Cryptocurrency exchange Coinbase has acknowledged it made a major mistake when it bought Italian blockchain analytics firm Neutrino, whose senior management staff included several members of infamous Italian firm Hacking Team — which has reportedly sold powerful hacking and surveillance tools to oppressive governments.
A 2015 report by Motherboard found that Hacking Team sold software to “Kazakhstan, Azerbaijan, Oman, Saudi Arabia, Uzbekistan, Bahrain, Ethiopia, Nigeria, Sudan and many others,” matching the findings of research by Citizen Lab. A cache of documents stolen from Hacking Team servers by hackers and leaked to media showed that it had faced a United Nations inquiry into whether the sale of its Remote Control System spyware to Sudan violated embargoes imposed over its government’s numerous human rights abuses, which include allegations of slavery, child soldiers, persecution of dissidents, and war crimes.
Hacking Team sold its tools stateside to the Drug Enforcement Administration and FBI—something also not likely to go down well with the cryptocurrency community, which tends to lean heavily libertarian.
Per Bloomberg, Coinbase users as well as blockchain-focused publication Breaker Mag quickly clued onto the fact that many of Neutrino’s executives were Hacking Team alumni. In a blog post on Medium, Coinbase co-founder Brian Armstrong said the onboarding of Hacking Team staff was due to a “gap in our due diligence process” and that the decision was not properly evaluated “from the perspective of our mission and values as a crypto company.” Armstrong added that those individuals will be leaving Coinbase.
Coinbase announced the purchase of Neutrino on Feb. 19 and soon faced push-back from users. Neutrino’s chief executive officer Giancarlo Russo, chief research officer Marco Valleri, and chief technical officer Alberto Ornaghi were former members of Hacking Team, according to a BreakerMag article.
... “We took some time to dig further into this over the past week,” said Armstrong, adding that those who previously worked at Hacking Team “will transition out of Coinbase.”
However, as Breaker Mag noted, Coinbase had previously issued a statement defending the Neutrino acquisition reading in part, “We are aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence.”
According to crypto industry publication CoinDesk, Coinbase director of institutional sales Christine Sandler had previously justified the acquisition of Neutrino by stating their previous analytics provider had been “selling client data to outside sources,” spooking some customers further.
However, on Tuesday, a Coinbase spokesperson told Coindesk it had “never shared our customers’ personally identifiable information with any third-party blockchain analysis vendors.” Some users characterised the Neutrino acquisition as another privacy violation, CoinDesk wrote, with one writing, “It’s really frightening to think who has gained access to Coinbase customer data over the years.”
As the Next Web noted, there is still a lack of clarity as to which Neutrino workers other than the three identified by Breaker Mag, if any, worked with Hacking Team, and what the timeline of their exit from Coinbase is.
4/ Critically, we MUST have clarification on that statement on the @cheddar interview, that Coinbase tracking partners sold customer data to third parties. If that’s true, that’s a massive leak that must be disclosed IMMEDIATELY. If it’s not true, Coinbase MUST clarify that.
— Udi Wertheimer (@udiWertheimer) March 5, 2019
Coinbase did not immediately respond to a request for comment on this story, and we’ll update if we hear back.