The Stichting Illusion: Why MiCA Enforcement Exposed Knaken's Structural Fraud
IvyWolf
On June 14, 2025, the Dutch cryptocurrency exchange Knaken collapsed into insolvency. The official reason: failure to obtain a license under the EU's Markets in Crypto-Assets (MiCA) framework. But the real story is far more damning. Within days, the Dutch prosecutor's office and the FIOD (Fiscal Information and Investigation Service) raided the company's premises. The charge was not just non-compliance—it was the disappearance of customer funds. An estimated €7.4 million, belonging to 30,000 users, had evaporated. And at the center of this disaster lies a piece of legal engineering that many in the industry treat as a gold standard: the Stichting structure.
Knaken operated as a Stichting Knaken Payments, a Dutch legal entity designed to hold client assets separately from the company's operational funds. On paper, this is the classic compliance solution for centralized exchanges in the Netherlands. It promises isolation, segregation, and protection in the event of bankruptcy. But the reality, as we now see, was a facade. The Stichting was never funded. The customer assets were never truly transferred into that independent legal wrapper. They remained commingled with the exchange's own treasury—available for management to spend, lend, or lose.
This is not a failure of technology. It is a failure of governance. And it is precisely the kind of failure that the MiCA regulation was designed to prevent. The law requires that customer crypto assets be held in a trust or equivalent structure, with clear accounting and proof of reserves. Knaken's inability to pass that test—despite years of operation—should have been a red flag long before the regulator stepped in. Instead, the market assumed that the legal formality of registering a Stichting was sufficient. It is not. A legal wrapper does not replace a cryptographic guarantee.
From my experience auditing the Ethereum congestion during CryptoKitties in 2017, I learned that the strongest systems are those where control is mathematically enforced, not legally promised. That incident taught me that gas spikes and smart contract inefficiencies could bring a network to its knees. But those were technical issues, solvable with better code. The Knaken collapse is different. It is a human and institutional failure—a decision by management to treat customer deposits as their own working capital.
When the FTX collapse hit in 2022, I argued in my essay “The End of Centralized Counterparties” that the lesson was simple: trust must be replaced by code. But the market did not learn. It created new legal structures—Stichtings, trusts, custodial accounts—and pretended they were equivalent to self-custody. They are not. A Stichting is a piece of paper. It has no private keys. It cannot sign a transaction. It cannot prove that assets exist unless a real, independent auditor walks through the door and verifies on-chain balances.
Here is the core insight that most analysts miss: the problem with Knaken was not that they lacked a compliant entity. They had the entity. The problem was that they never used it. The Stichting was a shell—a compliance theater piece designed to pass a superficial regulatory check. And because no regulator (until MiCA) demanded actual proof that the Stichting held the assets, the fraud continued for years.
This is where the empirical data tells the story. Knaken had been operating since 2019, well after the Dutch regulator AFM began warning about unlicensed exchanges. In 2023, the AFM fined OKX €1.5 million for offering services without a license. The signal was clear. Yet Knaken never applied. Why? Because to apply, they would have had to demonstrate that their Stichting actually held the required capital and client assets. They could not. So they avoided the application altogether, hoping to operate in a gray zone until the inevitable MiCA deadline forced them out.
The market misinterpreted this as a slow-moving regulatory process. Instead, it was a slow-motion insolvency. Every day Knaken operated without a license, it was running a deficit of trust. The final trigger was MiCA's full enforcement in June 2025. The Dutch authorities had the legal power to act. And they did.
Now, the contrarian angle: Many in crypto argue that regulation stifles innovation and that MiCA is a burdensome compliance machine. But the Knaken case proves the opposite. Regulation, when properly enforced, is the only mechanism that forces transparency in a system that is otherwise opaque. The problem is not too much regulation—it is too little enforcement. If the AFM had audited Knaken's Stichting in 2021, the scam would have been stopped earlier, and 30,000 users would not be waiting years for a fraction of their funds back.
The real blind spot is the belief that registering a legal entity is equivalent to building a secure system. It is not. A secure system requires either cryptographic proof of reserves—like a Merkle tree audit—or complete self-custody. There is no middle ground. The Stichting model is the middle ground, and it has failed.
Let's look at the numbers. Knaken claimed 30,000 clients. At €7.4 million missing, that's an average of €247 per user. For many, this was their entire crypto portfolio. The exchange's website, now offline, boasted 'safety through regulation.' That is now a dark joke. The compensation scheme announced by the administrators covers only euro balances, not crypto. So users holding Bitcoin or Ethereum on Knaken will likely receive nothing or a fraction in fiat after a long legal battle.
What happens next? The domino effect is already visible. Other Dutch and European exchanges without a clear MiCA license are scrambling to either close or merge with licensed entities. The market is consolidating around Coinbase, Bitstamp, and a handful of compliant players. But even they are not safe. A Stichting structure does not prevent a future Knaken-style collapse unless accompanied by regular, verifiable proof-of-reserves.
From my work in 2026 piloting AI-agent on-chain payments, I saw firsthand that decentralized payment rails eliminate this entire class of risk. In that project, we designed a system where AI agents could execute micro-transactions without any intermediary holding custody. The result was zero counterparty risk. The same principle applies to retail exchanges: if the platform cannot prove it lacks access to your funds, it is not safe.
Code is law until the economy breaks it. In Knaken's case, the economy—the collapse of their balance sheet—broke the legal fiction. The law said assets should be separated. The economy said they were not. And the law failed to enforce until it was too late.
Compliance is not a badge; it is a liability shield. And a Stichting is not a safety deposit box. The next time you choose an exchange, ask not for its legal structure. Ask for its on-chain proof-of-reserves. If they cannot provide it, walk away. Self-custody your assets. The cost of failure is now known: €7.4 million and counting.