Last week, Coinbase announced that it had acquired Neutrino, a blockchain intelligence startup, which at first seemed like a regular purchase for the ever-growing United States cryptocurrency exchange.
However, soon the crypto community learned that Neurino’s key staff are directly affiliated with Hacking Team, a controversial information technology outfit that sells offensive surveillance capabilities to governments, law enforcement agencies and corporations across the world.
A hashtag #DeleteCoinbase has been launched as a result, prompting users to cut ties with the platform. However, some clients have since reported that they are struggling to delete their accounts.
Coinbase has confirmed that they were aware of Neutrino senior employees’ background, but found their technology “industry leading.” Interestingly, Coinbase has also admitted that their previous providers were selling client data to outside parties.
Neutrino’s key staff have been involved with Hacking Team, the Italy-based controversial outfit
On Feb. 19, Coinbase reported acquiring the Italy-based firm Neutrino to improve safety and boost its Anti Money-Laundering (AML) and Know Your Customer (KYC) measures. The accompanying statement read:
“By analyzing data on public blockchains, Neutrino will help us prevent theft of funds from peoples’ accounts, investigate ransomware attacks, and identify bad actors. It will also help us bring more cryptocurrencies and features to more people while helping ensure compliance with local laws and regulations.”
Neutrino was founded in 2016 by Giancarlo Russo, Marco Valleri (also known as “NaGa”) and Alberto Ornaghi (also known as “ALoR”). All of them are directly related to Hacking Team.
First, in 2001, ALoR and NaGa created Ettercap, a "comprehensive suite for man-in-the-middle attacks." The program has since been widely used for intercepting traffic, capturing passwords and eavesdropping, becoming “the Swiss army knife" for remote hacking.
Eventually, ALoR and NaGA were allegedly contacted by the Milan police department, who asked the developers to create a Windows driver that would enable them to monitor Skype calls. To put such cooperation on a larger scale, in 2003, ALoR and NaGa founded Hacking Team, a commercial hacking software company. As of now, the company’s technology is “used daily to fight crime in six continents,” as per its website.
According to Russo’s LinkedIn profile, he joined the company in 2009 as its chief financial officer, later becoming its chief operating officer.
In 2015, Hacking Team was hacked, and 500 GB of client files, contracts, financial documents and internal emails were leaked online. At the time, the company was reportedly selling its spyware to countries including Ethiopia, Morocco, the United Arab Emirates and the U.S. — with the Drug Enforcement Administration and Federal Bureau of Investigation among its customers — according to a Motherboard investigation. Following the security breach, Hacking Team purportedly lost some of its key clients.
Notably, Hacking Team’s software has reportedly been used by authoritarian governments to spy on journalists and activists. For instance, according to Motherboard, the firm has been involved in hacking UAE human rights activist Ahmed Mansoor, who was then detained and sentenced to 10 years in prison.
In May 2016, Russo, Valleri (NaGa) and Ornaghi (ALoR) founded Neutrino. The company took a somewhat similar course, albeit on the field of cryptocurrencies. Thus, its key product, XFlow nSpect, has been designed “specifically for Law Enforcement agencies,” representing a “comprehensive solution for monitoring, analyzing and tracking cryptocurrency flows across multiple blockchains,” the website states.
In 2017, Neutrino tracked funds associated with the ransomware hackers known as WannaCry and concluded that they converted their Bitcoin (BTC) into Monero (XMR), a privacy-oriented cryptocurrency, via Switzerland-based crypto exchange ShapeShift.
Community and Coinbase reaction
Soon after Coinbase announced its acquisition, crypto community members started to point out that Neutrino was founded by Hacking Team’s former employees. For instance, Amber Baldet, co-founder and CEO of the startup Clovyr and former lead at JPMorgan Chase's Blockchain Center of Excellence (BCOE), tweeted:
“When I said it would be great to have more infosec people involved in the ‘crypto’ space, I didn’t mean the largest US exchange should acquire an analysis tools company run by a former Hacking Team member, but here we are.”
Interestingly, Coinbase has commented on the issue, admitting that they knew about Neutrino’s roots. By Feb. 26, the exchange’s spokesperson told Motherboard that his firm “does not condone nor will it defend the actions of Hacking Team,” adding:
“We are aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence.”
The Coinbase representative further explained that Neutrino’s technology basically seemed too good to be ignored:
“Increasingly, third-party blockchain analysis companies are requesting customer data from cryptocurrency companies that they serve. It was important for Coinbase to bring this function in-house to fully control and protect our customers' data and Neutrino’s technology was the best we encountered in the space to achieve this goal.”
On March 1, Christine Sandler, Coinbase’s director of institutional sales, expanded on that statement in an interview with Cheddar. First, she confirmed that her company was aware of Neutrino’s connection to Hacking Team, but wanted to employ their technology nonetheless:
"We are aware of the backgrounds of some of the folks that were involved in Neutrino and we are looking into that. The compelling reason for making the acquisition was that Neutrino had some really industry leading and best-in-class technology.”
Notably, Sandler also admitted that previous providers of Coinbase were selling customer data. Having Neutrino’s technology will allow the administration to keep that information safe, she added:
“It was important for us to migrate away from our current providers. They were selling client data to outside sources and it was compelling for us to get control over that and have proprietary technology that we could leverage to keep the data safe and protect our clients."
Further problems: Users struggling to delete their accounts
While the number of people who have actually deleted their Coinbase accounts during the #DeleteCoinbase campaign is unknown at the moment, some users have reported having technical problems with deactivation.
Many of those complaints revolve around the fact that in order to close a Coinbase account, a user is required to have a zero balance. Therefore, those users who have “dust” — tiny amounts of cryptocurrencies left from previous transactions — in their accounts are allegedly unable to send it to an external wallet, because the amount is too small to send. As a Coinbase spokesperson explained to Motherboard, those limits have been introduced to “ensure the fees incurred when sending money over the blockchain are covered.”
That issue has prompted Coinbase users to start yet another hashtag, #DeleteCoinbaseTrustChain. Essentially, it helps the exchange’s clients to coordinate and exchange dust in order to close their accounts. The hashtag was initiated by independent developer Udi Wertheimer and resembles a play on #LnTrustChain, a hashtag used by crypto enthusiasts who send small portions of their funds via the Lightning Network trustchain. Wertheimer said:
“I hope that this message makes Coinbase understand that a press release won't fix this. They need to disassociate themselves from Hacking Team if they have any hope of earning people's trust again. I don't know if this can happen, so the alternative is that people at least know about it and get to decide for themselves.”
Moreover, some users claim that they can’t close their accounts even if their balance is free of dust. For instance, Singapore-based Twitter user Saifuddin Jalil argues that his Coinbase account has had no funds “for a more than a year,” but he still can’t close it down. He has allegedly contacted Coinbase support and asked them to delete his private information, to which the exchange replied that they won’t be able to complete his request within 30 days of receipt due to its “complexity.” Similar difficulties were reported by other users.