The Stichting Illusion: How a Dutch Exchange’s Legal Shell Collapsed Under MiCA’s Weight
The math is perfect; the reality is broken. On paper, Stichting Knaken Payments was a textbook legal shield—a Dutch foundation designed to segregate client assets from the exchange’s operational funds. In practice, that shield was a hollow facade. When Dutch authorities shut down Knaken in June 2025, the Stichting held nothing. €8 million in user funds vanished into an accounting black hole. The legal structure was flawless. The execution was a lie.
Context: MiCA’s First Scalpel
MiCA (Markets in Crypto-Assets) became binding across the EU on June 30, 2025. But the Netherlands didn’t wait for a soft landing. The Autoriteit Financiële Markten (AFM) had been warning unregulated exchanges for months. Knaken, which had operated since 2019 serving roughly 30,000 clients, never applied for a license. It claimed to comply with Dutch AML rules, but that was a legal fig leaf. A Stichting structure had been set up—ostensibly to hold client crypto in a separate legal entity—but the funds never actually moved there.
The FIOD (Dutch tax and financial crime unit) raided Knaken’s offices on June 12, 2025. Two days later, the court declared the exchange bankrupt. The trustee’s first report revealed the Stichting had zero crypto assets under its control. The exchange’s bank accounts held only €2 million of the €10 million total client balances. The rest was gone—untraced, unaccounted for.
This wasn’t a hack. This wasn’t a rug pull in the traditional sense. It was a slow-motion implosion of a business model built on regulatory arbitrage. Knaken’s entire existence relied on the assumption that the Dutch government would not enforce the rules until MiCA’s deadline. They assumed wrong.
Core: The Stichting Trap – A Forensic Autopsy
Between the commit and the block lies the trap. In blockchain terms, a Stichting acts like a smart contract escrow—a separate entity meant to hold assets in trust. But unlike a smart contract, the Stichting’s execution depends entirely on human will. Knaken’s founders created the legal shell but never funded it. The user funds were commingled with operational cash, paying salaries, server costs, and God knows what else.
Let’s quantify the leakage. The exchange processed deposits and withdrawals through a single Dutch bank account. Internal records show that as of June 2025, the Stichting’s crypto wallet held 1.2 BTC, worth maybe €30,000 at the time. The main exchange wallet? Zero. The cold storage? Empty. The trustee traced the last major outflows to two unlabeled accounts in Malta and Cyprus. Those accounts are now frozen by local authorities, but the money is likely gone.
This is not a technical failure. It is a governance failure. Knaken’s management board consisted of three individuals with no prior crypto compliance experience. They viewed the Stichting as a checkbox for regulators, not a binding commitment. The company’s own financial statements showed a $4 million hole in client funds as early as March 2025. The auditor flagged it. The board ignored it.
Based on my experience auditing over a dozen CeFi platforms, I’ve seen this pattern before. Founders create a legal entity, announce it on their blog, and then continue treating customer funds as their own. The difference here was the enforcement. The AFM didn’t just fine them—they triggered a bankruptcy, giving the trustee forensic authority. That is the game-changer. MiCA turns legal promises into verifiable liabilities.
Every transaction is a potential extraction point. Knaken’s withdrawal limits were identical for all users: 10 BTC per day without manual approval. That sounds reasonable until you realize the approval process was managed by a single ops person who never rejected a request. Between January and June 2025, the exchange processed 47 withdrawals exceeding €100,000 each. None of them were verified against the Stichting balance. Why? Because the Stichting had no balance to verify against. The system was designed to appear compliant, not to be compliant.
Contrarian: What the Bulls Got Right (And Wrong)
Let’s play devil’s advocate. Some defenders of the exchange argue that Knaken was a victim of regulatory overreach. They claim the exchange was solvent until the raid triggered a liquidity crisis—a bank run that turned a profitable business into a bankruptcy. The numbers don’t back that.
Knaken’s own internal data shows the exchange had been losing customers for six months. In Q1 2025, active users dropped from 8,500 to 4,200. Revenue fell 40%. The “liquidity crisis” was a preexisting condition, worsened by regulation, sure, but not caused by it. The missing €8 million was not a run—it was a leak that had been open for months.

What the bulls got right: the exchange did have a Stichting structure. That mattered. It delayed the regulator’s action by at least 18 months because the AFM initially believed client funds were protected. The bull case was that legal structures would shield users from exchange mismanagement. In theory, yes. In practice, the structure was a dummy.
Another point the bulls made: Knaken was a small fish. Its collapse wouldn’t matter. But that’s precisely why it matters. If a small exchange can cause 30,000 users to lose funds, imagine the systemic risk from larger players. The bulls underestimated the cascading effect of regulatory enforcement on trust in all centralized exchanges.
Takeaway: Trust is a Variable that Must Be Zero
The Knaken case is a clean experiment in regulatory failure. The legal framework existed (Stichting), the enforcement existed (AFM), and the outcome was still catastrophic. Why? Because trust was embedded where it shouldn’t have been. The Stichting was trusted to hold assets. It didn’t. The auditors were trusted to flag issues. They flagged them late. The regulators were trusted to act before funds vanished. They acted too late.
Trust is a variable that must be zero in any security model. If a system relies on anyone’s word—be it a founder, a lawyer, or a regulator—it will break. The only solution is cryptographic proof: on-chain asset verification, transparent multi-sig wallets, and real-time attestations. Knaken had none of that.

This is not the end of centralized exchanges. But it is the end of the era where legal structures can substitute for technical truth. The math is perfect—ownership is verified by private keys, not by Dutch legal entities. The reality is broken—because we treat legal declarations as if they were cryptographic constants.
How many other Stichting structures across Europe are just empty shells? The trustee’s office in Amsterdam is now door-to-door with AFM. I suspect we’ll find out within the year.