The data required to examine past Blockfolio submissions has now been entangled in the collapse of the large bitcoin exchange.

I’m not concerned about Sam Bankman-Fried supposedly receiving an Alameda loan, which was actually FTX client monies routed through Alameda and credited on FTX. I’m not worried about the moral compass of the celebrity investors who contributed billions to a youngster they didn’t know or comprehend but promoted with riches and prestige. I’m not very concerned with the financial and market consequences for the numerous firms, exchanges, and traders that, for whatever reason, relied on FTX in any form.

I’m particularly concerned about Sam Bankman-Fried obtaining millions of consumers’ personal identity information, and using that data to do chain analysis on the Blockfolio software he acquired, which was used as a tracking tool for Bitcoin, Ethereum, and other watch-only cryptocurrency wallets by many Bitcoiners and cryptocurrency holders.

Blockfolio was an app that many Bitcoin and other cryptocurrency users used to keep track of the exchange rate or values of their coins stored in cold storage or on wallets that they simply wanted to view and not have actively on a hot wallet on their mobile device. The software didn’t even require storing the wallet addresses. You might simply enter a particular quantity of a cryptocurrency that you wished to monitor and state that you have done so.

However, there was also a capability to link to exchanges in order to keep track of all of your currencies across all exchanges in one app. The beauty of Blockfolio was that it didn’t require too much personal identifying information other than an email address to assist keep track of your account so you could log in from numerous devices.

Most of us, including myself, learned about Sam Bankman-Fried through the purchase of Blockfolio by a newly established organization named FTX. The Blockfolio app was relaunched as the FTX app, which now featured its own exchange, over the course of several weeks. It also included new Know Your Customer standards, anti-money laundering procedures, and a revised Terms of Service.

We assumed that service, as well as its own custodial wallet kept by FTX.

Here are the Blockfolio Terms of Service as of June 30, 2017:

Blockfolio Privacy Policy 2017

Blockfolio adamantly said that they were not and would never sell user data. Blockfolio even sought to de-identify users by using a hashing process for IDs to prevent them from identifying and connecting user portfolios to email addresses; this appears to have never happened after the purchase and metamorphosis into FTX.

The new FTX Privacy Policy is noticeably different in this regard:

FTX Privacy Policy 2022

Here is what little is said regarding personally identifiable information in the FTX Terms of Service, which is a separate document from the Privacy Policy.

For contrast, if you’d never read a company’s Terms of Service or Privacy Policy, I strongly advise you to get a good beverage and enjoy this word soup!

This has raised concerns about the merger and the acquisition that occurred in the bitcoin business only a few years ago. I am worried because, in the aftermath of this exchange, FTX going bankrupt and perhaps auctioning off all of its assets, I would like to know the status of the personal identity information that FTX was obligated to collect due to KYC and AML rules. My main worry is the massive quantity of data obtained, which includes passports, phone numbers, IP addresses, home addresses, bitcoin wallet addresses, email addresses, and so on.

passwords and government identification All of them might be sold as customer data or customer profiles at auction to whoever considers them desirable.

Disclosure of ftx in the case of a sale or merger

FTX Privacy Policy is the source (disclosure in the event of merger, sale, or other asset transfers)

In my perspective, the assets owned by FTX, whether they were true cryptocurrencies such as bitcoin or made-up tokens established on another tier one network such as ethereum, are unimportant in this discussion. What matters is the data, the privacy data, and the data mining operation that might have or will be performed on all of the data obtained by FTX on customers, whether it was done by them or will be done.

by whomever purchases this info at auction Furthermore, the jurisdiction of that data is available to anybody on the planet.

As someone who has personally worked on coin analysis concepts and technology for the US Military, as well as consulted on this for the Department of Defense as a so-called “subject matter expert,” I can personally attest that it is very easy to correlate a person to their Bitcoin wallet address using nothing more than the amounts of bitcoin held on specific addresses, as well as the amounts of bitcoin held on specific addresses.

in addition to the device data that keeps track of those exact quantities on certain addresses – this is straightforward SIGINT, MASINT, or HUMINT, all of which are various types of intelligence collecting.

If you keep track of any bitcoin on any wallet via any Bitcoin explorer that is accessed via a browser or app on any device, phone, laptop, or tablet, there is now a record that will be linked to the IP address, MAC number, SIM phone number, VOIP number, credit card number, home address, and any other personal identifying information that is attached in any way to this device. I know this because Edward Snowden published documents revealing the NSA’s XKEYSCORE program and apps.

At the NSA, programs such as OAKSTAR and its subprogram MONKEYROCKET were employed to exclusively target Bitcoin users.

HUMINT may be found in Wikipedia.

Source: https://theintercept.com/2018/03/20/the-nsa-worked-to-track-down-bitcoin-users-snowden-documents-reveal/

What I’m getting at is the data that FTX was required to collect under AML and KYC legislation. This might be one of the greatest gathers of this sort of data in the bitcoin business in history. This data, combined with coin analysis information related to bitcoin, ethereum, and other cryptocurrency amounts tracked by the previously titled Blockfolio app, has resulted in a situation in which KYC data personal identifying information can now be superimposed over Blockfolio email addresses, UTXOs, and watch addresses that many people used on Blockfolio without any personal information being disclosed.

The software receives personal information.

As a result, anybody who used Blockfolio to keep track of how much bitcoin they had, wished to acquire, or were keeping track of for any other purpose would now be able to be matched to highly comprehensive personal identity information. My fear is not whether FTX and its hundreds of subsidiaries were tracking or using this information from Blockfolio, but that their large new pool of consumer information and data would be linked to the Blockfolio data in the future. I doubt FTX was savvy enough to do this for any reason, such as advertising or exchanging data with a hedge fund, as Robinhood was found doing.

However, because SBF said that there was an open door to regulators and law enforcement agencies at FTX, I suppose they explored selling this data to law enforcement agencies, advertisers, or players in the intelligence community.

What we need to consider now is that when FTX’s assets are auctioned off, not only will the digital currencies and tokens, as well as the licenses, be sold to a new party, but so will the customers’ personal identifying information and the massive data mining that could have been or will be done with that data.

I was never an FTX user; I never registered with FTX or FTX.us, and I never used their services.

I never used FTX, never had an account with FTX or FTX.us, and never sent money to Alameda. Unfortunately, due to my tenure in the Bitcoin sector, I, like many other Bitcoin users before me, utilized Blockfolio to keep track of the amounts of Bitcoin I held in numerous locations and their overall worth. Now that data that I believed was private will be linked to KYC data of anybody I know who communicated with via a wire and whatever device they used, especially if it ties back to FTX in any manner through numerous connections.

Something we must now do is ask critical questions rather than focusing on SBF and FTX’s financial commitments or mismanagement.

But who has access to this information? What has happened to this data, and who will hold it in the future? Because FTT vanishing into nothing isn’t a “Force Majeure Event,” most consumers are screwed.

If this affects or includes you in any way, I would recommend that we all find appropriate means to protect ourselves from the worst-case scenario of data spillage. This is the most serious issue with KYC and AML legislation, since after all of this financial turmoil, there is now a criminal-run market with millions of people’s personal information about their gadgets, houses, financials, and more, all accessible to the highest bidder.

Avatar
Natasha Dean

With an eye for detail and understanding of this exciting industry. My experience has given me an understanding of crypto trends and how to effectively break them down. I have a soft spot for NFTs and the Metaverse.