Is your crypto wallet leaking your financial data?

465
Is your crypto wallet leaking your financial data?

Non-custodial cryptocurrency wallets can reveal balances and previous transactions In certain third-party transactions. They’re also vulnerable to being turned off remotely.

Speaking with Naomi Brockwell at this week’s Bitcoin Cash conference in Townsville, Australia, Coinbase senior software engineer Josh Ellithorpe revealed the simple ways in which crypto wallets can compromise personal privacy.

How wallets can leak crypto information

Most crypto users are not aware that digital wallets can leak their transaction details.

According to Ellithorpe, this typically occurs when a user queries a third party about their address data.

After such a query, the next time the user opens up their wallet, every address in that wallet is sent to the third-party server with instructions to reveal the balance of those addresses.

Once that happens, says Ellithorpe, the third-party “knows everything about your finances: it knows every transaction that you’ve done in the wallet and knows your balance and you’ve blown your privacy to that third party.”

“That third party could be your wallet provider or the API servers your wallet provider is using,” he adds.

Unfortunately, RPC-style wallets are powered by an API-driven interface and thus regularly query API servers to receive this information. 

Moreover, as Ellithorpe notes, their low bandwidth requirements mean that they lack “any privacy protection whatsoever.” 

Some crypto wallets are also prone to censorship

RPC-style wallets can complicate personal privacy in other ways as well.

Ellithorpe notes that these types of crypto wallets are “extremely easy to censor because the API server is just one API server (or a load balance set of API servers).”

So someone could hijack the DNS and all of a sudden the wallet breaks. Which means now your wallet can’t talk to that API server anymore. Effectively, you open the wallet and it can’t do anything,” he explains.

And with the DNS vulnerable to hijacking, other internet providers have the capacity to eliminate a wallet’s ability to function. 

Consequently, the wallet owner is compelled to import their funds and keys into another wallet. 

Better options exist

According to Ellithorpe, the best wallets are those that can connect to network nodes – and the most secure wallet is a full node since the entire blockchain is local.

Such a setup eliminates any need to tell a third party what addresses you care to look at.

However, full nodes are incompatible with mobile devices given their resource requirements. 

As an alternative, Ellithorpe suggests Neutrino or SPV (single payment verification) wallets.

Both connect to any full node on the network and employ specialized filters to ensure privacy with regard to address queries. 

Still, those with poor internet capabilities may want to consider staying with RPC-style wallets.

As Ellithorpe notes, it’s a matter of trading off privacy for convenience, speed, and low bandwidth. 

In contrast, he believes the Wasabi wallet is gaining a reputation for enhanced privacy.

Other privacy options mentioned include CoinJoin-style solutions, as they can obfuscate the chain of transactions and not leak any financial detail, and CashShuffle, a way to make Bitcoin Cash non-traceable.