The paradoxical nature of cryptocurrency’s privacy is that the blockchain, that unchangeable ledger of all a cryptocurrency’s transactions, serves as both a map and a mask: Bitcoin are easy enough to follow from one address to the next. But only a few entities, like the cryptocurrency exchanges that allow users to trade their crypto for traditional currency, are able to match the inscrutable strings of numbers and letters in those addresses to real-world identities. So when one of those exchanges suddenly dumps a massive internal user database online, they haven’t just spilled their own data. They’ve offered a key to decipher a vastly larger set of financial secrets. That’s what happened last week when Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users’ transaction data through an unusual sort of privacy breach: a court filing. As part of its bankruptcy proceedings—in which the company’s owners are accused of pulling tens of millions of dollars worth of crypto out of the exchange before revealing its insolvency—the company’s attorneys released a document that appears to include the transaction data of half a million of its users from April of this year until it ceased trading in June.
Read more: Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves.