Coinbase's Newest Team Members Helped Authoritarians Worldwide Monitor Journalists and Dissidents

By David Z. Morris

Last week Coinbase, America’s biggest cryptocurrency exchange, proudly announced that it was acquiring Neutrino, a startup focused on blockchain analysis—using public blockchain data to trace cryptocurrency transactions. In its announcement, Coinbase wrote that Neutrino’s technology will help make cryptocurrency “safer and more accessible for people all over the world” by helping track thieves and terrorists. In turn, robust blockchain analytics will help crypto exchanges maintain stable fiat banking relationships and, generally, integrate with mainstream finance.

No wonder, then, that Coinbase says it is “excited to welcome [Neutrino] to the Coinbase family!” But observers on Twitter, including analyst Arjun Balaji, quickly noticed a major problem with Coinbase’s new family members: many of them are former leaders of Hacking Team, an Italian spyware vendor. Though ostensibly a creator of tools to monitor and fight crime and terrorism, Hacking Team also sold those tools to repressive regimes, possibly in violation of international controls on such tools. Those regimes, in turn, used the tools to monitor and endanger journalists, activists, and political dissidents.

Neutrino’s CEO, Giancarlo Russo, is the former COO of Hacking Team. Neutrino’s CTO, Alberto Ornaghi, was part of Hacking Team for more than eight years, working his way up to CTO there. Another Neutrino executive, Marco Valleri, appears to have been part of Hacking Team starting in 2004.

Coinbase’s acquisition of Neutrino threatens to explode into a reputational cataclysm.

In one of the more prominent incidents involving Hacking Team tools, UAE human rights activist Ahmed Mansoor was phished and monitored using the company’s tools. He was also physically attacked, and is currently serving a 10-year prison sentence, both apparently in retribution for his fight against internet censorship in the Middle East.

The company’s products have played well-documented roles in similar action against dissidents and journalists worldwide. According to the Washington Post, Hacking Team worked with the same Saudi enforcement group that later played a role in the murder of journalist Jamal Khashoggi. The University of Toronto’s Citizen Lab found that Hacking Team’s Remote Control System trojan software was used to monitor expatriate Ethiopian dissidents who operated a global news service. Ethiopia is one of the most repressive regimes in Africa, and the Committee to Protect Journalists has detailed extensive torture of journalists detained by the country’s leaders.

Related: Blockchain’s Peter Smith Refuses to Withdraw from Controversial ‘Davos in the Desert‘ After Khashoggi Murder

Neutrino CEO Giancarlo Russo

This history, which Coinbase has now acknowledged it was aware of before the acquisition, has made Hacking Team a long-running target of criticism in cybersecurity and civil rights circles. In 2013, Hacking Team was named one of five Corporate Enemies of the Internet by Reporters Without Borders (RSF), an international nonprofit aimed at protecting journalists. Hacking Team’s collaboration with authoritarians may have been ideologically motivated rather than merely mercenary: Its founder and former CEO, David Vincenzetti, regularly signed emails with the slogan “Boi chi Molla”—an Italian Fascist rallying cry.

That gory detail was revealed in part thanks to Hacking Team itself getting hacked—or, perhaps more accurately, completely owned. The 2015 attack, in the words of Wired, left Hacking Team “freshly disemboweled,” revealing 400 GB worth of internal documents, including customer records showing that Hacking Team had sold tools to a laundry list of repressive regimes, including Bahrain, Kazakhstan, and Sudan.

Also in the hacked material were communications between Hacking Team and the United Nations, which believed Hacking Team’s sale of surveillance tools to Sudan violated international sanctions on weapons sales to that country. Hacking Team disputed that claim, but many of its actions would likely be more clearly illegal today: In 2018, the European Union moved to tighten controls on the export of cyber-surveillance technology, based on reports that European tools were being used against activists worldwide.

Its founder and former CEO, David Vincenzetti, regularly signed emails with the slogan “Boi chi Molla”—an Italian Fascist rallying cry.

University of Toronto researchers also found that Hacking Team tools were being resold by U.S. companies, possibly placing them in the purview of the U.S. Department of Commerce, which oversees American export controls. Furthermore, Hacking Team funneled exfiltrated data through U.S. servers to foreign governments as a way of covering its tracks. Though the former Hacking Team executives now leading Neutrino will remain in their London offices, those actions could become a legal or regulatory liability for U.S.-based Coinbase.

But beyond regulatory issues, Coinbase’s acquisition of Neutrino threatens to explode into a reputational cataclysm. As has recently been shown in the QuadrigaCX case, blockchain analytics is clearly useful for investigating suspected crime or fraud. But acquiring the former Hacking Team suggests some flexibility on the ethics of working with repressive regimes. That runs directly counter to individual liberty and censorship resistance, values essential to the conceptual and ethical foundation of cryptocurrency as a technology and movement, and presents the risk that Coinbase users could themselves be subject to unjustified monitoring or control.

Get the BREAKERMAG newsletter, a weekly roundup of blockchain business and culture.

In response to BREAKERMAG’s inquiry about the Neutrino acquisition and Hacking Team’s track record, Coinbase issued the following statement:

“We are aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical, and hiring diligence. Coinbase does not condone nor will it defend the actions of Hacking Team. Increasingly, third-party blockchain analysis companies are requesting customer data from cryptocurrency companies that they serve. It was important for Coinbase to bring this function in-house to fully control and protect our customers’ data and Neutrino’s technology was the best we encountered in the space to achieve this goal.

“Coinbase believes strongly in the potential for cryptocurrencies to give more people control over their personal data. We view our work to create the bridge between crypto and the traditional financial system as critical to accelerating the adoption of crypto around the world. However, significant effort is required to understand the flow of cryptocurrencies and manage risks across public blockchains. We are proud of our long track record balancing a compliant, regulated cryptocurrency exchange with the commitment to protecting our customers’ right to privacy. For Coinbase to meaningfully grow the cryptoeconomy, we know we can never take the trust our customers place in us for granted.”

That defense may not be compelling to the many cryptocurrency influencers critical of the Neutrino acquisition. In response, some urged users to withdraw their funds from Coinbase and instead use alternative exchanges such as Gemini or Bitstamp. Bitcoin advocate Francis Pouliot had perhaps the bluntest take, urging users to “Sell your bitcoins on Coinbase, buy a jetpack and GET THE FUCK OUT OF THERE”.