A crypto user’s address can tell a lot about their behavior and even their identity. Explanations.
While cryptocurrencies still suffer from a reputation as an untraceable technology, in reality nothing ever has, except for Monero : In fact, they are mostly based on blockchains, which are ultimately just distributed databases. However, by definition, a database contains information. Users, in fact, are therefore not anonymous but pseudonyms, represented by public addresses. And wallets contain a lot of data revealing their behavior, even more sensitive information in some cases.
What is the most common information visible in a wallet?
A crypto wallet easily reveals three types of data:
- the user’s public address
- the balance of assets
- transaction history, including amount, timestamp, and recipient address
This data is all the more visible in the case of a blockchain based on an account model, such as Ethereum, rather than on a so-called UTXO model, to be translated into unspent transaction output, such as Bitcoin. With bitcoin, each transaction should generate a new address to which unspent bitcoin units from previous addresses are consolidated. Therefore, each new transaction is associated with a unique address.
Ethereum works on an account model, which is based on a unique address, used precisely for each transaction. Although the UTXO model is far from all tarnishtherefore it has the merit of making discovering a user’s transaction history more complicated.
Host your own node or connect to a third party – a key difference
Blockchains are based on a peer-to-peer (p2p) model and to carry out a transaction there is no other choice than to connect to its network, distributed by nodes, in short, computers or servers that store and share the history of the blockchain.
In reality, with the rise of exchanges, mobile wallets, and hot wallets, few crypto users are using their own nodes: On the Bitcoin layer 1 network, analytics site Bitnodes has around 14,800 reachable nodes (accepting incoming connections). and a total of 43,000 nodes worldwide while an application by bitcoin developer Luke Dash Jr has around 46,500 nodes worldwide; the layer-2 bitcoin Lightning Network reaches about 16,000 public nodes, according to 1ML. com. On the Ethereum side, the site Ethernodes reports about 3,500 synchronized nodes. At the same time, the triple A company estimates the number of crypto users at 320 million worldwide in 2022 while for France, KPM extension he estimated it at 8% of the population. Therefore, it goes without saying that most of these users go through third-party nodes (according to our sources, even some brokers do not host nodes for all assets). However, connecting to a third-party node to access the blockchain means compromising its IP address, which can then be associated with a transaction history, wallet balance.
Data collected by Cryptographic Services nodes
Worse yet, the host of the third node does not guarantee the confidentiality of this information: in November 2022, the company ConsenSys, owner of the Metamask wallet, indicated that it had collected personal information from users if they were using Metamask’s default configuration, i.e. with an Infura node, which is also owned by the company. Information that can be shared with affiliates, business partners, authorities and other service providers, according to the terms displayed on the ConsenSys website. The ability of nodes to gather information also explains why blockchain analytics companies love chain analysis host them, especially in the context of services for governments and police authorities.
To best protect yourself from this type of data collection, it is quite possible to host your own node, which allows you to grant access to the network without third parties and participate in its consent. Since a full node forwards all network transactions, it is easier to hide those of its owner as well. Finally, and while this practice doesn’t guarantee total confidentiality, it’s also possible to run a node behind Tor to hide its IP address.
Furthermore, hosting a node is not incompatible with the use of a hardware wallet such as Ledger or Trezor: the French company has also published a guide on its website while its competitor also gives a manual which involves the use of Electrum.
The case of NFTs
In the days of GDPR, many businesses crave NFT as a new customer acquisition and management tool because it allows them to divest themselves of customer identity data, thus saving piracy- and regulatory-sensitive databases. “The NFT allows us to address clients in full respect of data and confidentiality”, confided to us Stéphanie Zolesio, general manager of the real estate branch within the Casino group, in 2022.
Companies no longer need to keep data private as user wallets do it for them: by collecting an NFT, a customer thus enters the address of a wallet and, if it has not been generated for the occasion, all his own story. “The wallet provides a lot of information: how many ethers (the currency of the Ethereum blockchain, ed), of NFT is there? And this person interacts a lot with a smart contract. Do you buy regularly and if so what kind of NFT? How many times ? Subsequently, we can target these wallets according to their budget, their country,” underlined the head of the Web3 Exclusible agency in the same article. “It is much more interesting for a sign to know the trend of buying, reselling, ‘use of an NFT we know the true identity of a customer,” added Stéphanie Zolesio.
Sometimes, the customer even gives his identity himself: with the blockchain, decentralized domain names are experiencing considerable growth. These extensions are names registered on a blockchain in the form of an NFT and can be linked to a URL address or a cryptographic address. It is therefore no longer rare to see certain users register their surname on the blockchain and associate it with a wallet: for example, Paris Hilton holds Parisilton.eth, an address referencing a wallet that contains more than 1,500 NFTsincluding a bored monkey worth about $100,000.
Of course, a surname can always be subject to cybersquatting, which consists in parasitizing a domain name corresponding to the name of a brand or a person, but apart from this scenario, it is clear that these names Decentralized domain names are another way to tie a physical identity to a virtual user.