Blockchain analysis firm Elliptic has flatly denied having access to any user identity information or data, after being mentioned in connection with the recent Coinbase data-selling row – but did confirm Coinbase as a client.
Elliptic, along with Chainalysis, has in recent days been name-dropped as potential resellers of Coinbase user data. This revelation has come in connection with Coinbase’s recent hiring (and firing) of questionable employees of Neutrino, another analytics firm that Coinbase acquired outright last month.
Re @Coinbase data:
1) Got a wallet? Assume it's tracked by AML vendors like @chainalysis & @elliptic.
2) If they switched to “give-get” data policies, it means Coinbase had three choices: a) buy a competitor, b) break US law, c) help create a surveillance mesh.#Context https://t.co/YeM8n1IbM3
— Ryan Selkis (@twobitidiot) March 3, 2019
Doing their best to nip any suspicions in the bud, Elliptic CEO James Smith wrote yesterday:
Elliptic has no access to end users’ personally identifiable information. Our exchange clients, including Coinbase, do not provide us with any personally identifiable information about their users. Our clients use our solutions to screen specific transactions for risk. We do not require or request any transaction data that we can link to individuals, and do not have any other client information such as names, addresses or social security numbers.
Smith added that Elliptic’s “solutions [are only] used in order to combat financial crime,” and no other purpose.
Under the Hood
Elliptic provided a FAQ with the post, elaborating on exactly what the firm does, and what information it gets from clients.
Elliptic claim to receive “transaction hash, the input or output address to be analysed and the direction of the transaction (deposit/withdrawal).” They claim that this information is requested only when an exchange wants a specific transaction “screened.”
Notably, Elliptic added that they do, in fact, receive a “Customer ID” from a client exchange to associate with their analysis. However, they also claim that this data comes as “typically a random, unique identifier,” and that identity information associated with the ID is known only to the exchange – Elliptic claim in no unequivocal terms to “hold no KYC data whatsoever.”
But even if Elliptic do not get actual identity data from clients, it’s clear that they’re in the business of finding IDs in-house. The FAQ states that “[Elliptic] maintain evidence for any labelling of cryptocurrency addresses with a real world identity” – but maintain that they “[do] not get involved in making decisions about […] reporting [customer] activity to any third party.”
Coinbase has had a bad month in February, as CryptoGlobe reported yesterday, and March is so far looking no better. Time will tell what other damage-control measures will follow the Neutrino firings, if any.