red 
We started Elliptic because we believe that an open financial system will make financial services cheaper, faster, fairer and more accessible, and that cryptocurrencies will form the backbone of this system. Elliptic helps make this open financial system a reality by giving businesses the information they need to create trusted crypto services. We are proud to work with many of the world’s largest cryptocurrency services, building a trusted industry together.
As with any payment mechanism, a small but significant portion of cryptocurrency users use it to support criminal activities. Our clients have an ethical and sometimes legal obligation to prevent the proceeds of this crime from flowing through their services and use our solutions to ensure this does not happen.
I was disappointed to see reports over the past few days that incorrectly implied that Elliptic was distributing personal information for financial gain. Such comments fundamentally misunderstand the data we analyze, the insight we share with our clients, and the role we play in the industry.
Elliptic does not have access to personal data of end users. Our exchange clients, including Coinbase, do not provide us with any personal information about their users. Our clients use our solutions to check the risk in certain transactions. We do not request or request any transaction data that we can link to individuals and we do not have any other customer information such as names, addresses or social security numbers.
We do not support or facilitate the violation of any individual’s financial privacy. We strongly believe that no individual should be subject to unlawful access to their financial information by any government body, and that no financial institution or service provider should disclose this financial information to third parties without the individual’s permission. We allow our solutions to be used only for the purpose of fighting financial crime and do not allow them to be used for marketing, business intelligence or any other purpose.
In the spirit of transparency, the following frequently asked questions explain the types of data we receive from our customers and what we do with it. I hope this information brings some clarity and I encourage our customers and potential customers to share any questions or concerns with me directly by contacting ceo@elliptic.co.
James Smith
CEO, Elliptic
FAQs
What services does Elliptic provide to its customers?
Elliptic brings confidence, and thus growth, to the cryptocurrency industry. We do this by providing solutions that help exchanges and others operating in the space meet their ethical and often legal and regulatory obligations to identify and combat criminal activity in cryptocurrencies. Our tools enable them to satisfy key anti-money laundering controls by verifying the source or destination of funds in a transaction. This is otherwise known as “transaction verification”.
What data do customers provide to Elliptic?
Elliptic’s clients – including exchanges – are required to provide some information in order for their transactions to be verified. The information we need is limited to blockchain transaction information for the transaction the exchange wants to verify. Specifically, we request that the transaction hash, input or output address, and transaction direction (deposit/withdrawal) be analyzed. Optionally, a client ID can also be provided (more on that below).
In addition, when using Elliptic’s tools and services, clients are free to decide which transactions they want to review and are not obligated to review every transaction. They could also review transactions that have nothing to do with them.
What personal data about client end users does Elliptic receive?
There is none.
Elliptic never, ever requests or requests any end user data from its clients. We do not hold any KYC data. We never want or need to know who is behind any transaction analyzed by the exchange. This information is not relevant to our ability to check transactions for suspicious activity. As a result, we do not receive or hold any information about our customers’ end users (whether names, addresses, social security numbers, DOBs, or other personally identifiable information).
In fact, when onboarding new customers, we expressly inform our users that we do not want or require any personal information about their end users in order to verify transactions for anti-money laundering purposes.
Why does Elliptic ask for a customer ID when submitting a transaction for verification?
Elliptic enables exchanges to associate a given transaction with a unique customer ID. This client ID is usually a random, unique identifier used by the exchange and does not contain personal information.
The reason for associating transactions with this client ID is to help the exchange analyze transaction behavior at the customer level. In addition to analyzing individual transactions for suspicious activity, it is best practice for exchanges to analyze transactions at the user level. One reason for this could be to determine if the client is performing regular patterns of activity that indicate suspicious behavior (where an individual transaction might not).
What does Elliptic do with the data it receives from the stock market?
The information that Elliptic receives from exchanges – transaction hashes, addresses and direction of the transaction – allows us to identify the transaction that needs to be reviewed and which transaction output corresponds to a deposit/withdrawal.
Why is this important?
In order to provide our customers with an accurate overview of transactions, it is vital that we are able to accurately map which addresses are controlled by which services or suspicious actors. Only by building this entity map can we reliably analyze transactions and tell the exchange what they might be associated with suspicious actors.
We use the information we receive from clients to make sure our property map is as accurate as possible. At Elliptic, we place a strong emphasis on data accuracy. Having highly accurate anti-money laundering data is critical for our exchange clients to ensure they can minimize the number of false positive alerts they receive, which in turn helps ensure their end users are not falsely associated with suspicious activity. This is why we are proud to have very accurate data.
Where else does Elliptic get its data from?
We use a number of data collection and analysis techniques, including web scraping and interactions with various services. It is important that we maintain evidence of any real-identity marking of cryptocurrency addresses and review them manually to ensure a high level of data accuracy.
What does Elliptic mean? not to work with the data it receives from clients?
Elliptic does not use client-provided data to analyze and record end users’ cryptocurrency wealth sources or spending patterns.
Similarly, Elliptic does not become involved in making decisions about the activities of users of the Exchange or reporting such activity to any third party. We simply provide information about the risk of the transaction, and the exchange then determines whether and how to take action.
Elliptic’s mission is to develop compliance and fraud solutions that enable businesses to combat financial crime in crypto. As a result, any solutions we develop or data we analyze serve only to advance this mission.
To which third parties does Elliptic provide data?
The data Elliptic receives from its clients is used to improve the accuracy of the entity map, so that all clients can benefit from improved risk assessment and reduce the incidence of inaccurate reporting. To prevent financial crime, it is useful to know when funds have been received from a trusted entity.
This service facilitates the flow of funds between our clients. They can be more confident about how to link transactions to legitimate or suspicious entities; they can be more proactive in working with other exchanges to share information about potential fraudsters or scammers; and can ensure that their end users are less likely to be mistakenly associated with suspicious activity, which could otherwise result in their account being terminated.
We believe that this data sharing model – one that does not infringe on the privacy of individual users, but rather promotes the quick and accurate identification and sharing of illegal activity – is in the best interest of anyone trying to build a business in the crypto economy. Only by working together in this way and showing that the industry is serious about cracking down on criminal behavior can we hope to see cryptocurrency adoption reach the levels we all aspire to.
