How The FTX Collapse Could Leave Blockfolio Users Exposed

This is an sentiment editorial by Morgan Rockwell, laminitis of Bitcoin Kinetics.

I'm not acrophobic with Sam Bankman-Fried allegedly getting a loan from Alameda, which was really FTX lawsuit funds wired done Alameda to beryllium credited connected FTX. I'm not acrophobic with the motivation compass of the celebrity investors who gave billions to a kid they didn't truly cognize oregon understand, yet endorsed with wealthiness and credibility. I'm not precise acrophobic with the fiscal and market effects upon the galore companies, exchanges and traders who for immoderate crushed depended connected FTX successful immoderate form.

I'm astir acrophobic with Sam Bankman-Fried getting the idiosyncratic recognition accusation of millions of customers, and utilizing that information to bash concatenation investigation connected the Blockfolio app helium purchased which was utilized by galore Bitcoiners and cryptocurrency holders arsenic a tracking instrumentality of Bitcoin, Ethereum and different watch-only cryptocurrency wallets.

Source: Google Images

If you aren't aware, Blockfolio was an app that was utilized by galore Bitcoin holders and different cryptocurrency holders to support way of the speech complaint oregon the prices of their coins held successful acold retention oregon connected wallets that they lone wanted to beryllium watching and not person actively connected a blistery wallet connected their mobile device. Storing the wallet addresses really were not adjacent needed connected the app. You could conscionable enactment successful a magnitude of a definite cryptocurrency that you wanted to ticker and accidental that you had — but determination was besides a diagnostic to link to exchanges to support way of each of your coins crossed each of the exchanges you had them connected successful 1 app. This was the quality of Blockfolio arsenic it didn't needfully inquire for excessively overmuch idiosyncratic recognition accusation different than an email to assistance support way of your relationship truthful you tin log successful from aggregate devices.

Most of america similar myself became alert of Sam Bankman-Fried due to the fact that of the purchase of Blockfolio by a recently formed entity called FTX. Over respective weeks the Blockfolio app was rebranded arsenic the FTX app which present had its ain exchange. It besides had a caller acceptable of Know Your Customer rules, Anti-Money Laundering policies, a caller Terms of Service, arsenic good arsenic its ain custodial wallet held by FTX, we assumed.

Here you tin spot the Terms of Service astatine Blockfolio from June 30, 2017:

Source: Blockfolio Privacy Policy 2017

Blockfolio avidly argued that they were not and would not ever merchantability idiosyncratic data. Blockfolio adjacent attempted to de-identify users with a hashing mechanics for IDs to not adjacent fto themselves place and link idiosyncratic portfolios to email addresses; this seemingly ne'er happened aft the acquisition and translation into FTX.

Here you tin spot the stark quality successful the caller FTX Privacy Policy:

Source: FTX Privacy Policy 2022

Here is what small is mentioned astir idiosyncratic identifiable accusation wrong the FTX Terms of Service, which is simply a antithetic papers than the Privacy Policy.

Source: FTX Terms Of Service 2022

For reference, if you person ne'er work a Terms Of Service oregon Privacy Policy of a institution before, I powerfully urge you drawback a beardown brew and bask this connection soup!

This each has brought up questions astir this merger and the acquisition that happened successful the cryptocurrency manufacture lone a fewer years ago. I americium acrophobic due to the fact that aft the fallout of this exchange, FTX going bankrupt and each of its assets perchance being enactment up for auction, I would similar to cognize the authorities of the idiosyncratic recognition accusation that FTX had been forced to stitchery due to the fact that of KYC and AML laws. My interest is the immense magnitude of accusation gathered including passports, telephone numbers, IP addresses, location addresses, cryptocurrency wallet addresses, email addresses, passwords and authorities IDs. All of these could beryllium sold astatine auction arsenic lawsuit information oregon lawsuit profiles to whoever finds them valuable.

Source: FTX Privacy Policy (disclosure successful the lawsuit of merger, sale, oregon different plus transfers)

Now the assets held by FTX whether they were really existent cryptocurrency specified arsenic bitcoin oregon made up tokens built connected different furniture 1 web specified arsenic ethereum are not excessively important successful this speech successful my opinion. What is important is the data, the privateness data, the information mining cognition that could person oregon volition beryllium done connected each of this information FTX had gathered connected customers either it was done by them oregon it volition beryllium done by whomever buys this information astatine auction. Even much so, the jurisdiction of that information is unfastened to anyplace connected earth.

Source: FTX Privacy Policy (international information transfers)

As idiosyncratic who has personally worked connected coin investigation concepts and exertion for the United States Military, arsenic good arsenic consulted connected this for the Department of Defense arsenic a truthful called "subject substance expert," I tin personally attest that it is precise casual to correlate a idiosyncratic to their Bitcoin wallet code utilizing thing much than the amounts of bitcoin held connected circumstantial addresses, arsenic good arsenic the instrumentality information that is keeping way of those circumstantial amounts connected circumstantial addresses — this is elemental SIGINT, MASINT oregon HUMINT, each of which are antithetic forms of quality gathering.

Source: Wikipedia Search For HUMINT

If you are keeping way of immoderate bitcoin connected immoderate wallet implicit immoderate Bitcoin explorer that is looked done a browser oregon app connected immoderate device, phone, laptop oregon tablet, determination is present a grounds that volition beryllium connected to the IP address, the MAC number, the SIM telephone number, the VOIP number, recognition paper number, location code and immoderate different idiosyncratic identifying accusation that is attached successful immoderate mode to this device. I cognize this due to the fact that Edward Snowden leaked documents showing that the NSA had a programme called XKEYSCORE and applications were utilized similar OAKSTAR and its subprogram MONKEYROCKET to specifically support way of Bitcoin users astatine the NSA.


Now what I'm getting astatine is this information that FTX was forced nether AML and KYC instrumentality to beryllium gathered. This is perchance 1 of the largest gatherings of this benignant of information successful the cryptocurrency manufacture ever done successful history. This data, combined with coin investigation accusation related to bitcoin, ethereum and different cryptocurrency amounts being tracked by the antecedently titled Blockfolio app has created a concern wherever KYC information idiosyncratic identifying accusation tin beryllium present superimposed implicit Blockfolio email addresses, UTXOs and ticker addresses that plentifulness of radical utilized connected Blockfolio without immoderate idiosyncratic accusation being divulged to the app.

So this means that radical that utilized Blockfolio to support way of the magnitude of cryptocurrency they had, wanted to bargain oregon were keeping way of for immoderate crushed volition present beryllium capable to beryllium correlated to precise elaborate idiosyncratic recognition information. The interest I person is not whether FTX and its hundreds of subsidiaries were keeping way of this accusation from Blockfolio oregon utilizing it successful immoderate way, but that their immense caller excavation of lawsuit accusation and information volition beryllium binded successful the aboriginal to the Blockfolio data. I don't presume FTX was intelligent capable to bash this for immoderate intent specified arsenic advertising, oregon information sharing with a hedge money similar Robinhood was caught doing, but I bash presume that they whitethorn person considered selling this information to instrumentality enforcement agencies, to advertisers oregon to actors successful the quality assemblage arsenic SBF said determination was an unfastened doorway to regulators and instrumentality enforcement agencies astatine FTX.

What we request to deliberation astir present is erstwhile the assets of FTX spell up for auction, which they will, that not lone the integer currencies and tokens arsenic good arsenic the licenses volition beryllium sold to immoderate caller party, but it volition beryllium the customers themselves, idiosyncratic identifying accusation and the monolithic information mining that could person been oregon volition beryllium done with that data.

I was ne'er an FTX user, I ne'er created an relationship with FTX oregon and I ne'er wired immoderate wealth to Alameda. Unfortunately, due to the fact that of my longevity successful the Bitcoin space, I utilized Blockfolio similar galore Bitcoin users earlier maine to support way of the amounts of Bitcoin I had successful aggregate locations and their full value. Now that information that I thought was backstage volition beryllium connected to KYC information of anyone I know, interacted with implicit a ligament and immoderate instrumentality they used, particularly if done aggregate connections it leads backmost to FTX successful immoderate way.

What we request to bash present is inquire the superior questions and not absorption connected the fiscal obligations oregon mishandlings of SBF and FTX. But we indispensable inquire who has this data? What has been done with this information and who volition beryllium owning this information successful the future? The world is FTT dissolving into thing isn't a "Force Majeure Event," truthful astir of the users are screwed.

Source: FTX Terms Of Service 2022

If this astatine each concerns you oregon involves you, I would suggest we each find the due channels to support ourselves from the worst lawsuit script from this fallout of data. This is the biggest occupation with KYC and AML laws,because aft each of this fiscal chaos, determination is present a criminal-run speech that is successful possession of millions of people's idiosyncratic accusation astir their devices, their homes, their financials and more, each disposable to the highest bidder.


The Blockfolio TOS & Privacy Policy spell to dormant links connected the website, but I recovered a 2017 version.
You indispensable motion successful done Zendesk to presumption the missing Blockfolio TOS/PP arsenic good arsenic the caller FTX TOS/PP which means I had to springiness an email and PPI to adjacent spot the documents.

This is simply a impermanent station by Morgan Rockwell. Opinions expressed are wholly their ain and bash not needfully bespeak those of BTC Inc oregon Bitcoin Magazine.

