Anonymity vs. pseudonymity
Crypto in general, and Bitcoin in particular, is often portrayed as an encrypted and undetectable payment method that allows payments to be made without being tracked. This representation implies that users who deal in cryptocurrencies can do so completely anonymously – without their identity being revealed. However, this can be far from it, and it is many times.
There are three elements involved in a Bitcoin transaction: a transaction input, a transaction output, and an amount. The transaction input is the bitcoin address the money was sent from and the transaction output is the bitcoin address the money was sent to. With Bitcoin, all three are public. For each transaction, we can see the address of the sender, the recipient and the value of the transaction. Now that every Bitcoin transaction is recorded in the Bitcoin public ledger, anyone can view every Bitcoin wallet and transaction.
Bitcoin is neither confidential nor anonymous.
As usage increases and more transactions are recorded on the BTC blockchain, a huge public map is stored that can be accessed by anyone. With the right tools, transactions can be scrutinized for a very clear picture of how Bitcoin transactions are moving. This poses a major data protection problem.
Here are some ways your crypto transactions can be linked to your identity:
The simple purchase on a public blockchain like Bitcoin makes your crypto-Tx traceable
Let’s say you visit a restaurant that accepts Bitcoin as a payment method. Hipp Hipp Hurray! The acceptance is there! You make a payment from your Bitcoin address that you use for all of your BTC deposits and withdrawals, enjoy your meal, and then head home.
Since your bartender received funds from your Bitcoin address, he can very easily use that address to look up the details of your account. And bam! Your bartender will now have access to all of your financial information related to that particular bitcoin address. If they access this information before you leave the restaurant, they may be tempted to act unethically and possibly follow you home to determine where you live. My aim in saying this is not to disrespect bartenders, but rather to point out that your transactions can be maliciously traced should they end up in the wrong eyes.
This is one reason why Bitcoin addresses should only be used once. Always remember that it is your responsibility to use best practices to protect your privacy.
In a way, that level of publicity makes public blockchains worse than banks. For example, I can use my bank to make payments to vendors without them having to know what is left in my account. BTC …? Not as much.
Companies like Chainalysis and Elliptic have developed software to analyze blockchain transactions. To link transactions to real identities, they use online and public information. Chainalysis’ most famous job was helping the FBI identify two agents who stole bitcoin from Silk Road’s wallet.
Several studies have shown that it is possible to use network analytics and other methods to observe blockchain transactions and possibly link them back to specific websites and individuals. In particular, a 2013 study by researchers from the University of California, San Diego and George Mason University showed that it was possible to tag bitcoin addresses from the same user using bitcoin address clustering analysis.
A small number of private transactions with various services have been used to identify large institutions (such as exchanges or large websites). From there, the researchers were able to get information about the structure of the Bitcoin network, where the transaction funds go and which organizations are involved.
Dependence on centralized exchanges
Store your crypto on CEXs? Your transactions may not be as private as you think they are. Users who rely on crypto trading exchanges to exchange currencies will in most cases need to complete KYC, which will result in them giving their personal information to that exchange in order to create an account. The information the exchange collects varies but usually includes at least the user’s first and last name and possibly a phone number and email address. The exchange can also collect a user’s IP address. If this exchange is subject to a data breach, a user’s personal information could be exposed.
What about DEXs?
When users swap one cryptocurrency for another on DEXs, their anonymity is preserved. Unlike centralized exchanges, users don’t have to go through a standard KYC identification process that collects traders’ personal information, including their full legal name and sometimes a photo of their government-issued identification. As a result, DEXs attract large numbers of people who do not want to be identified.
However, DEXs don’t give you 100% undetectability either. For example, one way that blockchain transactions on DEXs can be traced back to you is to discuss the details of your crypto transactions as “show-off rights” in community forums. Let’s say Bob buys the $ LABS token worth $ 200,000 and brags about it on Telegram – that he pumped the price of LABS onto Uniswap … Bob makes himself vulnerable to hackers – who easily etherscan after the LABS token can search and identify Bob’s transaction by its size and when Bob mentioned that he “only” bought a large amount of LABS tokens.
It is therefore very important that in the event a crypto buyer makes a large transaction on these exchanges that they keep their purchase details confidential. It may feel good to share your winnings with community members, but once a community member has access to your crypto balance and it has your contact information, you make yourself the ideal candidate for scams and potential hacks.
If I had to make a few suggestions, here are my personal four rules of thumb:
- Consider other currencies that have built-in privacy features or options that users can leverage for more private online trading.
- Never Reuse Bitcoin Addresses: Use a new Bitcoin address for every single payment you receive and never send money to the same exact Bitcoin address twice. Reusing a Bitcoin address is a massive privacy and security risk.
- Use a VPN: Always connect to the internet via a VPN and use a privacy-optimized version of your browser.
- Stay humble and keep your finances confidential – lest you mold yourself into the ideal candidate for scammers / hackers.
The lack of privacy in crypto is an uphill battle. What we gain from an open, decentralized financial ecosystem, we lose to a large extent through a lack of privacy. Right now it is our responsibility to use best practices to protect our privacy.