Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users https://arxiv.org/pdf/2005.14051.pdf
Joint work with @ferencberes91, @BenczurAndras, @badcryptobitch

How private is Ethereum? Why should you care?
Thread/

Privacy in account-based cryptocurrencies is inferior to that of UTXO currencies.

Satoshi warns in the whitepaper: "a new key pair should be used for each transaction to keep them from being linked to a common owner"

In Ethereum address reuse is enforced on the protocol level.

Regulatory gears are already moving in anti-anonymity directions.

Even worse, when ppl (un)intentionally link their addresses to a publicly revealed ENS name or Twitter account (e.g. HumanityDao). Many ppl's sensitive activity is detectable this way, see https://cointelegraph.com/news/ethereum-co-founder-reportedly-sells-90k-eth-to-us-cryptocurrency-exchange

In Ethereum if one knows one of your addresses, due to address reuse, one can profile you given your sent transactions.

Time-of-day activity reveals in which time-zone you live! Gasprice fingerprints reveal which wallet you use! Transaction graph analysis tells your connections!

We collected data from @ensdomains, @etherscan to extract account features for profiling. Our quasi-identifiers include temporal activity, gas price and transaction graph descriptors.

The temporal activity of @Kinchasa5000 suggests that he's based in the Central/Eastern time zone

We profiled thousands of Ethereum addresses based on their transactions. Using novel node embedding algorithms and time-of-day, gas price representations we were able to link addresses of the same user. We used ENS names as ground truth information.

Profiling capabilities are useful when one wants to deanonymize privacy-enhancing tools like trustless mixers, e.g. @TornadoCash.

In a mixer ppl deposit equal amount of ETH to a smart contract and then withdraw it to a fresh address without linking their withdraw and deposit.

We identify several heuristics allowing us to link many withdraws and deposits.

Many ppl withdraw to the very same address they deposited from.
ppl also reveal deposits and withdraws when they send funds from a deposit address to their very own withdraw address or vica versa.

Heuristically linked withdraw-deposit transaction pairs show that ppl usually leave their money in the mixer only for a few days.

Hence one can effectively reduce the search space for deposits within a few days or so.

In the withdraw-deposit deanonymization task a new node embedding technique (Diff2Vec by @benrozemberczki, @RikSarkarNet) achieved better performance than time-of-day or gas price based representations.

Anonymity set sizes can be reduced by 50-66% (1-1.5 bit entropy gain).

Likely this is just a lower bound! We expect our results to be improved by future research considering additional quasi-identifiers, e.g. wallet fingerprints.

Txs reveal the gas price oracle (e.g. Gas Station, @web3_js, @etherscan) user 's wallet apply for issuing the given tx.

Since wallets denominates gas prices in GWei, the last 9 digits of an account’s balance is barely modified by a transaction. Hence, an adversary can maliciously fingerprint victim’s balances by sending them transactions with strange last 9 digits ending.

Such an attack might be harmful to privacy and confidentiality once Confidential Transactions will be taking off in Ethereum, @aztecprotocol. One can track you and see how much you spent inside the confidential pool defeating all cryptographic guarantees achieved by range proofs.

In this work we only applied on-chain data. One can expect that more potent entities ( @chainalysis,NSA/KGB/MSS) will also use network-layer data. It'll likely to be destructive given the lack of privacy on the network layer. See: @peter_szilagyi

In the same spirit one could profile Bitcoin or other UTXO-based cryptocurrency users using temporal activity and wallet fingerprints. However in that case profiling would be more involved as one first needs to cluster the UTXOs that belong to the same user.

Feel free to build upon our notebooks and scripts. PRs, bug reports are welcome! Would be nice to implement the gasprice wallet fingerprint and see how well it improves on our current results. https://github.com/ferencberes/ethereum-privacy

What's next? What should you do?

Don't reveal publicly your addresses! Use privacy-enhancing tools: @TornadoCash for anonymity& @aztecprotocol for confidentiality! Pls support these great teams! Would be nice to have a privacy-focused wallet for ETH, like @wasabiwallet!

Fin/