Cryptocurrency fans value privacy. They are distrustful of governments. They’re paranoid about possible hacks.
So cryptocurrency users were not impressed when Coinbase, a major cryptocurrency exchange, partnered with former members of a notorious hacking company that sells spyware to oppressive regimes. Now some users are fleeing. “#DeleteCoinbase before they delete you,” @btc, a major bitcoin Twitter account wrote Friday.
“Not that I’m @coinbase’s biggest customer by any stretch of the imagination, but I’m done,” another user wrote above a screenshot of his deleted account.
Coinbase is supposed to make cryptocurrency easy. The company lets users buy and sell virtual money from a sleek smartphone interface, theoretically avoiding the scams that plague the crypto scene. But Coinbase users said the company invited the grifters into its corporate ranks when it acquired the analytics firm Neutrino last month. Neutrino’s executives are former executives of Hacking Team, an infamous surveillance company that sells hacking services to law enforcement, corporations, and governments looking to crack down on dissent.
“The bitcoin community has historically been very close to internet freedom movements such as WikiLeaks, and Hacking Team represents the dark side of technology, used to restrict freedoms instead of liberate humanity,” bitcoin evangelist Francis Pouliot told The Daily Beast. “Hacking team, and the surveillance apparatus of which neutrino is a part of, are natural enemies of bitcoin users.”
Coinbase and Neutrino went public with their merger last month. “Neutrino will help us prevent theft of funds from peoples’ accounts, investigate ransomware attacks, and identify bad actors,” Coinbase said in its announcement. “It will also help us bring more cryptocurrencies and features to more people while helping ensure compliance with local laws and regulations.” Neutrino’s leaders would know all about attacks—they’ve been masterminding them for decades, Breaker Mag first reported. In 2001, recent Neutrino executives Alberto Ornaghi and Marco Valleri built a hacking program so powerful that Milan, Italy’s police department contracted them to build spyware that would let them snoop on Skype calls undetected. The spying contract was the beginning of what would become Hacking Team, a premier firm marketing to powerful creeps.
The company’s spyware lets governments remotely access their targets’ computers and phones, sometimes to violent ends. In 2012, Hacking Team phished the email of Ahmed Mansoor, a pro-democracy journalist in the United Arab Emirates, Motherboard reported. The phishing attack was part of a sustained effort to crack into Mansoor’s phone, culminating in his 2017 arrest for “cybercrimes,” for which he is serving 10 years in prison.
By 2014, Hacking Team had millions of dollars in government contracts in Latin America, with Mexican officials reportedly using the software to target journalists, scholars, and political rivals. In 2015, Hacking Team got a taste of its own tools when hackers attacked them and leaked internal communications. (The company was revealed to have used weak passwords like “P4ssword.”) Leaked documents revealed that Hacking Team had sold its services to governments in Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Russia, Saudi Arabia, Sudan, and Turkey. The Saudi government group accused of murdering Washington Post columnist Jamal Khashoggi reportedly worked with Hacking Team in the past.
Hacking Team leaders were dismissive of human rights concerns posed by some of their government clients, leaked documents revealed. “I have a question for you all: PLEASE NAME a single really ‘democratic’ country, a country which does not violate anybody’s rights and has a TOTALLY clean human rights record,” the CEO David Vincenzetti emailed colleagues.
Some cryptocurrency evangelists describe the alternative money as a means of avoiding the long arm of the government. Most cryptocurrency transactions are logged publicly, but without the owner’s name, and without ties to a bank account. The privacy-minded crypto community mighty seem like an unlikely home for former Hacking Team executives.
But at least three Neutrino leaders—Ornaghi, Valleri, and CEO Giancarlo Russo—were execs or early members of Hacking Team.
The revelation sent some Coinbase users fleeing, with Twitter users posting about the exodus under the #DeleteCoinbase hashtag.
A series of bungled responses from Coinbase might have made the situation worse. When contacted by Breaker Mag last week, the company said it was “aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence. Coinbase does not condone nor will it defend the actions of Hacking Team.”
Meanwhile, a Coinbase executive assured customers that the Neutrino acquisition was necessary to replace another company that was “selling client data to outside sources.” The implication, that Coinbase users’ data was now on the market, fanned the panic. (Coinbase told The Daily Beast the comment “was taken out of context” and that they’d never shared personally identifiable data with other companies.)
The backlash kept coming, and Coinbase users kept going. Late Monday night, Coinbase released another statement blaming the hirings on “a gap in our diligence process.”
The ex-Hacking Team members would no longer work with Coinbase, the company said. But Neutrino is staying with Coinbase, where it will be tasked with protecting user privacy.