After a wave of protest from the cryptocurrency community, Coinbase CEO Brian Armstrong announced in a blog post on Monday that some of the leadership of a recently acquired blockchain analytics firm would “transition out of Coinbase.” The reason for the outcry: those executives were former employees of HackingTeam, the Italian company that provides offensive hacking tools to law enforcement and intelligence organizations—including those of Saudi Arabia, Sudan, and other countries with poor human rights records. One piece of HackingTeam’s malware kit, called Pegasus by mobile security researchers, was tied to surveillance targeting United Arab Emirates dissident Ahmed Mansoor—an Emirati blogger who has been arrested multiple times in the UAE and is still imprisoned.
Coinbase acquired the company in question—Neutrino—on February 19. Neutrino’s technology maps blockchain networks, allowing the tracking of transactions, an important capability for both potential financial company customers and law enforcement agencies, and one that would allow Coinbase’s cryptocurrency exchange to integrate with more traditional finance.
“Our mission as a company is to create an open financial system for the world,” Armstrong said in his blog post. “To do this, the first step is to empower as many people as possible to get access to cryptocurrency. Since most of the money in the world is tied up in the traditional financial system, this means we need to connect to that system and be compliant with all laws and regulations as a financial service business.”
The addition of Neutrino would help Coinbase implement “a know-your-customer (KYC) and anti-money-laundering (AML) program,” he said, which would rely heavily on analytics.
But with the acquisition, Coinbase also acquired Neutrino CEO Giancarlo Russo, Chief Technology Officer Alberto Ornaghi, and Chief Research Officer Marco Valleri. All three previously worked for HackingTeam.
Russo was HackingTeam’s CFO and then CEO, joining the exploit vendor from Ernst & Young in 2009. Russo was linked to a sale of HackingTeam’s Remote Control System surveillance software to Russia’s Federal Security Service by emails published by WikiLeaks in 2015—emails exposed by the hacking of HackingTeam. Ornaghi, who started at HackingTeam in 2008, rose from a developer role to become HackingTeam’s CTO in 2015. Marco Valleri worked for HackingTeam starting in 2004, listing his title on LinkedIn as “Jedi.”
Following the money
The shift from working for cyber-for-hire operations to the blockchain security business is not as tangential as it might seem. Daniel Wolfford, former director of threat intelligence at DarkMatter, moved into the cryptocurrency cybersecurity world in 2017; he’s now director of cybersecurity for Blockchains in Sparks, Nevada. “There are several overlapping topics between cybersecurity and cryptocurrency,” Wolfford said in a response to Ars on Twitter. “Ransomware is the most obvious example.”
The skillsets brought from HackingTeam may have been a good fit for tracking blockchain networks, but HackingTeam’s history triggered an outcry from members of the cryptocurrency community. A campaign to boycott Coinbase soon sprang up on Twitter, and the controversy was picked up by the blockchain-focused news site BreakerMag.
While a Coinbase representative sent BreakerMag a statement that the company had examined Neutrino’s connections to HackingTeam as part of its due diligence, Anderson said in his blog post that “we had a gap in our diligence process. While we looked hard at the technology and security of the Neutrino product, we did not properly evaluate everything from the perspective of our mission and values as a crypto company.”
As a result of a review of the impact of the acquisition, Armstrong said that Coinbase’s executives “together with the Neutrino team have come to an agreement: those who previously worked at Hacking Team (despite the fact that they have no current affiliation with Hacking Team), will transition out of Coinbase.”