypto users after the USA, which has the largest population, according to Gart, a company dedicated to protecting users from this growing threat.

Top figures in the Bitcoin and broader crypto industry have been targeted in recent years, such as Binance France CEO David Prinçay and Ledger founder David Balland, who lost a finger during the incident, among many others. Jameson Lopp, the founder of Casa, a highly secure Bitcoin and Ethereum wallet company, has compiled years of ‘wrench attack’ data in a GitHub database that shows the rapid trend of attacks.

Bull Bitcoin argues in its legal challenge to DAC8 that the continued strengthening and sharing of crypto user data will further this trend of physical attacks. However, they also argue that these personal protection risks created by DAC8 also work against the stated objectives of the regulations. They argue that users will simply find legal alternatives to centralized, regulated exchanges, opting to buy goods off-grid through peer-to-peer exchanges, local mining or other unregulated offshore methods, making tax collection even more difficult.

User Data Honey Pots

DAC8 responds to the natural incentive that the company has to protect its users’ data into an important international database with multiple entry points, which Internet security experts have long called a honeypot. Bull Bitcoin points out that crypto-asset service providers (CASPs) regulated under MiCA, DORA and GDPR are supervised, licensed professionals with a financial incentive to protect their clients. DAC8, on the other hand, does the opposite: it moves data to management reporting networks where access is wide, and accountability is difficult for users to check. The security of it all – Bull Bitcoin concludes — is only as strong as its weakest link.

The history of data security over the past decades shows that collecting user data and keeping it safe over time is very difficult. Just this year, the French National Agency for Secure Credentials (ANTS, also known as France Titres) had a major breach discovered on April 15, 2026, exposing data from up to 11.7–19 million accounts. Compromised information includes login IDs, full names, email addresses, birthdays, account identifiers, and, in some cases, mailing addresses, places of birth, and phone numbers.

In recent months, the French National Bank’s account registry has also suffered a major hack, exposing data tied to nearly 1.2 million accounts. Compromised information included IBANs, account holder names, addresses, and, in some cases, tax identification numbers, although officials said the attacker was unable to view balances or perform transactions.

In the United States, the situation is not much better. The Equifax Data Breach in 2017 affected 147 million Americans, and the National Public Data Breach of 2024 affected over 200 million Americans, resulting in the leak of social security numbers among other sensitive information. And back in 2015, the US Government’s Office of Personnel Management was also breached, putting US Government officials at risk. The stolen data includes everything from social security numbers to medical records.

The list of such violations is long, and the only logical conclusion we can find is that the less user information that ends up being included in these honeypots, the better, since in the end all these hacks put citizens at risk of physical attacks or from fraud related to the theft of information.

Frontline Families

Of the many stories identified by Bull Bitcoin and written on the DAC8 website, the most frightening may be how even people who have not bought crypto can end up being harmed by this data collection, just by having a family meeting with someone who uses Bitcoiner or crypto.

Citing data from Certik, Bull Bitcoin highlights that more than half of the incidents of violence recorded in 2026 against crypto holders targeted a family member – spouse, child, elderly parent – as a direct victim or as a factor pressuring the owner of the key. In the article, Bull Bitcoin property says “So DAC8 exposes not only the owners of crypto-assets, but their entire immediate family: between 40 and 135 million Europeans fall into a physical danger zone, without any of them admitting it.”

Francis Pouliot, the CEO of Bull Bitcoin considers this strengthening of the privacy of Euroeans as something that could be a disaster for the prosperity of the continent, he did not say anything in the press release that “DAC8 has changed the concept of Know Your Customer into Kill Your Customer.” He added, “We will not allow the foundations of civilization to be destroyed by this invasion of privacy rights. We must draw a line in the sand and refuse to leave another place before we are left with nothing. Someone must take a stand. It seems that no one else is willing and able to do so. Therefore, it falls to BULL to lead this fight.”

DAC8.com is rich in facts, statistics, official sources (EUR-Lex, OECD, Legifrance) and analysis, in French, English and other European languages ​​for those who like to review and use them freely.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button