Research which was released on May 29 by Ferenc Béres and a team of researchers based mainly in Hungary shows that Ethereum transactions are much easier to be de-anonymized, when compared to Bitcoin.
The team’s main focus was an analysis of a couple of Ethereum-specific features that make the system overall more vulnerable to tracking loop than rivals such as Bitcoin.
In comparison to Bitcoin’s Unspent Transaction Output (UTXO) the researchers pointed out that the wallet reuse already leaves Ethereum’s account model significantly less private:
“The account-based model reinforces address-reuse on the protocol level. This behavior practically makes the account-based cryptocurrencies inferior to UTXO-based currencies from a privacy point of view.”
Ethereum Name Service
Name service is unique to Ethereum. This feature acts as a linkable role, connecting addresses to human-readable “.eth” domains. Researchers found no difficulty scrapping 890 domains on public Twitter accounts.
Potentially damaging activity is a big warning when almost 10% of the wallets associated to gambling sites, and 5% accessed adult resources. The research team then used the ENS addresses to test whether other addresses could be connected to the public identity of the account.
Multiple techniques for identifying individual account owners were proposed through different accounts, including time zone signatures, gas bills, and shared activities between several addresses, results revealed.
Mixing Services Using De-Anonymizing
Developed by Tornado Cash, a well-known mixer service, these services enable users to “clean” their assets by providing a fresh address for them.
The thing is, 7.5% of users would use the exact same account of deposit to withdraw their money, and that’s where their mixing attempts are completely “mixed up”.
Another noticeable gap comes from direct transfers between deposit and withdrawal account. It’s then easy to track the identity of a person by custom gas prices through several transactions. These basic tricks can de-anonymize up to 17% of the transactions.
Besides that, most of these connected users use up their money in the contract within a few days, leading to a considerable reduction in confidentiality.
Many are still using the same wallets to get repeated withdrawals of ETH 0.1, making a comparison with incoming wallet transactions easy to do.
Though the vulnerabilities of Ethereum was the primary focus, researchers disclosed they were able to apply the same techniques for UTXO-based currencies.
The team expressed their concerns about Bitcoin privacy:
“We believe that in practice(…)also Bitcoin non-custodial mixers provide drastically less privacy and fungibility than what currently the community expects.”
It is worth noting that as cryptos become more popular, there will be calls for increased oversight in the sector. This may be an issue for some users, as security is a big selling point for decentralized currency.