One of the advantages of cryptocurrency is its anonymity. However, a recently published study concludes that governments and other entities have been chipping away Ethereum’s anonymity because of the “careless usage” of the token’s users.
“Unfortunately, careless usage easily reveals links between deposits and withdraws and also impacts the anonymity of other users, since if a deposit can be linked to a withdraw, it will no longer belong to the anonymity set,” a recently published paper warned.
The paper, titled “Blockchain is Watching You,” is a joint-publication from researchers at the independent blockchain research lab HashCloak and their counterparts from the Institute for Computer Science and Control in Hungary, Eötvös Loránd University, and Széchenyi István University, according to Coindesk.
Ethereum uses a protocol different from Bitcoin’s Unspent Transaction Output (UTXO) model, which creates a new address for each transaction. Instead, Ethereum logs what a user has sent out. According to the paper’s authors, users who don’t understand the token’s account-based model which might compromise their privacy and leave them vulnerable to potential surveillance.
Other parties can deduce the Ethereum user’s timezone by noting the time-of-day an account is most active. Another data that can be used to track an account is the gas price setting. Since most users do not set their gas prices manually, those that do tend to stand out.
“These custom-set gas prices can be used to link deposits and withdraw transactions,” the reports said.
Due to the platform’s account-based model, Ethereum users can also be targeted by Danaan-style attacks where hackers send a very specific amount of ether and use it as “fingerprint.” “Although value fingerprinting was originally introduced in the context of Zcash, we notice that these attacks are applicable to Ethereum as well,” the paper said.
The researchers note that it’s easy to prevent privacy leaks. “The lack of financial privacy is detrimental to most cryptocurrency use cases,” they wrote on the paper. “We do believe if users were using the technology in a sound way or a privacy-focused wallet software would have helped them and abstracted away potential privacy leaks.”
But instead of making it harder for hackers, Ethereum users often make it easier for them. One way they do so is by customizing their accounts using the Ethereum Name Service (ENS) to add human-readable names, which makes it easier for them to be identified on the blockchain.
The paper noted that some users would even post their ENS names on social media. In fact, researchers were able to connect 890 Ethereum account to their owners merely by searching on Twitter.