FTX, a prominent cryptocurrency exchange, has found itself in the spotlight as its advisers, Alvarez & Marsal (A&M), recently shared information on FTX customer trades with the US Federal Bureau of Investigation (FBI). This revelation comes as a result of FBI subpoenas served during the court proceedings of the bankrupt crypto firm.
In response to these subpoenas, at least five different field offices of the FBI received valuable customer data from FTX. The FBI’s Philadelphia office requested information “related to specific IDs” on Amazon Web Services (AWS), while the agency’s Oakland and Portland offices sought customer information and specific transactions in the months of July and August.
In addition to these requests, FTX received subpoenas from the FBI’s Cleveland and Minneapolis establishments. Remarkably, A&M, the advisers involved, billed the FTX bankruptcy estate a total of $21,000 for their efforts in complying with the FBI’s demands throughout the months of July, August, and September.
This incident sheds light on the trade-off between anonymity and compliance faced by users of centralized exchanges. When individuals sign up for such platforms, their crypto wallet addresses can easily be linked to their real-world identities when necessary to meet anti-money laundering regulations. This situation underscores the inherent risks associated with storing sensitive customer information in a centralized location, such as a cloud server, as it can create a single point of failure.
The potential consequences of this centralized storage are further exemplified by recent events like the breach of LastPass, a password manager holding crypto keys, which led to the loss of $4.4 million in crypto assets.
The A&M advisers who fulfilled the FBI’s requests will be compensated from the FTX assets, which are currently in various stages of liquidation. Notably, a recent court decision has allowed FTX debtors to sell crypto assets in weekly tranches of $100 million to minimize their impact on the market.
When it comes to how crypto firms respond to subpoenas, it’s essential to recognize that US-based companies have a structured process in place to address such requests. This process aims to strike a balance between cooperating with law enforcement and protecting customer transaction data from government overreach.
Typically, the requesting agency must establish a probable legal cause for their information request, preventing fishing expeditions aimed at drumming up criminal activity. Companies like Coinbase have previously sought to limit the scope of such requests, as exemplified when they fought against an overly-broad subpoena from the US Internal Revenue Service (IRS). Coinbase successfully narrowed the scope of the request to wallet information for 15,000 US account holders.
Coinbase’s experience serves as a reminder of the extent of such requests, with the exchange revealing that it received a substantial 12,320 law enforcement requests between October 1, 2021, and September 30, 2022. The United States emerged as the largest single solicitor of information, accounting for 5,304 of these requests.