Examining the #DeleteCoinbase Controversy: Is Coinbase Selling User Data? Examining the #DeleteCoinbase Controversy: Is Coinbase Selling User Data?
🚨 This article is 5 years old...

Examining the #DeleteCoinbase Controversy: Is Coinbase Selling User Data?

Examining the #DeleteCoinbase Controversy: Is Coinbase Selling User Data?

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

One Coinbase executive recently said that its partners were “selling client data to outside sources,” stoking privacy concerns. Controversy has been brewing since the exchange’s acquisition of blockchain analytics company Neutrino on Feb. 19th. Purportedly, the founder of Neutrino is also the founder of spyware development firm Hacking Team, a company which was criticized for selling its surveillance technology to authoritarian regimes.

Update March 11: On Twitter, Grant Blaisdell of Coinfirm, a company mentioned in this article, denies that Coinfirm ever had any formal involvement with Coinbase. The mention of Coinfirm has been removed.

Coinbase Lambasted for Hiring Alleged Spyware Developers

Once Coinbase made its acquisition of Neutrino, a number of different publications lambasted the company for associating itself with the ethically questionable employees. The publicity storm intensified into the Twitter campaign #DeleteCoinbase, with users calling for a boycott of the service.

According to Jesse Powell, CEO of competing cryptocurrency exchange Kraken, the exchange’s compliance team conducted an analysis of Neutrino and listed one concern about the company as:

“Known to pass information with Kaspersky Lab, GroupIB, and other Russian firms closely linked with FSB [Federal Security Service of the Russian Federation].”

According to a report from Motherboard, Hacking Team sold spyware to countries including Saudi Arabia, Sudan, Kazakhstan, as well as the US Federal Bureau of Investigation (FBI), and the Drug Enforcement Administration.

Coinbase CEO Brian Armstrong Responds to Accusations

In response to the controversy, CEO Brian Armstrong announced that Coinbase would ‘transition’ former members of Hacking Team from recently acquired Neutrino. According to Armstrong:

“We had a gap in our diligence process. While we looked hard at the technology and security of the Neutrino product, we did not properly evaluate everything from the perspective of our mission and values as a crypto company. We took some time to dig further into this over the past week, and together with the Neutrino team have come to an agreement: those who previously worked at Hacking Team (despite the fact that they have no current affiliation with Hacking Team), will transition out of Coinbase.”

In response, the announcement seemed to have curtailed some of the criticism from the community. Joseph Young, a renowned cryptocurrency analyst and investor gave credit to Coinbase for rectifying the situation:

Anthony Pompliano, co-founder of Morgan Creek Digital and recognized Bitcoin supporter, also suggested that the company was responding effectively to the allegations:

Yet, it seems that the accusations have also inflamed concerns around Coinbase “selling user data” to associated firms.

Does Coinbase Sell Client Data?

In an interview with Cheddar—when asked why Coinbase acquired Neutrino, Christine Sandler, the director of institutional sales at Coinbase—stated:

“It was important for us to migrate away from our current providers… They were selling client data to outside sources and it was compelling for us to get control over that and have proprietary technology that we could leverage to keep the data safe and protect our clients.”

Yet, Sandler’s statements also suggest that Coinbase’s current blockchain intelligence providers were, or are currently, selling Coinbase user data. Now, by association, Coinbase’s partner intelligence companies, including Elliptic, Blockchain Intelligence Group, and Ciphertrace are now under scrutiny from the cryptocurrency community. Given that crypto users are far more security conscious than the average person these concerns are not trivial.

Meanwhile, Coinbase’s privacy policy from May 25th, 2018, explicitly states:

“We may share your information with service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else.”

More emphatically, the privacy policy says:

“We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. [Coinbase] CB will never sell or rent your personal information. [emphasis in original]”

As such, if Sandler’s statements are correct then Coinbase was in violation of its own privacy policy. For additional clarification on the extent and parties involved with the potential sale of client data, CryptoSlate reached out to Coinbase and CEO Brian Armstrong and has yet to receive a response.

Partner Firm Responds to Rumors

Elliptic, one of the firms responsible for aiding with KYC-compliance through its service and identifying “illicit activity in Bitcoin… [by] providing actionable intelligence,” posted a response after getting swept up in the negative publicity. Elliptic co-founder and CEO Dr. James Smith wrote:

“I have been disappointed to see reporting in the past few days which has incorrectly implied that Elliptic is distributing personal information for financial gain. Such comments fundamentally misunderstand the data we analyse, the insight we share with our clients, and the role we play in the industry.”

The CEO went on to assert that Elliptic does not have access to “end users’ personally identifiable information”:

“[We have] no access to end users’ personally identifiable information. Our exchange clients including Coinbase, do not provide us with any personally identifiable information about their users.”

Whether the same applies to other firms that have done business with Coinbase is still uncertain.

Mentioned in this article