Why crypto isn’t as confidential as you might think

Crypto coverage in the media normally features one thing: a picture of a hooded man in a darkened room, hunched over a laptop.

But while the industry is often regarded as a hotbed of criminality and anonymity, this doesn’t always match up with reality. Blockchains are actually incredibly transparent by default — with every wallet and transaction visible to all on a public ledger.

This makes it exceedingly easy to connect the dots. With a little bit of on-chain sleuthing, it’s possible to link senders and recipients, analyze the payments they’re making, and examine the on-ramps and off-ramps used during conversions into fiat currency.

Of course, transparency can be a good thing. It can increase the likelihood of cybercriminals being brought to justice — sometimes years after thefts occurred. That’s how husband-and-wife duo Ilya Lichtenstein and Heather Morgan were caught attempting to launder billions of dollars worth of stolen Bitcoin — six years after the devastating Bitfinex hack. They had initially been using a dark web exchange called Alphabay to obfuscate payments — but after the platform was shut down by law enforcement, agents unlocked access to transaction logs that unmasked who they were and what they were doing.

But not everyone is an audacious fraudster looking to hide illicit activity behind a cloak of anonymity. Instead, they just want a little privacy so they can go about their business without every purchase and investment being broadcast to the world. Here, we’re going to lift the lid on why blockchain networks are nowhere near as confidential as you’d think, the real world consequences this has, and what can be done about it.

How traceable are crypto transactions?

Back in 2017, cybersecurity researchers lifted the lid on how everyday purchases can be linked to specific individuals — even when coin mixers (which jumble up crypto in private pools) are used.

This isn’t necessarily because of blockchain technology itself. According to academics at Princeton University, over a third of merchants leak payment information to third parties — primarily for advertising and analytics purposes — and this can blow the cover of someone who settled a bill using crypto.

A bigger problem lies in how distributed ledgers record the exact value of a transaction, information that’s then made publicly available. For example, if a payment of 0.51483826 BTC is made (a very specific number in and of itself,) eavesdroppers would be able to perform a search on block explorers — looking for its final destination. Timestamping can corroborate this even further once block confirmations are taken into account.

This isn’t a foolproof exercise, and tying individuals to payments doesn’t always work. Why? Because the inherent volatility of cryptocurrencies means it might be hard to accurately convert a dollar amount. Experts have estimated that only 60% of transactions can be successfully linked for this reason.

And while coin mixers have emerged as a tool that allows crypto enthusiasts to add layers of obfuscation, using them repeatedly considerably increases the risk of being exposed.

The problem with centralized exchanges

This brings us to the next reason why crypto has a confidentiality problem: centralized exchanges have to achieve regulatory compliance. Coinbase listed on the stock market back in April 2021, meaning it’s answerable to the U.S. Securities and Exchange Commission. And amid concerns that digital assets could be used to evade taxes, the trading platform has now entered into relationships with a number of agencies around the world.

For example — in America — Coinbase is required to inform the Internal Revenue Service about every user who receives more than $600 worth of crypto in a year. And given how taxpayers need to disclose all digital assets they earn, even if it’s just a dollar, this means the taxman can pick up on discrepancies and investigate further.

The rules vary from country to country. Over in the U.K., Coinbase has warned customers that it has to disclose their names to His Majesty’s Revenue and Customs if more than £5,000 ($6,200) is cashed out in the space of a year.

Conflicting views

While some in the crypto community cherish the idea of privacy and anonymity, it’s fair to say that not everyone agrees.

A classic example came over the summer, when an on-chain analytics firm called Arkham Intelligence launched a campaign to unmask the owners of crypto wallets — offering a bounty for investors who were successfully outed. They argued that it’s inevitable wallet addresses will one day be linked to real-world identities, but some disagree.

Although some believe so-called “deanonymization” could be beneficial — exposing whales with large crypto holdings, those who can move markets with a single transaction — there are fears that normal people could get caught up in the crossfire.

Critics have described Arkham’s approach as “dox-to-earn” — raising concerns that it could be used to weaponize everyday consumers. We’ve seen how crypto can be a force for good when it comes to crowdfunding — enabling anyone to make contributions to politically sensitive causes. But there can be problems if the names of donors enter the public domain. Their jobs could be on the line, there could be a pile-up on social media — or worse still, if they’re in an authoritarian state, they could be holed up in a prison cell.

Existing privacy solutions have issues

Some exciting work has been carried out over the past decade. Privacy coins fired the starting gun on delivering the same anonymity as cash. Monero launched back in 2014 — and boasts clever features to limit traceability. Every transaction comes from an address that’s only used once, making it harder for sleuths to piece together someone’s history. Payment amounts are obfuscated to avoid specific sums being linked to a destination wallet, while ring signatures add a further decoy. But with the IRS issuing a $625,000 bounty for cracking its cryptography, there’s a real danger that this project’s days could be numbered.

Rivals have emerged, but there are questions over how anonymous they truly are. While ZCash, zero-knowledge technology cryptography is well-built, research by Carnegie Mellon University suggested many transactions using this privacy coin are traceable. Why? Because users had to deliberately opt into using a shielding pool.

The U.S. has also started to sanction coin mixers like Tornado Cash because of how they’ve been used by North Korean hackers after bridge attacks. This sparked an outcry among crypto advocates including the Blockchain Association, with Vitalik Buterin impassionately arguing that it was being used for lawful activity. The Ethereum co-founder revealed he had used Tornado Cash to make a donation to Ukraine because he wanted his financial activity to be shielded from the Ukrainian government.

What’s the answer?

As with most things in life, the best approach to take is all things in moderation. And that’s why DOP offers “selective transparency” — allowing every crypto investor to decide which details about their wallets are made public, and how. This could be in the form of icons that illustrate which digital assets are owned, disclosures that give a rough idea of holdings (more than 1 ETH, for example) or remaining fully confidential.

Safeguards are in place to prevent illicit activity — and crucially, DOP is based on top of the Ethereum network, meaning it can offer full compatibility with major dApps and wallets.

We all have a right to privacy — and to make transactions knowing there won’t be someone looking over our shoulder. Our goal is simple: making this a reality for crypto users.