Short version -- if you have any access to any remaining funds @Exscudo, try and get them immediately. While GDPR crimes take time -- probably six months -- they're serious violations with serious fines. I Given the clear fraud and malignancy I've experienced trying to settle with Exscudo, I've asked for the higher 40M Eur, to be applied. I suspect Exscudo lacks the funds to pay 40 pounds, let a alone 40 million.
_______________________________________________________________________________
_______________________
Long Version -- I've been trying to get my investment back for years. On 5 Oct 2018 I was able to receive a pittance, 0.024 bitcoin, which came out to 0.0235:
https://www.blockchain.com/btc/tx/b71c942b78471336145e172737ece3a90a69d3cc43bd231fa46c52da332f1bbcTo begin my GDPR complaint, I submitted the emailed-from-Exscudo confirmation receipt I received of that transaction, and a video of me logging into the receiving exchange's account. The account name at that exchange is my email, and that email is the same as my Exscudo account login. It's a private domain under my private control, not gmail or shared accounts. The video shows me using my email, and 2FA via Google Authenticator, logging into that receiving exchange and showing the "deposit history" of 0.0235 BTC in from Exscduo, which can be seen on the blockchain above.
At this point, ownership of my previous receiving/withdraw address from Exscudo is proven. Ownership of my private domain on my private server is registered via internic and my ability to log into it is proven. The domain has never been hacked, there are no "hacking" complaints lodged with any registrar.
Next I submit for the GDPR complaint screenshots of multiple, failed withdraw attempts over the years from Exscudo. I express my belief that Exscudo has lacked the funds to complete the withdraw of my investment from at least Nov, 2018, and have been being misleading about it.
To support that, I then submit multiple emails from Exscudo saying they're software "updates" have having issues, will be fixed, and are the reason I can't withdraw.
Next I submit communications from Exscudo saying the software is "fixed", yet screenshots show that I still can't withdraw.
Finally a withdraw goes through, but I have to set up "2FA". So I set it up, write down the restoration code and have Exscudo linked to my account showing up in google auth, which displays "my.exscudo.com (Auth) ([
my@emailaccount.com])".
The 2FA, like all their previous "updates", doesn't work.
Next I submit pictures of the failed 2FA withdraw with my Google Authenticator app open displaying the code.
Next I submit several dozen communications from Exscudo asking me for passport, government ID, home address, home phone, all things in direct violation of the GDPR -- you cannot change the terms of consent after-the-fact. That is, I sent bitcoin in under X terms of consent, I want what little bitcoin back that they haven't squandered under the same consent terms. The GDPR is very cut-and-dry about this, it's a clear and indisputable violation.
Next I submit dozens of communications from Exscudo where their response to my requests that are, essentially, "your 2FA is broken, here's the original code Exscudo gave me for 2FA, can you manually insert it into your broken 2FA system so I can withdraw" of Exscudo telling me my account is "hacked" because they can't property set up 2FA.
Next I submit a dozen or so request for Exscudo to reveal their GDPR controller -- they're required to but won't. Another clear and indisputable violation.
I copy and send to my GDPR advocate another dozen or so communications from Exscudo aggressively and rudely projecting their incompetence as my problem, and my need to give this company my home address, home phone and personal IDs. The advocate seems pretty shocked: "I hope you didn't!" they say. Another clear in indisputable violation.
Next I submit copies of me forcibly resetting my password on Exscudo. This process goes to my account name, which is my email, and works.
Today I updated the complaint documentation with a screenshot of Exscudo locking me out of my account. "User disabled, login is impossible".
I ask if the GDPR complaint process can restore my entire investment -- Exscudo wasted the ICO money away, presumably on travel, personal profit and other frivolous expenditures -- they clearly haven't put any of the ICO money into any form of competent software development/developers -- not just the pittance that is left. The GDPR specifically allows requests for non-mitigated losses -- meaning the time and aggravation of dealing with their fraud(s). So I decide on three times my initial investment, plus, of course, the initial investment.
I add working 2FA to a personal website just out of curiosity, it takes me less than an hour; the API is robust, shows examples, is easy to understand with minimal code insertion in the actual website. I muck up the secret in the DB, can't log in, reset it to the original, takes about another three minutes. Yeah, I remember when Personal Home Page came out so am familiar with LAMP, and there was already a CakePHP plugin. Still, it's not rocket science. Exscudo could've reset the "secret" key in a couple minutes and I wouldn't be dealing with this drama, and they wouldn't be on the receiving end of GDPR investigations and hopefully fines....
I ask for clarification if the GPDR can assist with a group litigation order since it seems to me the initial ICO -- which touted buying 1.0 million EON as the amount for a PoS supernode for DeFi -- was, itself, a bait-and-switch fraud to attract investors to what is itself just a scam. I asked if the GDPR can assist in a group litigation order. This is what yanks think of as "class action lawsuit".
Meaning, IF YOU INVESTED IN EXSCUDO AND LOST BITCOIN, YOU CAN JOIN IN THIS SUIT TO TRY AND RECOUP ASSETS LOST. At the very least, as I'm unsure who actually owns this "private company", the GDPR process will resolve and reveal that.
The GDPR stipulates that the "controller" is personally liable for losses related to GDPR noncompliance. So I have some hope of getting something back as I named the person who kept telling me Exscudo's software problems were the reason I needed to help Exscudo break GDPR laws (and thus help them collect passport/ID information on people from whom Exscudo were fraudulently witholding assets).
I doubt anyone is using the "exchange" at all or is in any way hopeful of getting their investment back, but if you want to go through the aggravation of filing a GDPR complaint (since you can hold people personally responsible, not the company itself), the process is: Try and withdraw. When they want personally identifying information, decline to give it, assert your rights under the GDPR, ask whom the controller is, and when they won't give you your BTC back or disclose the controller, you can join me in the GDPR complaint...
_______________________________________________________________________________
_______________________
DM for further information or how to join in either the GDPR or GLO.Personally, I think Exscudo should be more upfront about how much is left of the ICO funds and, without admitting guilt of wasting the investment, just offer to distribute the remainder back to investors and fold the company. If you're reading this, a pint says they fold and "exit scam" run soon...