Crypto in general, and more specifically Bitcoin, is often portrayed as an encrypted and untraceable method of payment that facilitates payments without being tracked. This depiction implies that users transacting in crypto can do so completely anonymously — without their identities being exposed. However, this can be far from the case, and it is many times.
There are three elements involved in a bitcoin transaction: a transaction input, a transaction output, and an amount. The transaction input is the bitcoin address from which the money was sent, and the transaction output is the bitcoin address to which the money was sent. For Bitcoin, all three are public. For any transaction, we can see the address of the sender, receiver, and value of the transaction. Now, since every Bitcoin transaction is recorded on Bitcoin’s public ledger, anyone can view any Bitcoin wallet and transaction.
Bitcoin is neither confidential or anonymous.
As usage grows and more transactions are recorded on the BTC blockchain, a massive public map is being stored, which is accessible by anyone. With the right tools, transactions can be placed under a microscope to give a very clear picture of how Bitcoin transactions are moving. This poses a huge privacy concern.
Here are a few ways your crypto transactions can be linked to your identity:
The simple act of making a purchase on a public blockchain like Bitcoin’s makes your crypto tx traceable
Let’s say you visit a restaurant that accepts Bitcoin as a payment method. Hip hip hooray! Adoption is here! You make a payment from your Bitcoin address which you use for all your BTC deposits and withdrawals, you enjoy your meal, and then head home.
Since your bartender received funds from your Bitcoin address, they can very easily use this address to look up the details of your account. And bam! Your bar tender now has access to all of your financial information as it pertains to this particular Bitcoin address. In the event they access this information before you leave the restaurant, they may be tempted to act unethically and perhaps follow you home to establish your place of residence. My goal in saying this isn’t to disrespect bartenders, but to point out the different ways your transactions can be harmfully traceable should they land in front of the wrong set of eyes.
This is one reason why Bitcoin addresses should only be used once. Always remember that it is your responsibility to adopt good practices in order to protect your privacy.
In some ways, this degree of publicness makes public blockchains worse than banks. Through my bank, for example, I can make payments to vendors without them having to know what is left in my account. BTC…? Not so much.
Companies like Chainalysis and Elliptic have developed software to analyze blockchain transactions. To link transactions to real identities, they use online and public information. Chainalysis’s most famous work was helping the FBI identify two agents, that were stealing Bitcoin from the wallet of Silk Road.
Several studies have shown that it is possible to use network analysis and other methods to observe and potentially tie back blockchain transactions to certain websites and individuals. Specifically, one 2013 study by researchers at the University of California, San Diego and George Mason University showed that it was possible to tag bitcoin addresses belonging to the same user by using clustering analysis of bitcoin addresses.
A small number of private transactions with various services were used to identify major institutions (such as exchanges or large websites). From there, the researchers were able to get information on the structure of the bitcoin network, where transaction funds are going and which organizations are party to it.
Reliance on centralized exchanges
Storing your crypto on CEXs? Your transactions might not be as private as you think. Users who rely on crypto trading exchanges to exchange currencies have to complete KYC in most cases, leading them to divulge their personal information to that exchange in order to create an account. The information collected by the exchange varies, but normally includes, at a minimum, a user’s first and last name, and, possibly, a phone number and email address. The exchange may also collect a user’s IP address. If these exchanges were subject to a data security breach, a user’s personal information could be exposed.
What about DEXs?
When users exchange one cryptocurrency for another on DEXs, their anonymity is preserved. In contrast to centralized exchanges, users do not need to go through a standard KYC identification process which involve collecting traders’ personal information, including their full legal name and sometimes a photograph of their government-issued identification document. As a result, DEXs attract a large number of people who do not wish to be identified.
However, DEXs don’t give you 100% untraceability either. For example, one way blockchain transactions can become traced to you on DEXs, is by discussing the details of your crypto transactions as “bragging rights” on community forums. Let’s say Bob purchases $200,000 worth of token $LABS and boasts about it on Telegram — that he pumped the price of LABS on Uniswap… Bob makes himself vulnerable to hackers — who can easily go on Etherscan, search for the LABS token, identify Bob’s transaction by its magnitude, and the corresponding time when Bob mentioned that he had “just” purchased a large amount of LABS tokens.
It is therefore very important, that should a crypto buyer make a large transaction on these exchanges, that they keep their purchase details confidential. It may feel nice to share your wins with community members, but once a community member has access to your crypto balance, and they have your contact information, you make yourself the ideal candidate for scams, and potentially hacks.
If I had to make some suggestions, here are my personal four rules of thumb:
- Consider other currencies that have built-in privacy features or options that users can enjoy for more private online commerce.
- Never reuse Bitcoin addresses: Use a new Bitcoin address for every single payment you receive, and never send money twice to the same exact Bitcoin address. Re-using a Bitcoin address is a massive privacy and security risk.
- Use a VPN: Always connect to the internet through a VPN and use a privacy optimized version of your browser.
- Stay humble and keep your financials confidential – lest you mold yourself into a scammer/hacker’s ideal candidate.
Lack of privacy in crypto is an uphill battle. What we gain from an open, decentralized financial ecosystem, we lose, to a large degree, through a lack of privacy. For now, it’s our responsibility to adopt good practices in order to protect our privacy.