Less than two weeks after announcing its acquisition of blockchain surveillance and compliance firm Neutrino, leading cryptocurrency exchange Coinbase has parted ways with the firm’s controversial founders.
After news broke that Neutrino CEO Giancarlo Russo, CTO Alberto Ornaghi, and CRO Marco Valleri were part of Hacking Team, an infamous spyware company that sold products to governments with a long history of human rights abuses, Coinbase found itself at the center of a storm of outrage. A Twitter campaign, #DeleteCoinbase, sprung up urging clients to cut ties with Coinbase.
Hacking Team’s client list also included “Russia, Ethiopia, Azerbaijan, Bahrain, Kazakhstan, Vietnam, Saudi Arabia, Sudan and other states known to spy on, jail, and murder journalists,” according to the Committee to Protect Journalists. Reporters Without Borders called the firm “an enemy of the Internet.” Even with more respectable agencies, Hacking Team’s tools garnered controversy. The FBI reportedly used its Hacking Team tools to monitor the privacy-oriented Tor Browser.
On March 4, Coinbase CEO Brian Armstrong announced in a blog post that the three executives and anyone else at Neutrino who had worked with Hacking Team would “transition out of Coinbase.”
Addressing the controversy, Armstrong said, “We had a gap in our diligence process. While we looked hard at the technology and security of the Neutrino product, we did not properly evaluate everything from the perspective of our mission and values as a crypto company … Bitcoin—and crypto more generally—is about the rights of the individual and about the technological protection of civil liberties. Coinbase seeks to be the most secure, trusted, and legally compliant bridge to cryptocurrency. We sometimes need to make practical tradeoffs to run a modern, regulated exchange, but we did not make the right tradeoff in this specific case.”
The announcement did not satisfy all of Coinbase’s critics on the #DeleteCoinbase twitter chain. For example, on March 4, user @Livestradamus noted: “Let’s remember kids, @coinbase did this only after news went viral. Continue the purge. #DeleteCoinbase.”
Beyond the Hacking Team revulsion
Coinbase doubled down on the controversy on Friday, March 1, when Christine Sandler, its director of institutional sales, explained the Neutrino purchase by saying, “It was important for us to migrate away from our current providers. They were selling client data to outside sources and it was compelling for us to get control over that and have proprietary technology that we could leverage to keep the data safe and protect our clients.”
That led to more concern about the broader issue of Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance tools like those Coinbase sought to bring in-house in acquiring Neutrino.
In fact, Coinbase’s initial response to the controversy was a statement noting that while it “does not condone nor will it defend the actions of Hacking Team… it was important for Coinbase to bring this function in-house to fully control and protect our customers’ data and Neutrino’s technology was the best we encountered in the space to achieve this goal.”
Sandler’s statement, in turn, led to an angry response from Coinbase’s current analytics provider, Elliptic (which Sandler had not named).
In a statement on its website, Elliptic CEO James Smith noted:
“I have been disappointed to see reporting in the past few days which has incorrectly implied that Elliptic is distributing personal information for financial gain. Such comments fundamentally misunderstand the data we analyze, the insight we share with our clients, and the role we play in the industry. Elliptic has no access to end users’ personally identifiable information. Our exchange clients, including Coinbase, do not provide us with any personally identifiable information about their users… We do not require or request any transaction data that we can link to individuals, and do not have any other client information such as names, addresses or social security numbers. We do not support or enable the violation of any individual’s financial privacy… We only allow our solutions to be used in order to combat financial crime, and do not allow it to be used for marketing, business intelligence, or any other purpose.”