How FTX Crash Could Expose Blockfolio Users – Crypto
This is an opinion editor written by Morgan Rockwell, founder of Bitcoin Kinetics.
I am not concerned that Sam Bankman-Fried allegedly received a loan from Alameda that was actually FTX client money that was wired through Alameda to be credited to FTX. I’m not concerned with the moral compass of celebrity investors who gave billions to a kid they didn’t really know or understand, yet backed with wealth and credibility. I am not very concerned about the financial and market effects on the many companies, exchanges and traders who for one reason or another depended on FTX in any form.
What worries me the most is Sam Bankman-Fried getting access to millions of customers’ personal identification data and using that data to analyze the chain of the Blockfolio app he bought, which many Bitcoiners and cryptocurrency owners used as a Bitcoin tracking tool. Ethereum and other watch-only cryptocurrency wallets.
Source: Google Images
If you didn’t know, Blockfolio was an app that many bitcoin and other cryptocurrency owners used to track the exchange rate or the exchange rate of their coins in cold storage or wallets that they just wanted to watch. they do not use an active wallet on their mobile device. There was actually no need to store wallet addresses in the app. You could simply put in a certain amount of cryptocurrency you wanted to look at and it would say you had it – but there was also a feature where you could connect to exchanges to track all your coins on all the exchanges they were on. an application. That was the beauty of Blockfolio, as it didn’t necessarily ask for too much personally identifiable information other than your email to track your account, so you could sign in from multiple devices.
Most of us, like myself, became aware of Sam Bankman-Fried because a newly formed entity called FTX bought Blockfolio. Within a few weeks, the Blockfolio app was rebranded as the FTX app, which now has its own exchange. We assumed it would include its new Know Your Customer rules, anti-money laundering policy, new terms of service, and its own wallet held by FTX.
You can view the Blockfolio Terms of Service as of June 30, 2017 here:
Blockfolio has been adamant that they do not and will never sell user data. Blockfolio has even tried to de-identify users with an ID hashing mechanism so they don’t allow themselves to be identified, and linking user portfolios to email addresses; this apparently never happened after purchase and conversion to FTX.
Source: FTX 2022 Data Protection Policy
All of this has raised questions about the merger and acquisition that took place in the cryptocurrency industry a few years ago. I am concerned because after the exchange goes down, FTX goes bankrupt and all of their assets are potentially auctioned off, I would like to know the status of the PII that FTX was forced to collect due to KYC and AML. laws. I am concerned about the amount of information collected, including passports, phone numbers, IP addresses, home addresses, cryptocurrency wallet addresses, email addresses, passwords and government IDs. All of these can be auctioned off as customer data or customer profiles to whoever finds them valuable.
Well, the assets owned by FTX, whether they are real cryptocurrencies like bitcoins or fictional tokens based on another layer of network like ethereum, are not very important in this conversation in my opinion. What is important is the data, the privacy data, the data mining operation that FTX could have done or will do on all the data collected about customers, or they have done, or will do, whoever buys that data at auction. . Moreover, the jurisdiction of this data is open to anywhere on Earth.
As someone who has personally worked on coin analysis concepts and technology for the US military and has consulted on it for the Department of Defense as a so-called “subject matter expert”, I can personally attest that the correlations are very easy. for a Bitcoin wallet address, a person uses nothing more than the amount of bitcoins stored at those addresses, along with the device data that tracks those specific amounts at those specific addresses – this is simple SIGINT, MASINT, or HUMINT, all of which are different forms of information gathering.
If you track the bitcoins in your wallet through any Bitcoin Explorer that you view through a browser or app on any device, phone, laptop or tablet, you now have a record associated with the IP address, the MAC number. , SIM phone number, VOIP number, credit card number, home address and any other personally identifiable information associated with this device in any way. I know this because Edward Snowden leaked documents showing that the NSA had a program called XKEYSCORE and they used applications like OAKSTAR and its sub-program MONKEYROCKET to track NSA Bitcoin users.
I am now looking to collect FTX under AML and KYC laws. This is potentially one of the largest data collections of its kind in the cryptocurrency industry ever conducted in history. This data, combined with coin analysis information about bitcoin, ethereum and other cryptocurrency amounts tracked by the previously named Blockfolio app, has created a situation where personally identifiable information from KYC data can now be traced to Blockfolio email addresses, UTXOs and watch addresses , which used a lot of people in Blockfolio without giving out any personal information to the app.
So this means that people who have used Blockfolio to track cryptocurrency they own, want to buy, or are tracking for whatever reason, can now correlate it with very detailed PII. My concern is not whether FTX and its hundreds of affiliates have tracked this information from Blockfolio or used it in any way, but rather that a huge new pool of customer information and data will be added to Blockfolio data in the future bound. I don’t assume FTX was smart enough to do this for any purpose, like advertising or sharing data with a hedge fund like Robinhood was caught doing, but I assume they considered selling that data to law enforcement. advertisers or those in the intelligence community, as SBF says the door is open to regulators and law enforcement at FTX.
Now you have to think about when the assets of FTX will be auctioned, which they will be, so that not only the digital currencies and tokens and licenses are sold to some new party, but the buyers themselves. , PII and the massive data mining that could or will be done with that data.
I have never been an FTX user, never created an account on FTX or FTX.us, and never transferred money to Alameda. Unfortunately, my long life in the Bitcoin space has led me to use Blockfolio, like many Bitcoin users before me, to track the amount of Bitcoin I hold in multiple places and their total value. Now the data I thought was private will be linked to the KYC data of anyone I know who they have communicated with over the wire and using any device, especially if they are in any way traced back to FTX through multiple connections.
What we need to do now is to ask serious questions and not focus on the financial liabilities or mismanagement of SBF and FTX. But we have to ask, who has this data? What happened to this data and who will own this data in the future? The reality is that FTT melting into nothing is not a “force majeure event”, so the majority of users are misled.
If this affects you at all or affects you, I suggest we look into the proper channels to protect ourselves from the worst case scenario of data loss. This is the biggest problem with KYC and AML laws, because after so much financial chaos, there is now a criminal controlled exchange that has millions of people’s personal information about their assets, homes, finances, etc. available to the highest bidder.
This is a guest post by Morgan Rockwell. The opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Crypto.