This is an opinion piece by Morgan Rockwell, founder of Bitcoin Kinetics.
I’m not concerned with Sam Bankman-Fried allegedly get a loan from Alameda, which was actually FTX customer funds transferred through Alameda to be credited to FTX. I’m not concerned with the moral compass of the celebrity investors who gave billions to a child they didn’t really know or understand, but supported with wealth and credibility. I am not very concerned about the financial aspects and market effects on the many companies, exchanges and traders who for whatever reason depended on FTX in any form.
I’m more concerned about Sam Bankman-Fried getting the personal identifying information of millions of customers and using that data to do on-chain analysis on the Blockfolio app he bought that was used by many many Bitcoiners and cryptocurrency holders as a tracker for Bitcoin, Ethereum, and other watch-only cryptocurrency wallets.
Source: Google Pictures
If you don’t know, Blockfolio was an app used by many bitcoin holders and other cryptocurrency holders to track the exchange rate or prices of their coins kept in cold storage or on wallets that they only wanted to watch and not actively have a hot wallet on their mobile device. Storing wallet addresses was not even necessary on the app. You could just put in an amount of a certain cryptocurrency you wanted to watch and say you had – but there was also a feature to log in to exchanges to keep track of all your coins on all the exchanges you were on had them. an application. That was the beauty of Blockfolio because it didn’t necessarily ask for too many personal credentials other than email to help keep track of your account so you could log in from multiple devices.
Most of us like me learned about Sam Bankman-Fried because of the purchase of Blockfolio by a newly formed entity called FTX. For several weeks, the Blockfolio app was rebranded as the FTX app which now had its own exchange. It also had a new set of Know Your Customer rules, anti-money laundering policies, new terms of service, as well as its own custody wallet held by FTX, we suppose.
Blockfolio avidly maintained that they do not and never will sell user data. Blockfolio even attempted to de-identify users with a hashing mechanism so IDs wouldn’t even let themselves be identified and connect user wallets to email addresses; this apparently never happened after buying and converting to FTX.
All of this has raised questions around this merger and acquisition that happened in the cryptocurrency industry only a few years ago. I’m concerned because after the fallout from this exchange, FTX going bankrupt and all of its assets potentially up for auction, I would like to know the status of personally identifiable information that FTX had been forced to collect due to KYC and AML laws . I am concerned about the large amount of information collected including passports, phone numbers, IP addresses, home addresses, cryptocurrency wallet addresses, email addresses, passwords and government identifiers. All of these could be auctioned off as customer data or customer profiles to anyone who finds them valuable.
Now the assets held by FTX, whether they are actually real cryptocurrencies such as bitcoin or corporate tokens built on another layer one network such as Ethereum, are not too important in this conversation to my notice. What’s important is the data, the privacy data, the data mining operation that could have or will be performed on all that data that FTX had collected about the customers, either it was done by them or this will be done by whoever buys this data at auction. More so, the jurisdiction of this data is open to anywhere on earth.
As someone who personally worked on coin analysis concepts and technology for the U.S. military, as well as consulted on it for the Department of Defense as a so-called “subject matter expert “, I can personally attest that it is very easy to correlate a person to their bitcoin wallet address using nothing more than the amounts of bitcoin held at specific addresses, along with device data that keeps track of these specific quantities on specific addresses – it’s simple SIGINT, MASINT or HUMINT, which are different forms of intelligence gathering.
If you keep track of any bitcoin on any wallet on any bitcoin explorer that is viewed through a browser or app on any device, phone, laptop or tablet, there is now a record that will be connected to the IP address, MAC number, SIM phone number, VOIP number, credit card number, home address, and any other personal identifying information attached in any way whether to this device. I know this because Edward Snowden leaked documents showing that the NSA had a program called XKEYSCORE and applications were used as OAKSTAR and its subroutine ROCKET MONKEY to specifically track Bitcoin users to the NSA.
Now what I mean is this data that FTX has been obligated to collect under AML and KYC law. This is potentially one of the largest gatherings of this type of data in the cryptocurrency industry ever in history. This data, combined with coin analytics information related to bitcoin, ethereum, and other cryptocurrency amounts tracked by the previously titled Blockfolio app, has created a situation where personally identifiable information KYC data can now be overlaid on Blockfolio email addresses, UTXOs, and watch addresses. people used on Blockfolio without any personal information being disclosed to the application.
This therefore means that people who used Blockfolio to track how much cryptocurrency they owned, wanted to buy, or watched for whatever reason will now be able to be correlated to very detailed personal identifying information. My concern is not whether FTX and its hundreds of affiliates are keeping track of this Blockfolio information or using it in any way, but that their vast new pool of customer information and data will be tied to it. future to Blockfolio data. I don’t suppose FTX was smart enough to do this for purposes like advertising or sharing data with a hedge fund like Robin Hood was caught doing but I suspect they may have considered selling this data to law enforcement or advertisers or actors in the intelligence community as SBF said there was an open door to regulators and law enforcement at FTX.
What we have to think about now is when FTX’s assets will be auctioned, which they will do, that not only will the digital currencies and tokens and licenses be sold to a new party, but it will be the customers themselves, personally identifying information, and the massive data mining that could have been or will be done with that data.
I have never been an FTX user, have never created an account with FTX or FTX.us, and have never transferred money to Alameda. Unfortunately, due to my longevity in the bitcoin space, I used Blockfolio like many bitcoin users before me to track the amounts of bitcoin I had in multiple locations and their total value. Now this data that I thought was private will be connected to the KYC data of anyone I know, interact with a thread and any device they have used, especially if through multiple connections it leads back to FTX in any way .
What we need to do now is ask the serious questions and not focus on financial obligations or mishandling of SBF and FTX. But we have to ask ourselves, who owns this data? What has been done with this data and who will it belong to in the future? The reality is that FTT’s dissolution into nothingness is not a “force majeure event”, so most users are screwed.
If this concerns or involves you, I would suggest that we find all appropriate channels to protect ourselves from the worst-case scenario of this data fallout. This is the biggest problem with KYC and AML laws, because after all this financial chaos, there is now a criminal exchange that is in possession of the personal information of millions of people about their devices, homes, finances and more. again, all available to the highest bidder.
This is a guest post by Morgan Rockwell. The opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.