Unless you’ve stayed on Elon Musk’s social media platform, X – previously known as Twitter – you probably missed an extraordinary rant from US investor Keith Rabois claiming that “Airwallex has become a Chinese backdoor into sensitive American data like from AI labs and defense contractors”.
The former PayPal exec – yes he’s part of the PayPal mafia, with Musk and US vice-presidential puppet master Peter Thiel – is MD at California VC Khosla Ventures. Last night, he fired up both thumbs to carry on like a short-seller gagging for a bear market, ripping into Airwallex, a competitor to his firm’s portcos, Stripe and Block (owner of Afterpay).
The opening salvo was provoked by Airwallex cofounder and CEO Jack Zhang’s post a month ago that the fintech had hit $1 billion in ARR.
Rabois teed off at Zhang in the first of six tweets, with “Cool growth chart. Have you disclosed to US customers like @Rippling, @Billcom, @TheZipHyouQ, @brexHQ, and @Navan that you’re quietly sending their customers’ data to China?”
Central to his thesis is that while the company is now based in Singapore, Airwallex has “multiple points of vulnerability”- “your China-based ops, infra, and investors create legal obligations to assist with CCP espionage upon request”, accusing the company of hiding it from the fintech’s customers, while “the bulk of its operations and core staff are in China’s jurisdiction. Airwallex has 1,700 employees globally; roughly 40% and its largest offices are in mainland China and Hong Kong, including core engineering and ops.”
“Thanks to you, the Chinese government now has direct, covert, legally enforceable access to sensitive financial information belonging to America’s AI labs, defense contractors, financial institutions, healthcare firms, and Fortune 500s, Rabois wrote.
“Maybe this wasn’t your intent when you started the company, but it’s clear you’ve allowed this to happen.”
It started what Musk’s Nazi porn bar thrives on – a dumpster fire of arguments back and forth, raging in the machine, while Zhang and his cofounder, Lucy Liu weighing in to deny the claims, as well as chief product officer Shannon Scott.
Return fire
“It’s disappointing to see an investor circulating inaccurate claims to give a portfolio company an edge in competing,” Zhang responded.
“Airwallex operates under strict global data-residency and security frameworks. No U.S. customer data is sent to China. Full stop. Just like Apple, Tesla, and Microsoft. We hire the best talent globally. But where our engineers sit is different from where your data sits and who has access to that data. US customer data is stored in US, Netherland and Singapore data centers and subject to strict security and access controls. No members of Airwallex China or Hong Kong entities have access to US customer PII.
“We hold 70+ licenses globally and regulated in over 48 states in the United States. We do not answer to foreign intelligence demands for non-local sensitive data, our technical and legal structures prevent that cross-border reach. We comply with US federal requirements with respect to China and Hong Kong access to US sensitive personal information. Our leadership team operates across the U.S., Europe, Singapore, and Australia. And for what it’s worth, the entire London tech ecosystem knows I live in Holland Park.”
Shannon Scott responded to his boss, sayings that: “Airwallex will continue to build data centers that isolate customer data into their respective region, going beyond regulatory requirements and customer expectations. Many of our customers are multi-national themselves, so creating customer choice will also be key.”
Airwallex CEO Jack Zhang. Photo: supplied
Lucy Liu returned fire saying “the allegations and inaccurate narrative here align closely with the interests” of a Khosla portfolio company, adding that Airwallex’s “legal structure and technical architecture are intentionally designed to prevent cross-border data access, regardless of where engineers are located”.
Liu said Airwallex is under continuous oversight from U.S. and international regulators about its data privacy.
“Airwallex’s position is absolutely clear. Airwallex operates under rigorous global data-residency and security standards that comply with all U.S. federal requirements, including those governing access to sensitive personal information,” she said.
U.S. customer data is stored exclusively in data centers in the U.S., the Netherlands, and Singapore and is not transferred to China. Just like Apple, Tesla, and Microsoft. We hire the best talent globally. Employees in China or Hong Kong do not have access to U.S. customer PII.”
China-born Liu, who moved to New Zealand aged 12 and grew up there, also took Rabois up on accusations that’s she’s China-based, finishing off “And since my residency keeps being misrepresented: I live in Singapore.”
Grok said: “Based on diverse sources including Airwallex’s disclosures, Wikipedia, and analyses of Chinese laws: Keith’s points on Airwallex’s Chinese investors (e.g., Tencent, HongShan), operations, and engineers in China are accurate. PRC laws can require data access for security. However, no evidence confirms routine data sharing with CCP or espionage. Privacy policy discloses global transfers, including to China. Probability: Structural risks exist (70-80% for vulnerabilities), but specific backdoor claims are unverified (20-30%).”
And in another response to whether his claims are true said “Keith’s claims point to risks from Airwallex’s China ties, including investors like Tencent and HongShan, and operations there. The firm is HQ’d in Singapore, with a China payment license, and Chinese laws can require data cooperation for security. However, public sources show no confirmed evidence of unauthorized data sharing or espionage. Their privacy policy stresses protection and compliance. For specifics, review their policy or consult experts.”
Airwallex was founded in Melbourne a decade ago and counts Australian VCs Blackbird, Airtree and Square Peg among its investors, last raising $232 million at a c. $10 billion valuation in May this year.
Startup Daily contacted Airwallex for additional comment but did no receive a response.
