One of the largest cryptocurrency exchanges in the world hired Dan Wolfford, a former NSA analyst who also worked for a UAE-based hacking company accused of spying on American citizens, journalists, and human rights activists. Update: After Motherboard reached out to the company asking for comment, it said Dan Wolfford "was not onboarded" and would no longer be joining it.
On Monday, Wolfford announced in a LinkedIn post that he was starting as Crypto.com’s new Head of Security Operations. Wolfford used to be an NSA analyst, and after he retired from public service, he went to work for DarkMatter, a cybersecurity outfit based in the United Arab Emirates. In 2016, The Intercept revealed that DarkMatter had hired scores of experienced hackers, including former NSA and US intelligence analysts. Then, in 2019, Reuters revealed that a secret team within DarkMatter was tasked with conducting hacking and surveillance operations for the UAE government that targeted American citizens, journalists, and human rights activists.
Crypto.com said in a statement, sent after an early version of this story was published, that Wolfford “was not onboarded with the company, and he will not be joining us.”
Crypto.com has recently attempted to raise its public profile by purchasing the naming rights to the arena the Los Angeles Lakers play in for $700 million and creating a now-infamous ad starring Matt Damon. The exchange suffered a hack last month which saw $30 million stolen from users, which the exchange reimbursed.
Wolfford doesn’t list DarkMatter as previous experience on his LinkedIn profile. When Motherboard asked Wofford if he disclosed this work history to Crypto.com, he responded that he “explained how media personalities like to report fake news that sounds exciting to get clicks rather the boring truth.”
“I helped three member states of the United Nations develop national threat intelligence capabilities. Crypto.com thinks my knowledge and experience brings value to their global security team,” he said, adding that he was just “a threat intel analyst.”
“I can’t speak on behalf of a company I worked with for a few months back in 2017,” he said.
While not on his LinkedIn profile anymore, Wolfford’s experience in the Middle East is very public. In 2018, he spoke at an Austin, Texas cybersecurity conference about “real world hacking in the Middle East from 2015-2018.” On the conference website’s bio, Wolfford is listed as having worked as the Intel Director at DarkMatter, and at Cyberpoint, a US cybersecurity contractor hired by the UAE government, some of whose employees later joined DarkMatter.
Do you have any information on a cryptocurrency hack? Or do you research vulnerabilities on cryptocurrencies and their networks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email firstname.lastname@example.org
In a 2019 interview with Ars Technica, Wolfford said he did not hack US citizens.
“We did not hack Americans,” he told Ars. “Our mission was simple: advise and assist UAE to create a national cyber security program.” And work on creating a "target list," Wolfford said, was part of a training operation “to teach the Emiratis about lawful targeting and collection.”
"We tried to show them who is and isn’t a threat to their national security,” he added at the time. “The bottom line is that I don’t condone illegal activity conducted by any of my employers. That is a line I would never cross and I’m offended when people accuse me of being guilty by association.”
In September of last year, three former US intelligence analysts, and former DarkMatter employees, who then worked for UAE intelligence agreed to pay more than $1.68 million in a settlement. The US government accused them of providing hacking services to a foreign government in violation of US export control laws.
That Crypto.com is looking to beef up their security shouldn’t come as a surprise. Last month hackers stole around $30 million in cryptocurrency from some of the exchange’s users, the company admitted. Crypto.com reimbursed the victims, and said the hackers stole from 483 users.
This is not the first time a crypto exchange has hired someone who used to work for a controversial surveillance company. In 2019, Coinbase acquired a blockchain intelligence startup launched by three former employees of the controversial spyware company Hacking Team, known for having sold surveillance and hacking technology to countries like Ethiopia, Saudi Arabia, and Sudan, which then used it against journalists and dissidents. After public outrage, including a #DeleteCoinbase online movement, Coinbase said the three former Hacking Team employees would “transition out” of the company.