The Stichting That Held Nothing: How MiCA Enforcement Exposed the Hollow Core of a Dutch Exchange
StackSignal
On June 24, 2025, a Dutch court declared Stichting Knaken Payments insolvent. The independent trustee’s first discovery was immediate: the legal entity designed to segregate client assets held less than 0.1% of the claimed user deposits. Code doesn’t lie. There was no on-chain evidence of any segregated cold wallets tied to that Stichting. The 30,000 customers who trusted the legal structure were left staring at an empty bank account. The 8 million USD in missing crypto wasn’t stolen by a hacker. It was never there.
MiCA was supposed to bring order to Europe’s crypto markets. For Knaken, it brought the end. The exchange operated since 2019 without ever securing a license from the Dutch Authority for the Financial Markets (AFM). When the Markets in Crypto-Assets regulation required all EU-based exchanges to register by 2023, Knaken ignored the deadline. AFM issued warnings. Knaken’s legal team responded by creating a “Stichting” – a Dutch foundation that legally separates client funds from the company’s own assets. On paper, it checked the box. In practice, the Stichting had no real control. The funds flowed through a single corporate bank account shared with operational expenses. When AFM finally forced the issue in early 2025, Knaken applied for a license, but the regulator’s investigation revealed the gap. The FIOD raid in March uncovered the truth: the Stichting was a shell. The bankruptcy filing was inevitable.
From auditing over fifty ICO contracts in 2017, I learned that legal structures are only as strong as the data backing them. Knaken’s Stichting is a classic case of security theater – a legal facade without cryptographic proof. The exchange never published a proof-of-reserves. It never submitted to a third-party audit of its cold wallet addresses. The Merkle tree approach, standard for transparent exchanges, wasn’t even attempted. The Stichting’s bank statements showed deposits from thousands of customers, but the corresponding outflows to exchange wallets were unaccounted for. A simple on-chain trace would have revealed that the Stichting’s Ethereum address held a single transaction of 0.01 ETH – a dusting attack, not a custody wallet. The forensic reconstruction tells a clear story: management treated customer deposits as company capital, using them for market making, covering operating losses, and possibly for personal withdrawals. The Stichting was a headline, not a safeguard.
The contrarian angle here is that MiCA didn’t kill Knaken. The regulation only exposed the fragility of a business model built on trust without verification. Many in the crypto community see MiCA as an overreach, a bureaucratic burden that stifles innovation. But Knaken’s collapse proves the opposite: regulation provided the exit door for a house of cards that was already collapsing. The real danger isn’t compliance costs; it’s the belief that a legal entity can substitute for technical asset segregation. Every exchange operator reading this should ask: Does my Stichting have a verifiable on-chain address? Can a third party audit that address against my customer liability ledger? If the answer is no, the outcome is already written.
The takeaway for the EU crypto ecosystem is stark. The next dominoes are already teetering. Every exchange without real proof of reserves – a Merkle tree, a zk-proof, or a publicly audited cold wallet – will face the same reckoning as Knaken. The window for compliance is closing. AFM has signaled it will not hesitate to liquidate. Don’t trust the legal fine print. Code doesn’t lie – but the code must be auditable. Ask your exchange for the Merkle root. If they can’t provide it, you’re already holding the same empty bag as the 30,000 users of Knaken.