← All stories
● Covered by 1 source Β· 1 reportHigh impact

Research Reveals Privacy Flaws in 85 Crypto Wallet Extensions

Aggregated by BrevFeed security Β· updated 15h ago
πŸ”– Save

A study by KU Leuven on 85 popular crypto wallet extensions identified significant privacy vulnerabilities, including user address leaks and tracking risks. These weaknesses could potentially enable tracking of users across different websites, undermining the anonymity intended by these wallets.

Key points

Overview of Findings

Researchers from KU Leuven conducted an extensive evaluation of 85 popular cryptocurrency wallet extensions available on the Chrome Web Store. These wallets collectively cater to approximately 35 million users and exhibit vulnerabilities that compromise user privacy.

Address Linking Vulnerabilities

The study highlighted a significant flaw whereby multiple wallet addresses owned by the same user can be linked together. This is achieved through requests made to external servers, which reveal a user's address in clear text. Seventeen wallets were identified to have exposed connections between user addresses, potentially allowing server operators to create a comprehensive profile of an individual based on their wallet activity.

Limitations of Wallet Logout Mechanisms

Another concerning issue found was that logging out from wallet extensions does not necessarily disconnect them from websites. This initialization allows websites to detect which wallets are installed on a user’s browser, functioning as a fingerprinting mechanism. Among the wallets studied, 36 demonstrated this capability, affecting about 82% of the user base evaluated.

Industry Response

Upon pre-publication disclosure of these vulnerabilities to wallet developers, many did not classify the issues reported as bugs. This response raises questions about the security priorities among developers in the crypto wallet space and the importance of addressing privacy concerns.

Implications for Users and Developers

The findings underscore the need for improved privacy practices in cryptocurrency wallets. Users may unknowingly expose their anonymity, while developers are urged to reassess the security frameworks underlying these wallet extensions to prevent potential data misuse.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub podiumdesu/wallet-privacy-threats arXiv 2607.06141 arXiv 2306.08170

Reporting from

A study by KU Leuven on 85 popular crypto wallet extensions identified significant privacy vulnerabilities, including user address leaks and tracking risks. These weaknesses could potentially enable tracking of users across different websites, undermining the anonymity intended by these wallets.