French Tax Agent Sold Crypto Holder Data for €800; Appeal Denied
A French tax official used the ‘Mira’ database to sell crypto investor home addresses to violent criminals for €800, confirming the physical security risks of centralized wealth registries.
The ultimate security vulnerability in 2026 isn’t a smart contract bug or a compromised private key. It’s a civil servant with a login. On Jan. 6, the Paris Court of Appeal denied the release of Ghalia C., a tax agent from the Bobigny (Seine-Saint-Denis) office charged with selling confidential citizen dossiers to violent criminals.
Prosecutors revealed that Ghalia C. utilized the “Mira” tax database to compile unauthorized profiles on “cryptocurrency specialists,” prison guards, and high-net-worth individuals, including billionaire Vincent Bolloré. In one confirmed instance, she sold a target’s home address and family details for just €800. The buyers subsequently executed a home invasion on a prison officer in Montreuil, assaulting him in front of his family.
The $5 Wrench Attack Goes Institutional
While the market focuses on Bitcoin’s struggle to reclaim $91,000 (-1.2% 24h), the physical threat vector has shifted from random social engineering to systemic institutional betrayal. The Ghalia C. case confirms that “air-gapped” cold storage is defenseless against state-level data leaks. The 32-year-old agent accepted payments via Western Union to facilitate what the General Inspectorate of the National Police (IGPN) describes as the “uberization” of file trafficking.
“The newest vector isn’t Telegram doxxing or compromised exchanges. It’s privileged access to state identity systems that map names to addresses, phone numbers, and family structures with a single query.”
State Databases: The New Honeypot
This internal breach arrives as France implements its controversial 2026 “Unproductive Wealth” Tax (Impôt sur la Fortune Improductive), which classifies crypto assets alongside yachts and fine art. The legislation, which narrowly passed the National Assembly in late 2025, mandates that the government maintain a centralized registry of all digital asset holdings exceeding €2 million.
Security researchers have long warned that such registries create a “shopping list” for organized crime. The IGPN reported 93 investigations for professional secrecy violations and 76 for database diversion in 2024 alone, signaling that the Ghalia C. incident is a statistical inevitability rather than an anomaly. While the French government issued an August 2025 decree removing crypto executives’ home addresses from the public RCS commercial registry, the tax administration retains full visibility, and as the Bobigny case proves, that data is for sale.
