FTX 崩溃如何让 Blockfolio 用户暴露在风险之中

By Bitcoin 杂志 - 1 年前 - 阅读时间：7 分钟
22 年 2022 月 1 日星期二 55:XNUMX AM

FTX 崩溃如何让 Blockfolio 用户暴露在风险之中

The data necessary to analyze previous Blockfolio entries is now mixed up into the massive cryptocurrency exchange’s collapse.

This is an opinion editorial by Morgan Rockwell, founder of Bitcoin Kinetics.

I'm not concerned with Sam Bankman-Fried allegedly 获得贷款 from Alameda, which was actually FTX customer funds wired through Alameda to be credited on FTX. I'm not concerned with the moral compass of the 名人 investors who gave billions to a kid they didn't really know or understand, yet endorsed with wealth and credibility. I'm not very concerned with the financial and 市场效应 许多公司、交易所和交易员出于某种原因以任何形式依赖 FTX。

I'm most concerned with Sam Bankman-Fried getting the personal identification information of millions of customers, and using that data to do chain analysis on the Blockfolio app he purchased which was used by many Bitcoiners and cryptocurrency holders as a tracking tool of Bitcoin, Ethereum and other watch-only cryptocurrency wallets.

资料来源：Google图片

If you aren't aware, Blockfolio was an app that was used by many Bitcoin holders and other cryptocurrency holders to keep track of the exchange rate or the prices of their coins held in cold storage or on wallets that they only wanted to be watching and not have actively on a hot wallet on their mobile device. Storing the wallet addresses actually were not even needed on the app. You could just put in a amount of a certain cryptocurrency that you wanted to watch and say that you had — but there was also a feature to connect to exchanges to keep track of all of your coins across all of the exchanges you had them on in one app. This was the beauty of Blockfolio as it didn't necessarily ask for too much personal identification information other than an email to help keep track of your account so you can log in from multiple devices.

我们中的大多数人都像我一样开始意识到 Sam Bankman-Fried，因为 购买的 Blockfolio 由一个名为 FTX 的新成立实体创建。 几周后，Blockfolio 应用程序更名为 FTX 应用程序，现在有了自己的交易所。 我们假设，它还有一套新的“了解你的客户”规则、反洗钱政策、新的服务条款，以及由 FTX 持有的自己的托管钱包。

您可以在此处查看 30 年 2017 月 XNUMX 日起 Blockfolio 的服务条款：

Sumber: Blockfolio 隐私政策 2017

Blockfolio 热切地争辩说他们没有也永远不会出售用户数据。 Blockfolio 甚至尝试使用 ID 散列机制对用户进行去标识化，甚至不让自己识别并将用户组合连接到电子邮件地址； 这显然在购买并转换为 FTX 后从未发生过。

在这里您可以看到新的 FTX 隐私政策的显着差异：

Sumber: FTX 隐私政策 2022

FTX 服务条款中很少提及个人身份信息，这是与隐私政策不同的文件。

作为参考，如果您以前从未阅读过公司的服务条款或隐私政策，我强烈建议您喝杯烈性啤酒，享受这个词汤！

This all has brought up questions around this merger and the acquisition that happened in the cryptocurrency industry only a few years ago. I am concerned because after the fallout of this exchange, FTX going bankrupt and all of its assets potentially being put up for auction, I would like to know the state of the personal identification information that FTX had been forced to gather because of KYC and AML laws. My concern is the vast amount of information gathered including passports, phone numbers, IP addresses, home addresses, cryptocurrency wallet addresses, email addresses, passwords and government IDs. All of these could be sold at auction as customer data or customer profiles to whoever finds them valuable.

Now the assets held by FTX whether they were actually real cryptocurrency such as bitcoin or made up tokens built on another layer one network such as ethereum are not too important in this conversation in my opinion. What is important is the data, the privacy data, the data mining operation that could have or will be done on all of this data FTX had gathered on customers either it was done by them or it will be done by whomever buys this data at auction. Even more so, the jurisdiction of that data is open to anywhere on earth.

As someone who has personally worked on coin analysis concepts and technology for the United States Military, as well as consulted on this for the Department of Defense as a so called "subject matter expert," I can personally attest that it is very easy to correlate a person to their Bitcoin wallet address using nothing more than the amounts of bitcoin held on specific addresses, as well as the device data that is keeping track of those specific amounts on specific addresses — this is simple SIGINT, MASINT or HUMINT, all of which are different forms of intelligence gathering.

If you are keeping track of any bitcoin on any wallet over any Bitcoin explorer that is looked through a browser or app on any device, phone, laptop or tablet, there is now a record that will be connected to the IP address, the MAC number, the SIM phone number, the VOIP number, credit card number, home address and any other personal identifying information that is attached in any way to this device. I know this because Edward Snowden leaked documents showing that the NSA had a program called XKEYSCORE 和应用程序被使用像 橡星 及其子程序 猴子火箭 to specifically keep track of Bitcoin users at the NSA.

Now what I'm getting at is this data that FTX was forced under AML and KYC law to be gathered. This is potentially one of the largest gatherings of this type of data in the cryptocurrency industry ever done in history. This data, combined with coin analysis information related to bitcoin, ethereum and other cryptocurrency amounts being tracked by the previously titled Blockfolio app has created a situation where KYC data personal identifying information can be now superimposed over Blockfolio email addresses, UTXOs and watch addresses that plenty of people used on Blockfolio without any personal information being divulged to the app.

So this means that people that used Blockfolio to keep track of the amount of cryptocurrency they had, wanted to buy or were keeping track of for whatever reason will now be able to be correlated to very detailed personal identification information. The concern I have is not whether FTX and its hundreds of subsidiaries were keeping track of this information from Blockfolio or using it in any way, but that their vast new pool of customer information and data will be binded in the future to the Blockfolio data. I don't assume FTX was intelligent enough to do this for any purpose such as advertising, or data sharing with a hedge fund like 罗宾汉 被抓到了，但我确实认为他们可能考虑过将这些数据出售给执法机构、广告商或情报界的参与者，因为 SBF 表示 FTX 对监管机构和执法机构敞开大门。

我们现在需要考虑的是，当 FTX 的资产进行拍卖时，他们将会拍卖，不仅数字货币和代币以及许可证将被出售给某个新的一方，而且将是客户本身、个人身份信息以及本可以或将要对这些数据进行的海量数据挖掘。

I was never an FTX user, I never created an account with FTX or FTX.us and I never wired any money to Alameda. Unfortunately, because of my longevity in the Bitcoin space, I used Blockfolio like many Bitcoin users before me to keep track of the amounts of Bitcoin I had in multiple locations and their total value. Now that data that I thought was private will be connected to KYC data of anyone I know, interacted with over a wire and any device they used, especially if through multiple connections it leads back to FTX in any way.

What we need to do now is ask the serious questions and not focus on the financial obligations or mishandlings of SBF and FTX. But we must ask who has this data? What has been done with this data and who will be owning this data in the future? The reality is FTT dissolving into nothing isn't a "Force Majeure Event," so most of the users are screwed.

If this at all concerns you or involves you, I would suggest we all find the proper channels to protect ourselves from the worst case scenario from this fallout of data. This is the biggest problem with KYC and AML laws,because after all of this financial chaos, there is now a criminal-run exchange that is in possession of millions of people's personal information about their devices, their homes, their financials and more, all available to the highest bidder.

笔记：

This is a guest post by Morgan Rockwell. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin 杂志。

原始来源： Bitcoin 杂志