1/
Cool growth chart. Have you disclosed to US customers like @Rippling, @Billcom, @TheZipHyouQ, @brexHQ, and @Navan that you’re quietly sending their customers’ data to China?
Airwallex has become a Chinese backdoor into sensitive American data like from AI labs and defense contractors. You must already know this, but your China-based ops, infra, and investors create legal obligations to assist with CCP espionage upon request.
Through Airwallex, Beijing can access:
•supplier payments for AI labs
•payroll data for defense contractors
•personal data for employees abroad
Obviously many companies do business in China, and that’s not inherently a bad thing. But your company has become a guaranteed vector for data transfer to the Chinese government, and that’s a different thing entirely.
You have multiple points of vulnerability:
> people (key execs and core engineering team is based in mainland China, which obligates these individuals to comply with Chinese government demands to hand over data)
> legal structure (company leaders are subject to Chinese national security law)
> cap table (over 20% of your company is Chinese-owned, including Tencent, HongShan, and others, which further obligates you to comply with CCP requests).
What’s happening:
> You route global payments for US companies in critical sectors, without disclosing that you are under Chinese jurisdiction
> You moved HQ to Singapore, but your largest operational footprint is in China and hundreds of your engineers in mainland China touch production payment systems
> You are subject to Chinese law that requires Airwallex employees to support CCP intelligence requests and quietly hand over data when asked
> You hide this from your customers, but you are well aware of your obligations to China and that is why you insist on protection of Chinese data access in your contracts
Thanks to you, the Chinese government now has direct, covert, legally enforceable access to sensitive financial information belonging to America’s AI labs, defense contractors, financial institutions, healthcare firms, and Fortune 500s. Maybe this wasn’t your intent when you started the company, but it’s clear you’ve allowed this to happen.
Cool growth chart. Have you disclosed to US customers like @Rippling, @Billcom, @TheZipHyouQ, @brexHQ, and @Navan that you’re quietly sending their customers’ data to China?
Airwallex has become a Chinese backdoor into sensitive American data like from AI labs and defense contractors. You must already know this, but your China-based ops, infra, and investors create legal obligations to assist with CCP espionage upon request.
Through Airwallex, Beijing can access:
•supplier payments for AI labs
•payroll data for defense contractors
•personal data for employees abroad
Obviously many companies do business in China, and that’s not inherently a bad thing. But your company has become a guaranteed vector for data transfer to the Chinese government, and that’s a different thing entirely.
You have multiple points of vulnerability:
> people (key execs and core engineering team is based in mainland China, which obligates these individuals to comply with Chinese government demands to hand over data)
> legal structure (company leaders are subject to Chinese national security law)
> cap table (over 20% of your company is Chinese-owned, including Tencent, HongShan, and others, which further obligates you to comply with CCP requests).
What’s happening:
> You route global payments for US companies in critical sectors, without disclosing that you are under Chinese jurisdiction
> You moved HQ to Singapore, but your largest operational footprint is in China and hundreds of your engineers in mainland China touch production payment systems
> You are subject to Chinese law that requires Airwallex employees to support CCP intelligence requests and quietly hand over data when asked
> You hide this from your customers, but you are well aware of your obligations to China and that is why you insist on protection of Chinese data access in your contracts
Thanks to you, the Chinese government now has direct, covert, legally enforceable access to sensitive financial information belonging to America’s AI labs, defense contractors, financial institutions, healthcare firms, and Fortune 500s. Maybe this wasn’t your intent when you started the company, but it’s clear you’ve allowed this to happen.
2/6 Airwallex presents itself as a Singaporean company, but the bulk of its operations and core staff are in China’s jurisdiction. Airwallex has 1,700 employees globally; roughly 40% and its largest offices are in mainland China and Hong Kong, including core engineering and ops.
Job postings for “Senior Software Engineer – Backend (Payments Platform), Shanghai” say engineers there “design, develop, and maintain mission-critical payment systems that power Airwallex’s core financial services… for its global customers,” implying production-level access.
Job postings for “Senior Software Engineer – Backend (Payments Platform), Shanghai” say engineers there “design, develop, and maintain mission-critical payment systems that power Airwallex’s core financial services… for its global customers,” implying production-level access.
3
4/Airwallex handles payments for tens of thousands of American companies, including in sensitive and critical fields like AI and national security.
Airwallex markets itself as a harmless global company to unsuspecting payment processors like Zip, Brex, and Bill whose customers in turn include OpenAI, Anthropic, Coinbase, Databricks, Snowflake, Robinhood, Scale, and others.
The data from those payments, which are handled internationally by Airwallex and are accessible to the CCP, include:
- Supplier and vendor payments for AI labs that could be used to understand and infiltrate supply chains
- Payroll / employee data for defense contractors, potentially revealing who is buying what from whom
- DOBs, SSNs, addresses, etc. for employees and contractors of financial and crypto firms
- Reimbursement accounts that reveal employee locations, travel patterns, activities
Financial transaction metadata exposes supply chains, burn rates, hiring geography, vendor relationships, and procurement timelines. Obviously valuable intel for Beijing.
Airwallex markets itself as a harmless global company to unsuspecting payment processors like Zip, Brex, and Bill whose customers in turn include OpenAI, Anthropic, Coinbase, Databricks, Snowflake, Robinhood, Scale, and others.
The data from those payments, which are handled internationally by Airwallex and are accessible to the CCP, include:
- Supplier and vendor payments for AI labs that could be used to understand and infiltrate supply chains
- Payroll / employee data for defense contractors, potentially revealing who is buying what from whom
- DOBs, SSNs, addresses, etc. for employees and contractors of financial and crypto firms
- Reimbursement accounts that reveal employee locations, travel patterns, activities
Financial transaction metadata exposes supply chains, burn rates, hiring geography, vendor relationships, and procurement timelines. Obviously valuable intel for Beijing.
5/US law explicitly aims to prevent sensitive financial data from ending up in CCP hands, including a 2024 DOJ rule treating transfers of U.S. financial transaction data as a national-security risk. Airwallex circumvents this by never telling customers that its China/Hong Kong staff have legal and technical access to this data and are compelled under PRC intelligence laws to provide access (while having to keep all this under wraps).
Those obligations include turning over to the Chinese government data collected from anywhere in the world, creating back doors and other vulnerabilities to allow China to access data, and protecting Chinese intelligence activities from becoming known.
Those obligations include turning over to the Chinese government data collected from anywhere in the world, creating back doors and other vulnerabilities to allow China to access data, and protecting Chinese intelligence activities from becoming known.
6/ Airwallex isn’t a global company with a Chinese office. It’s actually a Chinese engineering and legal apparatus with a global facade.
You’ve built your business on pitching American companies on handling their global payments, while omitting the fact that your structure, staff distribution, legal obligations, and licensing regime make PRC access to foreign data unavoidable and legally compulsory.
Congrats on your revenue milestone, but you have some explaining to do.
You’ve built your business on pitching American companies on handling their global payments, while omitting the fact that your structure, staff distribution, legal obligations, and licensing regime make PRC access to foreign data unavoidable and legally compulsory.
Congrats on your revenue milestone, but you have some explaining to do.
3/ Airwallex is subject to Chinese laws that *require employees to support CCP intelligence requests* and hand over data when asked.
As CEO, you list your place of residence as Hong Kong (with a correspondence address of London) in legal filings (eg, …te.company-information.service.gov.uk/officers/dTAHf…), your co-founders (CTO and COO) are based in Hong Kong and Mainland China per X data, and your Chief Legal, Compliance and Risk Officer lives in Hong Kong too – placing your key execs under the Hong Kong National Security Law, which penalizes refusing government requests for data.
Under the PRC National Intelligence Law, every China-based Airwallex engineer is legally obligated to provide access or credentials to authorities and keep it secret. Even if the servers sit in the U.S, your administrators are in Shanghai. These employees can even be ordered to insert backdoors and are barred from disclosing any of it.
As CEO, you list your place of residence as Hong Kong (with a correspondence address of London) in legal filings (eg, …te.company-information.service.gov.uk/officers/dTAHf…), your co-founders (CTO and COO) are based in Hong Kong and Mainland China per X data, and your Chief Legal, Compliance and Risk Officer lives in Hong Kong too – placing your key execs under the Hong Kong National Security Law, which penalizes refusing government requests for data.
Under the PRC National Intelligence Law, every China-based Airwallex engineer is legally obligated to provide access or credentials to authorities and keep it secret. Even if the servers sit in the U.S, your administrators are in Shanghai. These employees can even be ordered to insert backdoors and are barred from disclosing any of it.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
