Your bank just emailed you. A wire from Kraken hit your account, the compliance team flagged it, and they want to know where the money came from. You have fourteen days. You start counting exchanges, half of them are defunct, and your spreadsheet from 2018 looks like a crime scene.
A crypto Source of Funds report is the document your bank, notary, tax authority, or exchange expects in this exact moment. It traces every coin back to where it originally came from, in a format a non-technical compliance reviewer can read in five minutes. With clean data behind you, it takes seconds, not weeks.
This guide walks you through what a valid Source of Funds report contains, who tends to ask for one, and how to produce one in CoinTracking that is structured to meet the standards typically requested by EU and global banks. We will also cover the old-coin problem (Mt. Gox, BTC-e, that 2014 wallet you barely remember) and the common reasons banks reject the documents people submit. If you have already been tracking your trades in CoinTracking, most of the data foundation is already there.
Generate a bank-ready Source of Funds report
What is a Source of Funds report for crypto?
A Source of Funds (SoF) report is a written record that answers one question: where did the money in this specific crypto transfer originally come from? Not last quarter's balance, not a summary of your trading, but the origin of one set of coins, traced back to the original event where they first entered your tracked accounts.
That original event can be one of five things:
- A fiat deposit (you wired EUR into Coinbase to buy BTC)
- A crypto deposit from outside your tracked accounts (a transfer from a wallet you never imported, a gift, or an OTC purchase)
- Mining or staking rewards (network participation income)
- Income or rewards (airdrops, lending interest, referral bonuses)
- Other sources (forks, recovered keys, etc.)
Every withdrawal traces back to some mix of those five categories. The Source of Funds report makes that breakdown visible, transaction by transaction, in a format a banker or auditor can independently verify.
It is not the same as a tax report. A tax report calculates gains and losses for a fiscal year. A Source of Funds report shows where a specific withdrawal originally came from. They use the same underlying transaction data but answer different questions, and reviewers (banks, notaries, AML officers) want the SoF version, not the tax version.
Who asks for one and why right now?
The list of institutions asking for SoF documentation has grown sharply over the past few years. In 2026, with the EU's Transfer of Funds Regulation (TFR), MiCA, and DAC-8 all live, the requests are no longer rare. Here are the most common cases. The regulatory background is explained further down: it explains why the requests are arriving more frequently and why getting your documentation in order matters more in 2026 than it did even a year ago.
Your bank, after a large crypto-to-fiat transfer
This is the most common trigger. Sparkasse, Deutsche Bank, Commerzbank, ING, Santander, HSBC, Revolut, N26, Wise, and major Swiss banks all run automatic AML reviews on inbound wires above their internal threshold. Wires from crypto exchanges are treated as high-risk by many banks. Above 10,000 EUR (sometimes lower, depending on country), expect a letter, a portal upload request, or a call from your relationship manager. You have to prove the coins were not linked to money laundering, tax evasion, or sanctions violations.
The tax authority, during an audit
Germany's Finanzamt, Spain's AEAT, France's DGFiP, the IRS, HMRC, and the ATO all conduct crypto audits now. The trigger is usually a discrepancy between what an exchange reported and what the taxpayer declared, or an old wallet appearing in a chain-analysis report. When the audit notice arrives, the tax officer typically requests the full transaction history plus a Source of Funds narrative for any large disposal in the audit period. A clean SoF document usually resolves the issue quickly. A messy spreadsheet can drag the audit out for months.
The notary, when you are buying a house with crypto
In Germany, Austria, the Netherlands, Spain, Portugal, and Italy, the notary is legally responsible for confirming the buyer's source of funds before closing. If any portion of the deposit came from selling crypto, the notary will request a Herkunftsnachweis. Without it, the closing process can stall and the seller may walk away. The notary is not equipped to verify the full transaction chain themselves: they want a single document signed by you, listing the exchanges, trades, timestamps, and the final fiat conversion.
The exchange, when you onboard or withdraw large amounts
Enhanced KYC and Due Diligence checks at Kraken, Bitstamp, Binance, Bitvavo, and many others now include a Proof of Source of Funds (PoSoF) check for high-volume users, OTC desks, and institutional accounts. The exchange already sees your activity on its platform, but they need to know where the crypto you deposited came from before you opened the account.
A private bank or OTC desk, before accepting your business
If you are opening a private banking relationship in Switzerland, Liechtenstein, Singapore, the UAE, or any other jurisdiction that handles high-net-worth crypto wealth, the compliance team will request documentation showing where your crypto wealth came from before approving the account. This happens before any transaction takes place: they want the file on day one.
Lawyers and accountants, during a complex life event
Inheritance, divorce, business sale, donation to a charity, or moving to a different tax residency: each of these can trigger questions about where your crypto wealth came from. Your lawyer or accountant will assemble a binder, and the Source of Funds report is usually one of the key documents.
The pattern is always the same: the question is the same, the format is the same, the deadline is short. One well-prepared document covers all of them.
DAC-8 and the 2026 reporting reality
The reason these requests are increasing is regulatory, not psychological. DAC-8 is the EU directive that obliges crypto service providers to report user identity and transaction data automatically to national tax authorities. It also implements the OECD Crypto-Asset Reporting Framework (CARF). Germany transposed DAC-8 through the Kryptowerte-Steuertransparenzgesetz (KStTG), which entered into force on 24 December 2025.
The key dates for crypto holders:
- The KStTG has been in force since 24 December 2025.
- The first reporting period is calendar year 2026.
- The first mandatory report to Germany's Bundeszentralamt für Steuern (BZSt) is due on 31 July 2027.
- Under § 11 KStTG, providers report per asset class: identity, tax residency, tax ID, place of birth, plus aggregated transaction data (gross amounts, number of units, transaction counts, fair market values) broken down by purchases, sales, swaps, transfers, and mass payment transactions.
- § 13 KStTG requires every provider to notify each reportable user before the first report is filed, specifying exactly what data will be transmitted. The notice you receive from your exchange in 2027 is that legally required disclosure, not an extra privacy update.
One clarification matters here. DAC-8 obliges platforms, not users. You do not need to prove source of funds because of DAC-8 itself. The source of funds requirement comes from anti-money-laundering law and from your bank's AML procedures. The two mechanisms work together: DAC-8 ensures the tax authority will see your crypto activity. Source of Funds documentation ensures you can explain that activity.
The same logic applies in other EU member states, in the UK (via the Crypto-Asset Reporting Framework rollout), and in OECD-aligned jurisdictions like Switzerland and Singapore: the platforms report automatically, and reviewers expect you to have the documentation ready.
For private investors in the DACH region, this means a well-prepared Source of Funds report is not insurance against rare events — it is the standard answer to an increasingly routine request. CoinTracking's partner law firm Winheller tracks ongoing regulatory developments and is a strong first point of contact if a dispute arises with a bank or tax authority.
What a valid Source of Funds report looks like
A spreadsheet export is not a Source of Funds report. A list of trades is not a Source of Funds report. The document reviewers expect follows a specific structure, and CoinTracking's report follows that structure section by section.
1. Cover page
Branded title page with the user's name (if entered), the generation date, the asset and amount being traced, and a clickable table of contents. The cover signals that this is a formal compliance document, not a raw data dump.
2. Executive summary
A hero box at the top with the key facts: date of the withdrawal, source exchange or wallet, amount and asset, EUR or USD value at the time, the time period covered, the total number of transactions analyzed, and the number of trace levels (how deep the algorithm had to go). Then a plain-language narrative paragraph, automatically generated from the trace results, in the form: "On 15.04.2026, a withdrawal of 1.5 BTC (89,250.00 EUR) was made via Kraken, covering the period from 03.06.2021 to 15.04.2026. A total of 87 transactions across 6 data sources contributed to this withdrawal. The withdrawal is attributed to fiat deposits (62.4 percent) and crypto deposits (37.6 percent)."
A horizontal bar visualizes the fiat-versus-crypto origin split, with absolute EUR amounts and percentages. A reviewer who reads only this page already knows whether to escalate or close the file.
3. Data sources
The data sources. Every transaction in the trace is labeled by its import method, with three levels of evidentiary value:
- Blockchain: verifiable on-chain data (highest evidentiary value)
- Exchange: API or CSV from a regulated third party
- Manual: user-entered (lowest, flagged honestly)
Alongside, an Exchange and Wallet Summary table lists every exchange and wallet that contributed funds, including on-chain addresses where available, the import type, and the transaction count per source. This gives reviewers a clear view of where the underlying data came from.
4. Fund structure
How the funds are structured. A horizontal bar plus a key-value breakdown classifies every original deposit into Fiat, Crypto, Mining and Staking, Income and Rewards, or Other. Two detail tables (Fiat origin of inflows, Crypto origin of inflows) break each bucket down by transaction type, count, share, and EUR value.
If any portion of the trace could not be completed (an incomplete data import, a missing CSV), an honest untraced warning is shown with the count and percentage. CoinTracking would rather flag a 3 percent gap than hide it: a reviewer trusts a report that admits uncertainty far more than one that papers it over.
5. Transaction history
The full transaction history. A landscape table with every single transaction that contributed to the withdrawal, organized by trace level. Level 1 is the withdrawal itself. Level 2 is where those funds came from. Level 3 is where those funds came from. And so on, until every chain ends at a terminal deposit (a fiat purchase, a mining reward, an airdrop, an outside transfer).
Each row contains the date, the source exchange or wallet, the transaction type (Trade, Deposit, Staking, Mining, Airdrop), the inflow amount and asset, the outflow amount and asset, the fee, the share-of-funds percentage, the import method, and the underlying transaction ID or blockchain hash. Terminal deposits are highlighted in green so the reader can spot the origin points at a glance.
This is the section a tax auditor or banker can independently verify: every row is verifiable against an exchange statement or a block explorer.
6. Explanatory notes and glossary
A short glossary (Level, Inflow, Outflow, Type, Share, Missing, Import), the methodology statement, and the legal disclaimer. A reviewer who has never seen a CoinTracking report should be able to understand it without additional explanation.
CSV companion for accountants
The same data, machine-readable. Accountants who want to filter or further analyze the data receive the full transaction set as a CSV with the same labels and translations as the PDF. If your tax advisor wants to build their own analysis, the CSV is what they need.
The fiat side: documents your bank still expects
A Source of Funds report covers the crypto side of the chain in full, but no tool can prove where your fiat originally came from. CoinTracking has no visibility into your salary, your inheritance, your property sale, or your business income. You provide the fiat-side documentation yourself. That is not a weakness of the report, it is simply how compliance reviews work.
Depending on your situation, plan to assemble:
- Payslips and employment contracts for the years in which you bought crypto (most banks accept the last two to three years).
- Tax returns or assessment notices from your home tax authority, showing your declared annual income.
- Bank statements showing the outbound wires to crypto exchanges, matched against the deposit dates in your CoinTracking history.
- Inheritance certificates or notary documents if a portion of the funds came from an inheritance.
- Property sale contracts if a portion came from real estate.
- Business accounts or dividend statements for self-employed and shareholder cases.
The combination of a CoinTracking SoF report (crypto side) and your fiat-side paperwork (origin of the money before it became crypto) is what banks and notaries expect to see. Submitting one without the other is a common reason for rejection, and we cover the others further down.
The crypto side: what only a tool can do
Spreadsheet-based Source of Funds reconstructions are still common, and they almost always fail under closer review. The reason is structural: a human exporting CSVs from five or ten exchanges cannot reliably reconstruct a multi-step transaction flow by hand.
Consider a single 1.5 BTC withdrawal in 2026. Behind it might sit a 2019 EUR deposit on Bitstamp that bought 0.4 BTC, a 2021 trade on Binance that swapped 50,000 USDT (acquired by selling ETH bought with EUR on Kraken in 2020) for 0.8 BTC, and a 0.3 BTC staking reward accumulated over two years on a self-custodied wallet. Three branches, six exchanges, two staking pools, and twelve intermediate trades. Reconstructing how each source contributed to the final withdrawal is not a spreadsheet exercise: it requires tracing transactions across multiple platforms and wallets.
This is where a tool does what spreadsheets cannot:
FIFO transaction tracing
CoinTracking applies a First In, First Out trace algorithm that works backwards through your entire transaction history, matching the withdrawal's coins to the lots they came from. For every connected transaction, the algorithm continues tracing backwards, walking through trades, transfers, and deposits, until it reaches the original deposits. At every step, it calculates the exact share percentage: the fraction of that transaction's funds that ended up in the analyzed withdrawal.
Cross-exchange transaction matching
The trace does not care that you bought on Coinbase, moved to a Ledger, sold on Kraken, and rebought on Bitstamp. As long as your transactions are imported, the algorithm matches inflows and outflows across CoinTracking's 400+ supported exchanges and wallets. A transfer from Kraken to a personal address followed by a deposit from that same address into Bitstamp is automatically recognized as part of the same transaction flow.
Live data, every time
The trace is generated at the moment you click Generate. There is no outdated snapshot. If you import a new exchange, fix a misclassified transaction, or add a missing CSV, the next report automatically reflects those changes. Many users start by cleaning up old imports, regenerating the report, and watching the untraced percentage drop from 8 percent to under 1 percent.
Localized formatting
Numbers, dates, currencies, and labels follow your CoinTracking language and display settings. A German user sees 1.234,56 € and 15.04.2026. A US user sees $1,234.56 and 04/15/2026. A Spanish user sees Spanish section headers and a Spanish disclaimer. Reviewers in your home country do not have to translate anything.
Honest about uncertainty
If a manual entry appears in the transaction chain (you typed in a 2017 trade because the exchange never gave you a CSV), the report flags it. If a portion cannot be traced, the report clearly identifies that portion. Compliance officers trust documents that openly acknowledge uncertainty.
The "I started in 2014" problem
The hardest case is the long-time holder. If you bought BTC on Mt. Gox in 2014, the original exchange is gone, your email confirmations are buried in an archive, and the CSV export feature disappeared with the bankruptcy. Multiply that by Cryptopia (2019), BTC-e (2017), QuadrigaCX (2019), FTX (2022), Celsius (2022), and a handful of small exchanges that simply stopped responding. Reconstructing a defensible Source of Funds report for someone who started before 2018 can look almost impossible from the outside.
It is not impossible. CoinTracking has been operating since 2012, the same year Mt. Gox was the biggest exchange in the world. The importers we built back then are still part of the platform today, and the historical data formats are documented in the importer library. The process usually looks like this.
Find what you exported at the time
Many long-time holders forget that they did export data: an old email attachment from Mt. Gox, a CSV downloaded from Cryptsy before it shut down, an archived account statement from BTC-e. CoinTracking's legacy importers still accept those exact formats. Even partial exports can help reconstruct a meaningful portion of the transaction history.
Use bankruptcy estate records
Mt. Gox, QuadrigaCX, Cryptopia, FTX, Celsius, and BlockFi all have public bankruptcy proceedings with detailed creditor records. If you filed a claim, the claim documentation typically lists your balance at the time of collapse. That balance becomes a recognizable endpoint in your transaction history, and CoinTracking lets you use it as a starting position.
Reconstruct from blockchain data
For self-custodied positions, the blockchain is the source of truth. If you have any record of the deposit address you used in 2014, the on-chain data is still there. CoinTracking imports it directly. The resulting transactions are marked as blockchain-verified (the highest verification level in the report), which can further strengthen the report.
Explain the gap honestly
Even after all of this, you may end up with a 5 to 15 percent untraced portion from those very early years. The report states that gap explicitly. Combined with a short cover letter explaining that the portion corresponds to early holdings on now-defunct exchanges, reviewers accept that in most cases. The alternative (fabricating a clean 100 percent trace) raises far more red flags.
This is where CoinTracking pulls ahead of newer crypto tax tools. A platform that launched in 2019 simply does not have the importer library for an exchange that closed in 2014. CoinTracking does, and that depth is what lets early adopters produce a defensible Source of Funds report at all. We compare the broader feature set in our guides on the best alternative to Koinly and the best alternative to CoinTracker, but the historical reconstruction capability is one of the features that matters most for long-time holders.
Generate your report in CoinTracking, step by step
Once your transaction history is imported, generating the report itself is the easy part. Here is exactly how it works.
- Confirm your plan. Source of Funds is included on Expert and Unlimited. Free, Starter, and Pro users see an upgrade prompt linking to the pricing page.
- Import or refresh your exchange and wallet data. Connect APIs, upload CSVs, or refresh existing connections so the reporting period is fully covered. CoinTracking supports 400+ exchanges and wallets, including defunct ones. Run the duplicate-detection and missing-transactions checks at the same time.
- Navigate to the report. In the left sidebar, click Analyse. Under Transactions, you will find the Source of Funds report. Every outgoing crypto transfer is listed: fiat withdrawals from exchanges, transfers to external wallets, internal outgoing transfers. Each row is a candidate for a Source of Funds report.
- Click "Report" on the withdrawal you need to document. No configuration, no extra setup. The trace algorithm works backwards through your transaction history immediately.
- Wait a few seconds. The trace completes in milliseconds, the PDF is generated directly in your browser. No server queue, no waiting list.
- Download the PDF and the CSV companion. The PDF goes to the bank, notary, or auditor. The CSV is for your accountant. Both include timestamps and your CoinTracking account ID for verification purposes.
- Submit alongside your fiat-side documents. Add payslips, tax returns, and bank statements (see the fiat section above). A two-to-four-sentence cover letter explains who you are, what you are submitting, and why.
Most users finish steps 3 to 6 in under a minute. The longest part of the whole exercise is usually finding your last tax return, not generating the crypto report.
Upgrade to Expert or Unlimited
Pricing: included in Expert and Unlimited (no per-report fee)
Source of Funds is bundled into the Expert and Unlimited plans. There is no per-report fee, no credit system, no usage cap. Whether you generate one report or a hundred, the price stays the same. That matters because most users do not generate just one report: they generate a fresh one every time a bank, notary, or tax authority asks, often multiple times a year.
Here is how the feature lines up across the CoinTracking plans:
| Feature | Free | Starter | Pro | Expert | Unlimited |
|---|---|---|---|---|---|
| Annual price (EUR) | 0 | 39 | 129 | from 219 | 769 |
| Transactions | Portfolio view (7-day trial) | 200 | 3,500 | 20,000 to 100,000 | Unlimited |
| Portfolio tracking | Yes | Yes | Yes | Yes | Yes |
| 25+ reports | Yes | Yes | Yes | Yes | Yes |
| 400+ exchanges and wallets | Yes | Yes | Yes | Yes | Yes |
| DeFi and NFT | Yes | Yes | Yes | Yes | Yes |
| Tax reports | No | Yes | Yes | Yes | Yes |
| Tax options | No | Yes | Yes | Yes | Yes |
| Backups | No | 2 | 5 | 10 | 20 |
| Auto-Sync (API imports) | No | No | Yes | Yes | Yes |
| API access | No | No | Yes | Yes | Yes |
| Priority support | No | No | No | Yes | Yes |
| Source of Funds report | No | No | No | Yes | Yes |
| Advanced tools | No | No | No | No | Yes |
| Expert session | No | No | No | No | Yes |
Expert starts at the 20,000-transaction tier and is also available at 50,000 and 100,000 tiers at higher annual prices. Source of Funds is included on every Expert tier and on Unlimited, with no usage cap.
If you compare this to competing tools that sell Source of Funds reports on a per-credit or pay-per-report model, the math changes quickly the moment a bank asks for a second or third document. A single review process can easily involve five to ten reports as reviewers come back with additional questions. With CoinTracking, that is included.
Common bank rejections and how to avoid them
Even with a good report, some submissions still get rejected. The same five issues come up again and again.
1. Missing the fiat side of the chain
A perfect crypto trace that says "1.5 BTC came from a 60,000 EUR fiat deposit on Bitstamp in 2019" does not tell the bank where that 60,000 EUR came from. Always submit the report alongside payslips, tax returns, inheritance documents, or sale contracts that explain where the original fiat funds came from.
2. Untraced portion above 10 percent without an explanation
If 12 percent of your withdrawal could not be traced and you submit the document without a cover letter, the bank assumes you are hiding something. A two-sentence explanation ("12 percent corresponds to BTC held on Mt. Gox between 2014 and 2016, an exchange that ceased operations and for which complete CSV exports are no longer obtainable") usually resolves the issue.
3. Mismatched names or addresses
If your CoinTracking account is under one name and your bank account is under a slightly different name (a maiden name, a translation, a typo), reviewers will usually flag it. Make sure the personal data on the report cover matches the exact name on the bank account, and resolve any differences in the cover letter.
4. No matching bank statements for the crypto deposits
If the report says you wired 30,000 EUR to Kraken in 2020, the bank wants to see the outbound wire on your bank statement from that period. Always pull the matching bank statements and stack them alongside the report. The two documents support each other.
5. Submitting only a tax report instead of a Source of Funds report
A tax report is a different document. It calculates gains and losses for a fiscal year. A bank reviewer cannot determine the origin of funds from a tax report, and many will reject the submission as "not the requested document type." If your bank asks for Source of Funds, send the SoF PDF, not the tax PDF, even if both come from CoinTracking.
If you want a human to handle the whole stack for you (collect the fiat-side documents, generate the report, write the cover letter, submit the package), CoinTracking's Full Service team does exactly that. They work with the same SoF report in the background, with a professional preparer adding the surrounding paperwork.
This guide has been reviewed by Winheller, CoinTracking's crypto tax law partner in Germany, one of Europe's most experienced legal teams on crypto AML, source of funds, and tax compliance.
Generate yours in seconds, not weeks
The bank, the notary, the auditor, the exchange: they all want the same thing, and the answer is the same. Build the documentation once, keep your imports current, and the next time a letter arrives you spend fifteen minutes assembling the package instead of three weekends rebuilding it from CSVs.
