🟡 Trust Rating: Moderate

Koinly works, and for most people it is the least painful way to file crypto taxes. That is the pitch. The catch is structural: it is cloud tax software, which means you upload your entire financial graph (every wallet address, every exchange, every transaction going back years) to a company's servers so it can do the math. The convenience is real. So is the exposure. In December 2025 a third-party analytics vendor leaked Koinly user emails, a reminder that once your data lives on someone else's stack, their weakest supplier is now your problem too. Use it with your eyes open and the safeguards below.

💰 Affiliate Disclosure

We participate in Koinly's affiliate program. Using our link supports this site at no extra cost to you. Our review always remains independent and unbiased: the trust rating above, the privacy concerns, and the safeguards below are exactly what we would write without the program.

Try Koinly →

What is Koinly?

Koinly is a cloud-based crypto tax calculator. You connect your exchange accounts and wallets, it pulls in your full transaction history, matches buys to sells, applies your country's cost-basis rules, and spits out a tax report you can file or hand to an accountant. It supports over 100 countries and produces pre-built localized reports (US Form 8949 and Schedule D, UK SA108, Canada Schedule 3, Australia ATO reports) for a smaller set of major jurisdictions.[1]

The legal entity is Koinly Pte. Ltd., registered in Singapore, with a US operating presence in Palo Alto, California. The company was founded in 2018.[2] Singapore is the headquarters jurisdiction, which matters when you are deciding whose privacy laws govern the pile of financial data you are about to upload.

Critical Privacy Concerns

⚠️ What You Are Actually Handing Over

  • Your entire financial graph - To calculate gains, Koinly ingests every wallet address, every exchange account, and your complete transaction history. That is a full map of your on-chain identity sitting in one company's database. No crypto tax SaaS avoids this. It is the job.
  • Read-only API keys still leak your positions - Koinly uses read-only exchange API access, so it cannot trade or withdraw.[3] Good. But read-only still exposes balances, cost basis, and full trade history to Koinly's servers and to anyone who breaches them.
  • Third-party suppliers are part of your attack surface - In late December 2025, Koinly disclosed that user email addresses were exposed through Mixpanel, a third-party analytics vendor it had been using. The same Mixpanel incident hit OpenAI and CoinTracker. Koinly said wallet, transaction, tax, and portfolio data was never shared with Mixpanel and stayed on separate systems, and it stopped using Mixpanel afterward.[4] Emails only this time. The lesson stands: their vendors are your risk.
  • Address reuse links you forever - Feed Koinly a public address and you have tied that address to your real email and payment method in a searchable corporate database. If that database ever leaks, the deanonymization is done for whoever gets it.

What It Does Well

Coverage

This is where Koinly earns its reputation. It connects to 350+ centralized exchanges, 100+ self-custodial wallets (including hardware wallets like Ledger and Trezor), and dozens of blockchains with direct address syncing.[1] If you traded on an obscure exchange or farmed some forgotten DeFi protocol, there is a decent chance Koinly already knows how to parse it. For a multi-exchange, multi-chain mess, that breadth is the whole reason people pay.

Import Methods

Two ways in: live API sync (read-only) or CSV upload.[1] The API route is the convenient one and the one that keeps a standing connection to your accounts. CSV upload is a one-time file with no persistent link. From a privacy standpoint those are not equal, and the safeguards section below has an opinion about which to prefer.

Tax Output and Exports

Koinly generates the filled tax forms and also exports to consumer filing software. The review sources confirm export compatibility with TurboTax and TaxAct, plus Form 8949 and Schedule D for US filers.[5] Cost-basis methods include FIFO, LIFO, and HIFO or average-cost depending on your jurisdiction.[1]

Technical Specifications

  • Type: Cloud SaaS (your data lives on Koinly's servers, not your machine)
  • Jurisdiction: Singapore (Koinly Pte. Ltd.), US presence in Palo Alto, California
  • Country coverage: 100+ countries, with pre-built localized reports for major jurisdictions
  • Integrations: 350+ exchanges, 100+ wallets, dozens of blockchains with direct sync
  • API access: Read-only (cannot trade or withdraw)
  • Import options: API sync or CSV upload
  • Exports: TurboTax, TaxAct, Form 8949, Schedule D

Pricing Structure

Pricing is a one-time charge per tax year, not a recurring subscription, and the tiers are gated by transaction count. One trap worth knowing: historical transactions from prior years count toward your limit, so a light current-year trader can still get pushed into a higher tier by old activity.

Plan Price (per tax year) Transaction limit
Free $0 Portfolio tracking and a gains preview only, no downloadable tax report
Newbie $49 Up to 100
Hodler $99 Up to 1,000
Trader $199 Up to 3,000
Pro ~$279 10,000+

The free tier is genuinely useful for portfolio tracking and estimating what you owe, and it lets you evaluate the tool before paying. It will not let you download the actual report.[6]

If You Use It Anyway: Safeguards

Reduce the blast radius

  • Read-only API keys, always. Never hand a tax tool a key that can trade or withdraw. Koinly's keys are read-only by design, but if you generate the key yourself, double-check the permissions.
  • Prefer CSV import over live API where practical. A CSV is a one-time snapshot you upload and are done with. A live API key is a standing door into your account that persists until you revoke it. For a once-a-year filing, the CSV route leaves less lying around.
  • Use an alias email. The December 2025 leak was email addresses. A dedicated alias (not your main inbox) limits phishing blowback and keeps your real identity one step removed.
  • Delete your data after you file. Once the report is downloaded and your return is submitted, there is no reason for Koinly to keep holding your entire transaction history. Purge the account data. As a Singapore/EU-facing operator, Koinly is subject to data-deletion requests, so use them.
  • Revoke the API keys on your exchanges once the report is generated. Do not leave dormant read-only keys connected year-round.

Koinly vs. Alternatives

Koinly vs. Rotki (the privacy pick)

  • Koinly: Cloud SaaS, huge integration coverage, easiest workflow, and your data lives on their servers.
  • Rotki: Open-source and local-first, your data stays on your own machine, at the cost of more manual work and thinner exchange coverage. If keeping your financial graph off a third party's servers is the priority, this is the one. See our Rotki review.

Koinly vs. CoinTracker

  • Koinly: Broad international coverage, per-tax-year pricing, strong DeFi and multi-chain parsing.
  • CoinTracker: Another mainstream cloud option with tight exchange partnerships. Note it was hit by the same Mixpanel incident. See our CoinTracker review.

Koinly vs. TokenTax

  • Koinly: Self-serve software, cheaper, you do the work.
  • TokenTax: More of a full-service tax firm bolted onto software, priced accordingly, better for complicated or high-volume situations where you want a human in the loop. See our TokenTax review.

For a side-by-side across all of these, read our crypto tax software comparison guide.

When to Use Koinly

Reasonable Use Cases

You traded across many exchanges and chains and reconstructing it by hand is not realistic. Koinly's coverage is the reason to accept the tradeoff.

You need localized reports for a specific country and want the forms filled correctly the first time.

You will apply the safeguards: CSV where practical, alias email, read-only keys, and a data purge after filing.

Not the Right Fit

Keeping your financial data off third-party servers is non-negotiable. Then no cloud tax SaaS qualifies. Use a local-first tool like Rotki.

You have a handful of simple transactions. You may not need software at all, let alone one that ingests your whole history.

The Bottom Line

Consider Koinly if:
  • Your crypto tax situation spans many exchanges and chains and manual tracking has become impossible
  • You want correct, country-specific reports with minimal effort
  • You are willing to treat it as a temporary upload, not a permanent home for your data
Avoid Koinly if:
  • You refuse to put your full transaction history on a company's servers
  • Your filing is simple enough to do without handing over your entire on-chain map
  • You want an open-source, local-first tool you can audit yourself

⚠️ Final Assessment

Koinly is probably the best mainstream crypto tax tool, and it is still a service that requires you to upload your complete financial graph to a third party in Singapore. Those two facts coexist. The moderate rating reflects both: it is competent, well-run, and honest about its December 2025 vendor leak, and it is also a single database holding a searchable record of your crypto life. If you use it, use it like a scalpel: minimal data, alias email, CSV where you can, and delete everything the moment you have filed.

Get Koinly →

Resources

  1. KuCoin - Koinly Review 2026: Pricing, Plans, and Full Crypto Tax Features Guide
  2. Tracxn - Koinly Company Profile (Singapore HQ, founded 2018)
  3. SGP Business - Koinly Pte. Ltd. Singapore registration
  4. The Crypto Times - Koinly Reports Email Data Leak After Third-Party Vendor Breach (Dec 24, 2025)
  5. Cryptonews - Koinly Discloses Third-Party Breach Exposes User Emails
  6. Crypto Adventure - Koinly Review 2026: Pricing, Transaction Limits, and Tax Report Exports
  7. Koinly - Official Pricing Page