There’s a persistent belief in crypto circles that a VPN is a tax strategy. It isn’t. It’s a routing tool. And routing your traffic through a Dutch server doesn’t change your tax residence, your FBAR obligations, or whether Coinbase sends the IRS your 1099-DA. All it changes is which datacenter your HTTP request passes through before landing on an exchange that already has your passport scan.
Let’s go through what VPNs actually do, what they don’t do, and where the legal exposure gets serious fast.
VPNs Are Legal. That’s Almost Irrelevant.
First, the boring baseline: VPNs are legal in the US, EU, UK, Canada, and most Western jurisdictions. You can run one, run several, and your ISP can’t complain. Businesses use them by default. This is not a gray area.
Where it gets complicated:
- Exchange Terms of Service. Binance.US, Kraken, Coinbase, and virtually every regulated US exchange prohibit using VPNs to bypass their geographic access controls. If you’re a New York resident accessing a platform that doesn’t serve New York, and you do it via VPN, you’ve violated their ToS — regardless of whether you’re breaking a law. The exchange can freeze your account, withhold funds pending KYC review, or close you out entirely. That’s a contract issue, not a criminal one, but the downstream tax consequences (forced sale, inability to access funds, cost basis documentation loss) are very real.
- Jurisdictional KYC mismatch. Kraken applies different KYC/AML tiers based on your declared jurisdiction. If your VPN makes you appear to be in Germany, and you complete verification under German KYC requirements while actually being a US person, you’ve submitted materially misleading information to a regulated financial institution. That’s worth taking seriously.
- OFAC is a different category entirely. More on this below.
The OFAC Line You Really Don’t Want to Cross
Of all the VPN-crypto intersections, this one has actual federal teeth.
The Office of Foreign Assets Control (OFAC) maintains a sanctions list. Several crypto exchanges and protocols have been sanctioned — Tornado Cash is the most prominent example, but the list also includes exchanges operating from sanctioned jurisdictions. If you use a VPN to access an OFAC-sanctioned service, the VPN doesn’t provide legal cover. The prohibition isn’t on where your packets come from. The prohibition is on the transaction itself.
Using a VPN to route around a geo-block on a sanctioned service means you intentionally circumvented a control that existed specifically to prevent you from doing the thing you just did. OFAC enforcement doesn’t require intent to violate sanctions — it’s a strict liability framework in many cases. Penalties run up to $1 million per violation for the most serious cases.
The IRS is not your primary problem if you’ve been using a VPN to access sanctioned services. OFAC is. Get a lawyer, not a tax preparer, as your first call.
What the IRS Actually Sees
Here’s the mental model most people get wrong: they imagine the IRS as a hacker trying to trace their VPN. That’s not how this works.
The IRS gets data through institutional reporting, not network surveillance.
1099-DA — Starting with the 2025 tax year (forms issued in early 2026), regulated US exchanges are required to issue 1099-DA forms covering crypto disposals. Coinbase, Kraken, Gemini, Kraken — if you have an account that passed KYC as a US person, you’re getting a 1099-DA. That form goes to you and to the IRS simultaneously. The IRS doesn’t need to trace your VPN. They already have your transaction data from the exchange.
FinCEN / Bank Secrecy Act reporting. Large transactions trigger SARs (Suspicious Activity Reports). If you’re moving significant volume, the exchange’s compliance team is already filing reports independent of any VPN you’re running.
Foreign exchange data via FATCA/CJEU agreements. If you hold accounts at non-US exchanges — Binance international, Bybit, OKX — and those exchanges operate in countries with US tax information-sharing agreements, the IRS can request your account data through treaty channels. This doesn’t happen for every account, but it happens for high-value accounts under examination.
FBAR and Form 8938. If you hold foreign exchange accounts (not just US-based exchanges) with aggregate value over $10,000 at any point in the year, you’re required to file an FBAR. Using a VPN to access those accounts doesn’t exempt you from this requirement. It also doesn’t hide the account — because FBAR is self-reported, and the penalty for non-filing is $10,000+ per violation.
So what does the IRS not see? Your VPN provider’s logs — probably. Most reputable VPN providers have no-log policies and are incorporated outside US jurisdiction. The IRS is not issuing subpoenas to NordVPN for crypto tax cases. That’s not the threat model.
The threat model is: your 1099-DA says you have $400k in proceeds, your tax return says you had $20k in income, and the IRS sends a notice asking you to reconcile those numbers. The VPN is irrelevant to that conversation.
The Residence Mismatch Problem
This is the specific scenario that creates compounding problems.
If you’ve been using a VPN to make an exchange believe you’re located abroad — say, to access products not available to US persons, or to avoid 1099 reporting — and you’re actually a US tax resident, you now have two converging issues:
Issue 1: The exchange may not have issued a 1099-DA. If the exchange thinks you’re in Germany, they may not flag you for US tax reporting. This means the IRS doesn’t have automatic visibility into those transactions. It also means you don’t have a form to reconcile against. You’re now in the position of either (a) omitting the income entirely, which is worse, or (b) self-reporting gains the IRS has no record of — which is the right move, but may trigger questions about how those accounts were structured.
Issue 2: The exchange’s records of your declared residence don’t match your tax return. If the exchange ever produces those records — under audit, via treaty request, or because they update their KYC and ask you to re-verify — the discrepancy between “German resident per exchange KYC” and “files as US resident” creates a paper trail suggesting you made a deliberate misrepresentation to one or both institutions.
This isn’t a hypothetical scenario. As FATCA enforcement matures and 1099-DA rollout accelerates, the IRS’s data matching capabilities are improving every cycle. Discrepancies that were invisible in 2020 are findable in 2025.
What To Actually Do If You’ve Been Mixing VPN Access with US Exchange Use
First: stop. If you’re currently using a VPN to access products you’re not supposed to access as a US person, the first step is to stop doing that before your situation gets worse.
Second: assess what you actually have.
- Which exchanges have your real identity on file?
- Which have KYC under a misrepresented jurisdiction?
- Have any of those exchanges already issued 1099s under your Social Security Number? (Check your IRS transcript — you can pull a Wage and Income transcript for free at IRS.gov that shows what institutions have reported.)
- Do you have accounts at foreign exchanges that should have been disclosed on FBAR or Form 8938 but weren’t?
Third: talk to a qualified crypto tax professional or attorney before you do anything else. If you have unreported foreign accounts, there are IRS programs — including the Streamlined Filing Compliance Procedures — designed for taxpayers who have non-willfully failed to report foreign accounts. These programs carry reduced penalties. They’re not available forever, and they’re not available after you’re already under examination.
Fourth: reconstruct your cost basis now. If you’ve been trading on exchanges where 1099-DA reporting may be incomplete or missing, your cost basis records are your responsibility. Pull every CSV you can. Document your acquisition prices. You’re going to need this.
FAQ
Does the IRS have access to VPN provider logs?
In practice, not really — at least not as a routine part of crypto tax enforcement. The IRS’s leverage comes from institutional reporting (1099-DA, SARs, FATCA), not from tracing individual IP addresses. If you’re under criminal investigation by CI (Criminal Investigation), that’s a different scenario — but most crypto tax issues are civil, not criminal.
Should I disclose that I used a VPN to access exchanges?
You don’t need to proactively disclose VPN use on a tax return — that’s not a required field. What you do need to disclose is any income or gains from those accounts, any foreign account holdings above FBAR thresholds, and any offshore account interests required under Form 8938. Disclosure of the underlying transactions and accounts is what matters.
What if an exchange closed my account because they found out I was using a VPN?
This is increasingly common. If an exchange closes your account and forces a sale of your assets, that’s a taxable event. You need to document the proceeds, determine your cost basis, and report the gain or loss. The fact that the closure was involuntary doesn’t make it non-taxable. This is exactly the kind of situation where accurate cost basis records from before the closure are critical — because once the exchange closes your account, getting transaction history out of them can get complicated fast.
Can I clean up prior years if I underreported gains from VPN-accessed accounts?
Yes, with caveats. Amended returns (Form 1040-X) can address prior-year misreporting. If foreign accounts are involved, the Streamlined Filing procedures may be available if the non-compliance was non-willful. “Non-willful” has a specific legal meaning and is worth discussing with a tax attorney before you make any representations to the IRS about your intent. The window to amend generally runs three years from the filing deadline, but the IRS has six years if you’ve omitted more than 25% of gross income, and there’s no statute of limitations on fraudulent returns.
The VPN doesn’t make crypto taxes go away. It just adds a layer of complexity on top of tax complexity that already exists. The IRS doesn’t care which server your trades routed through. They care whether you reported the proceeds.
If you’ve got mismatched accounts, missing 1099s, or unreported foreign holdings, the right time to deal with it is before you get a notice — not after. This isn’t tax advice; your situation has specific facts that matter, and you should talk to a qualified professional before filing or amending anything.
If that professional should be us, you know where to find us.
Need help with your crypto taxes? Mike Ring and the BCTP team handle the messy stuff — multi-chain DeFi, 1099-DAs that don’t add up, prior-year amendments. Free consult at cryptotaxprep.io or call 410-320-7348.
This isn’t tax advice. Talk to a professional about your specific situation.
