DAC8.com
Manifesto
Why we refuse DAC8 and the mass surveillance of crypto holders.
Our mission at Bull Bitcoin is to destroy central banking, defund the socialist state, and end fiat slavery once and for all. This is the most outrageously difficult objective we could possibly have set ourselves. Yet we must succeed. And by the grace of God, we will succeed, because our cause is a just cause.
To achieve a global financial revolution of this scale, we need to set the stage for a transition. We need to put in place the conditions necessary for our movement to flourish and to grow. We need to recruit an army of sovereign individuals to oppose the fiat regimes, not with violence, but by peacefully opting out.
If enough of us withdraw our consent from monetary debasement, the fiat house of cards will collapse.
We need about 3% of the global population to become sovereign individuals and not only hold Bitcoin, but use Bitcoin as a medium of exchange. Merchants need to accept Bitcoin, to pay their staff with Bitcoin. Financial contracts need to be denominated and settled in Bitcoin. People need to trade commodities in Bitcoin, and those commodities need to be delivered in a supply chain where all the participants are also paid with Bitcoin.
This requires Bitcoin to have an extremely high degree of liquidity and saleability. This requires the price of Bitcoin to go up and millions of people and corporations to hold Bitcoin in self-custody. This requires public marketplaces with deep order books, where transactions between traders are settled with high velocity. This requires these platforms to be able to send and receive hundreds of billions of dollars in bank transfers. This requires brokers like Bull Bitcoin to provide access to this liquidity to their retail and corporate clients.
In other words, this requires our industry to keep interfacing with the legacy fiat banking system until we reach a tipping point where we have established a global circular Bitcoin economy. Then, and only then, will the fiat system collapse.
To do this, our industry has made a compromise. And this compromise is called KYC.
KYC is not evil in and of itself. When we get clients at Bull Bitcoin that send us a bank transfer, we want to make sure that that's not a fraudulent transfer. We want to make sure that our clients are not being defrauded. We have private interests in knowing who we're doing business with.
We do not want to do business with Islamic terrorists who slaughter our people in the streets of Europe. We do not want to make life easy for rape gangs and child traffickers who turn our women into sex slaves. We don't want to facilitate the life of hackers, fraudsters, and scammers who steal the life savings of our elderly people.
And as such, even if KYC was not legally mandated, we probably would do it. But of course, it is mandated. It's not an internal business procedure that we voluntarily employ. Nearly every crypto company in the entire world is mandated by law to identify their clients, to keep records of their transactions, keep their personal information, investigate suspicious transactions, and report them.
As cypherpunks, how can we possibly reconcile the fact that we need to deanonymize our users in order to give them access to a currency which was created specifically to give them privacy?
At BULL, we are extremely conscious that we are mandated by law to maintain a honeypot of extremely sensitive private information. In practice, we do everything we can to make sure that this data stays within the walled gardens of our system. Even as a non-custodial exchange, the cybersecurity practices that we have in place to maintain and secure personal data are as strict as if we were storing people's private keys.
In most countries, including in the European Union, the operating principle is that you need to report transactions which, after investigation, you have assessed are likely to be associated with terrorism or money laundering. And of course, if there is an investigation and we receive a lawful request from a competent and authoritative judicial source to hand over specific information of a client or a transaction, we will comply.
Other than that, most of the clients' data actually stays within our system. Most people believe that every time you buy Bitcoin on an exchange, it automatically ends up in a big government database. That's simply not true.
As a hardcore free-market capitalist and an advocate for liberty, I deplore any type of regulation whatsoever. But I'll be honest with you: I sleep at night knowing that Bull Bitcoin is a KYC exchange because of the legal and regulatory frameworks we operate within, the technologies we have developed, the open-source software we create to prevent data leakage, and the policies, procedures, and philosophies we have. As a result, the risk of our clients' KYC data leaking is highly mitigated.
However, all of this is about to change.
We are facing an unprecedented threat, not only to the cypherpunk principles of Bitcoin, but also to the very lives of our clients. The delicate balance that we have reached with the state has been shattered.
In 2021, at the peak of the COVID tyranny, the G20 countries got together and decided that Bitcoin was an existential threat to global public financing mechanisms. And as a result, they mandated the OECD to find a solution to this problem. That solution is called the Crypto-Asset Reporting Framework, or CARF.
Just a few months after the OECD published CARF, 60 countries in the world pledged to implement it. And of course, the European Union was more than happy to immediately jump on it. And they created a proposal called DAC8, which has since then been implemented in all EU member states.
Nobody asked for this. Nobody voted for this. I cannot think of a better example of a globalist bureaucratic conspiracy against the sovereign individual.
DAC8 turns every single crypto service provider into a data collection, aggregation, and transmission platform, sending all users' data directly to the tax authorities by integrating that data into the EU's Automatic Information Exchange program.
Exchanges report all of these users' transaction activity to their own tax authority, along with their personal information. The national tax authorities aggregate all this information from all the crypto service providers into one big database.
Not only that, the member states share their databases with each other, in effect creating a global crypto honeypot of extremely sensitive personal information.
And crypto service providers are no longer just apps and businesses that provide value to their customers, but they are an extension of the surveillance infrastructure of the EU's tax authorities.
There are many reasons to be concerned about a program where the government creates a database containing a list of specifically identified people, along with their personal information, wealth data, and financial habits, even if we were to assume for a second that this data was going to be kept secure.
But of course, it will not be kept secure.
In fact, all the evidence that I have reviewed has made me conclude that it is nearly inevitable that, on a long enough timeline, this data will end up in the hands of criminal organizations, terrorist groups, adversary states, and private corporations that will surely seek to monetize it for their own ends.
The sheer scale of these data leaks, and the rate at which they are growing, has become comically absurd. Millions of user records are leaked each month in France alone. We're talking about hundreds of millions of user records leaked throughout Europe over the last few years.
There is a data breach from a top-tier institution, such as a government, financial institution, or insurance provider, every five weeks. Hundreds of millions of people are affected by this in Europe.
Bull Bitcoin is headquartered in France. I am French. A quarter of our team is French. French is our second language at Bull Bitcoin. As it turns out, France has become the world's most dangerous place to be associated with crypto.
In France, there was a tax official who sold the data of taxpayers to criminal organizations, specifically for them to be targeted for kidnappings, and there were victims as a result. Recently, 1.2 million bank records were also leaked from France's national bank account database, which is run by the tax authority.
And there have been 47 attacks on crypto holders recorded in France this year as of 25 April. That's one violent attack on a French crypto holder every two and a half days.
82% of all physical attacks on crypto holders happened in Europe, and 70% in France. In 2025, the number of attacks on crypto holders increased by 75%; in the first quarter of 2026, it increased by another 50%.
We project that by the end of the year, there will be as many as 150 to 180 victims of violent attacks in France. And in half of those cases, it is not the crypto holder who is kidnapped, but their friends and family.
These are not just statistics. Many of us Bitcoin professionals personally know someone who has been a victim of a violent crypto attack. Some of my friends fear for their lives in Europe and have consequently fled Europe to save their families. So, for me, this is very personal.
With the arrival of DAC8 and the creation of a centralized database which contains not only people's personal addresses, but also their wealth and financial habits, these attacks will become far worse. I don't exaggerate when I say that if these databases are breached, and they are likely to be breached, it will be catastrophic, and people will get kidnapped and murdered as a result.
DAC8 has transformed the concept of Know Your Customer into Kill Your Customer.
When I first heard about DAC8 and CARF, I didn't actually believe it was real. It goes against every principle of decency, proportionality, and common sense that I hold dear. And what's worse is, when I started to talk about DAC8 to crypto industry leaders in 2023, I realized that nobody knew what the hell I was talking about. DAC8 was introduced as a technical improvement and not as a major shift in policy. Certainly not with the consent of the people, and certainly not in consultation with our industry.
And other than a few private conversations, there has been no attempt by any crypto leaders to oppose it. There has been no protest. No group, activist, or civil rights organization has done anything about this.
Our industry has become conditioned to blind compliance. We have resigned ourselves to accepting the growing severity of these dangerous and disproportionate regulations as inevitable.
If we allow the globalists to establish a mass-surveillance program that puts crypto users at risk, and we do not oppose them, we are sending them a message that is very clear: their power over us truly is unlimited.
Every free and democratic society rests upon the idea that there is a distinction between what is private and what is public. And in fact, I would argue that it is at the core of European civilization.
To protect private matters, the ancient Greeks had the concept of polis, the public place for debate and ideas. And they knew that this could not exist without the oikos, which is the private domain of the home, where the individual can retreat away from public scrutiny and simply be himself. The Romans codified this into law with res publica versus res privata, outlawing violations of the private domain of the home.
Today, the modern cypherpunks are the last vanguard, the last bastion, that is keeping these ancient European principles alive. In the words of Eric Hughes, "Privacy is necessary for an open society in the electronic age." Privacy is the power to selectively reveal oneself to the world.
Bitcoin is at the center of a spiritual war between the forces of corruption and the forces of liberation. The choices that we make today will shape what the future will look like in 100 years. And whether our descendants live in a totalitarian dystopia or usher in a new era of prosperity and freedom depends on our willingness to resist today. That is why I have dedicated my life to building infrastructure for Bitcoin.
We cannot let a bunch of faceless bureaucrats shatter the very foundations of our civilization. We must draw a line in the sand and refuse to cede any more territory before we have nothing left. Someone must take a stand, and it appears that no one is willing and able to do so. Therefore, it falls to BULL to lead this fight.
To that effect, earlier this year, we launched the first phase of our legal action against the mass-surveillance mechanism known as DAC8 by filing a summary petition against the French government. Let me be clear: we are seeking the outright annulment of DAC8 in France.
This is not a frivolous lawsuit. This is not a symbolic gesture. It's a very serious project. It's a legal case that's grounded in law, that's handled by experienced legal professionals. We intend to win. We will employ every legal mechanism at our disposal to prevent our users from suffering irreparable harm.
We seek the admission by the French government that DAC8 violates fundamental human rights. We seek the establishment of a judicial precedent on the proportionality of automated mass financial-data collection that we hope will serve as a basis for European case law.
A successful outcome in France will serve as a blueprint for other European actors seeking to overturn DAC8 in their respective countries, thereby igniting a coordinated European resistance against disproportionate mass collection.
BULL is financing these legal proceedings out of pocket. We're not looking to establish an industry lobby, or a committee, or a group. We are just going to do it.
We are opening a first front in France, and if need be, we will challenge DAC8 in front of the European Court of Justice and the French constitutional court.
We might succeed, or we might fail. But the only thing I can guarantee you is that we will never give up.
Francis Pouliot, founder of Bull Bitcoin