A study by KU Leuven on 85 popular crypto wallet extensions identified significant privacy vulnerabilities, including user address leaks and tracking risks. These weaknesses could potentially enable tracking of users across different websites, undermining the anonymity intended by these wallets.
Researchers from KU Leuven conducted an extensive evaluation of 85 popular cryptocurrency wallet extensions available on the Chrome Web Store. These wallets collectively cater to approximately 35 million users and exhibit vulnerabilities that compromise user privacy.
The study highlighted a significant flaw whereby multiple wallet addresses owned by the same user can be linked together. This is achieved through requests made to external servers, which reveal a user's address in clear text. Seventeen wallets were identified to have exposed connections between user addresses, potentially allowing server operators to create a comprehensive profile of an individual based on their wallet activity.
Another concerning issue found was that logging out from wallet extensions does not necessarily disconnect them from websites. This initialization allows websites to detect which wallets are installed on a userβs browser, functioning as a fingerprinting mechanism. Among the wallets studied, 36 demonstrated this capability, affecting about 82% of the user base evaluated.
Upon pre-publication disclosure of these vulnerabilities to wallet developers, many did not classify the issues reported as bugs. This response raises questions about the security priorities among developers in the crypto wallet space and the importance of addressing privacy concerns.
The findings underscore the need for improved privacy practices in cryptocurrency wallets. Users may unknowingly expose their anonymity, while developers are urged to reassess the security frameworks underlying these wallet extensions to prevent potential data misuse.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A study by KU Leuven on 85 popular crypto wallet extensions identified significant privacy vulnerabilities, including user address leaks and tracking risks. These weaknesses could potentially enable tracking of users across different websites, undermining the anonymity intended by these wallets.