After analyzing 133,000 Ethereum names, we discovered these "terror" secrets

Source: Blockchain Outpost

Author: Tim Copeland

Translation: Nuclear Cola

Introduction: By analyzing 133,000 Ethereum names and their corresponding account balances, we find that although most people do not use real names, they can still find well-known people from them. Through the blockchain alone, we can view business transactions and track user actions.

The significance of the Ethereum name service is to lower the threshold for sending and receiving cryptocurrencies. We can replace our Ethereum address (a string of letters and numbers to display the Ethereum balance in the account) with a simple name, which is easy to remember and easy to share. From this perspective, the emergence of the name service should be similar to the revolution in the original operation of e-mail address substitution codes, which greatly reduced the difficulty of using cryptocurrencies.

However, according to what we know, this new design, while bringing progress, has also caused serious impact on user privacy protection. Due to the full transparency of the Ethereum blockchain, anyone can use the known Ethereum name to view the financial status of users. Continuing with the previous example, although we are willing to tell others our email address, we absolutely do not want them to see all the messages in their inbox.

The transparency of the blockchain leads to huge risks in the Ethereum name service.

In this survey, we found that it is indeed possible to track the status of user accounts, view business transaction records, and even grasp how many assets they have by observing public chain data.

What exactly is in the Ethereum name service?

Lead developer Nick Johnson built the Ethereum Name Service (ENS) in May 2017. The Ethereum name looks similar to a domain name, and its basic structure is "xxx.eth". Anyone can use the Ethereum address to register one or more names, assign these names to other addresses they own, and even sell good names to other users. As long as you have your own Ethereum address, you can buy your favorite Ethereum name at will.

Johnson said in an interview that as of now, Ethereum users have spent 6,235 Ethereum ($ 1.7 million) on the purchase of names. Although most of these Ethereum names are assigned to accounts with limited balances, others are still able to associate the names with the addresses used in the registered place, to see how much balance is in the creator's account.

The controversy caused by the Ethereum name service proves that the blockchain is not ready for full promotion.

From 15,000 unique Ethereum addresses, we found a total of 133,000 Ethereum names, and the total balance in the account was 364,000 Ethereum (valued at $ 100 million). In addition, there are many other cryptocurrencies in the account that choose the Ethereum blockchain as the base platform, and the value is also very considerable. Therefore, we intend to start with these details and see what conclusions can be drawn.

We reached out to all survey respondents and included all feedback in our statistics.

Identify high net worth individuals

Although the Ethereum addresses with strong book assets are usually not associated with real names (this is of course to protect the personal privacy of users), there are also some that can be linked to their actual identity. In addition, messing up the names does not necessarily completely hide the facts.

Even when wearing a mask, anonymity is still not foolproof.

Let's start with the puzzle. The Ethereum name "netural.eth" is linked to a blank Ethereum address, where only OmiseGo tokens worth $ 0.08 are deposited. There is no other name under the address. The address has only been traded four times. On the surface, the investigation has entered a dead end.

But in addition to the associated address, the netrual.eth name has its own initial registered address, and the situation here is completely different. The address contains 58,000 Ethereum worth up to $ 15 million; in addition, there are other cryptocurrencies worth $ 2.5 million stored in the address. The interesting thing about this address is that it regularly collects large payments from the cryptocurrency exchange Polniex's main wallet (but most payments are made through other sub-wallets). These payment operations came to an abrupt halt on the same day that Circle, the holder of the Polniex exchange, cut transaction costs, and it is certain that the wallet belongs to the company. From this point of view, the netrual.eth name actually has a lot to offer.

Poloniex's main wallet regularly issued a large sum of nearly 500 Ethereum funds to the address before November 8, 2018.

The third important address has names such as "consensys.eth", "weifund.eth", and "metamask.eth". The address contains 31600 Ethereum worth $ 8 million. Will this address be Joe Lubin, a billionaire on Ethereum, sitting on ConsenSys, funding Decrypt, an independent cryptocurrency media, and providing incubator projects for MetaMask and Weifund? Maybe it really is.

Let's look at a few more difficult examples. Take "silberjunge.eth" as an example, although the address associated with it only contains US $ 17 worth of ether, the address registered with this name holds 1163 ether, valued at US $ 255,000, plus other ethers worth US $ 121,000 Square cryptocurrency.

It seems that the owner of the name silverjunge.eth is Thorsten Schulte.

A quick Google search found that "silberjunge" was the pseudonym of Thorsten Schulte. This person is a well-known investment expert, bestseller and former investment banker. He even used the pseudonym directly in his Twitter account. He has repeatedly discussed Bitcoin and other cryptocurrencies publicly, including a 20-minute interview with Grosse Freiheit TV in Hamburg, Germany. Although it is not completely certain, the name belongs to him in most cases.

The problem is that the transparency of the Ethereum name allows malicious people to easily create a list containing the addresses of the various accounts with the largest number of cryptocurrencies. As a result, all that remains is to wrestle with these addresses. It should be emphasized that the Ethereum name itself is indeed a good idea. The problem is that Ethereum is too open. Excessive opening always brings such hidden dangers.

Johnson added in the interview, "It is well known that public ledgers like Bitcoin and Ethereum lack privacy protection mechanisms, so others can easily track transactions on these public chains. The Ethereum name service enables Ethereum and other cryptocurrency addresses The transaction threshold is further lowered, which really helps promote the continued popularization of the mentality. However, it will also magnify the privacy challenges that already exist in the public chain ledger. "

He said, "Continuous research on privacy issues in distributed ledgers has led to breakthrough projects such as ZCash and Tornado Cash. We strongly recommend that you pay attention to your activities on public ledgers and use these when appropriate. Emerging privacy protection solutions. "

View business transactions in real time

The high degree of transparency also allows people to check each other's fund transaction activities at any time.

SpankChain CEO Ameen Soleimani has the names "ameen.eth" and "ameensol.eth". Paying attention to his address, we found out that he had made a transaction worth 10 Ether on November 30, 2019, and the exchange rate at that time was $ 1540. The money was sent to James Kim, CEO of Global Block Branding, which specializes in selling various domain names and is said to currently have 20,000 cryptocurrency names. From this point of view, Soleimani should be buying a mentality name, or some other crypto-related domain name.

After marking the Ethereum address, we will find that this blockchain system is actually very transparent.

Soleiman confirmed in an interview that he actually got the "Ameensol.eth" name from Kim before starting to buy more Ethereum names.

He added, "I know the risks of using a public ENS name. That's why we pay great attention to privacy technologies such as Tornado Cash, which can help users create new Ethereum accounts without having to connect to previous accounts. , And the entire process does not require the involvement of an exchange. "

Another case comes from Jordan Muir, the creator of the Frame project. He also owns multiple Ethereum names, including "Jordan.eth", "framehq.eth", and "smartaccounts.eth". He deposited a total of $ 106,000 worth of Ethereum plus various other cryptocurrencies in these accounts. In May 2018, Aragon announced a grant of $ 48,000 to Frame, adding that the project will receive an additional bonus of up to $ 50,000 after the development reaches the outcome delivery stage.

Although no follow-up information has been released, it seems that the bonus has been implemented. Three days after the Frame project released the Alpha version of the mainnet on April 1, last year, the Aragon master wallet sent 25,000 Aragon coins worth 17,000 USD to Muir's account. From this perspective, the mainnet released at the time was undoubtedly a "deliverable." Although it is not a big secret, we can indeed find more in-depth information worth digging from the transparent blockchain.

You can also find those payouts issued in the form of Ethereum or other tokens. For example, Jack Cheng, the preacher of Breaker (formerly known as SingularityDTV), has the names "jackcheng.eth" and "ethoutlet.eth" and used them to receive SNGLS coins.

Cheng once received 33,055 SNGLS coins worth $ 4,600 in August 2017; subsequently, he received 1 million SNGLS coins worth $ 15,000 in May 2019. Since this part of the money comes directly from the "SingularDTV: Wallet" main wallet, it is likely to be part of his fixed salary. But then again, it's just that there is such a possibility that we cannot make an accurate judgment.

Implementing "tracking" on the blockchain

With the Ethereum name, we can even track the whereabouts of specific objects.

Data website CoinGecko co-founder Bobby Ong holds the name "bobbyong.eth". Anyone who cares about the blockchain address associated with the name can easily discover that Mr. Ong plans to participate in the DAIsucki party on 7-2, 2019 at 7-2 Sugahara-machi, Kita-ku, Osaka. This conference mainly exploring DAI stablecoins was confirmed 17 days ago, and two days after the end of the event, we can confirm through a series of reports that he did indeed appear at the venue.

Kickback. Disburse funds to all participants.

This is actually a return of funds-all participants need to pay a deposit upon registration. If they do not attend the meeting on time, this deposit will be distributed to all participants on average. Obviously, this is encouraging registered people to attend the meeting on time. But while getting good results, others can also easily track the movement of participants.

The background introduction is over, let's take a look at Mr. Ong's trends. On September 20, 2019, he sent $ 10 worth of DAI coins to the block browser Etherscan on an address labeled "Kickback: DAIsuki Meetup", indicating that he really intends to participate in the event one month later. Next, on October 9, he received a "return" of 19 US dollars in DAI coins, which proves that he not only appeared on the scene, but also received a deposit from those who did not attend the registration.

Ong said in the interview, "In this case, I should take a closer look at my Ethereum address and strictly isolate those transactions that I do not want to make public. ENS does bring great convenience to users, but it is also not good Users protect their privacy. I hope to build more privacy features on Ethereum to improve user privacy and security. "

The main selling point of Ethereum has always been the strong control of users over their own data, identity, and privacy. Omar Bham, a cryptocurrency YouTuber and Ethereum mogul with 119,000 followers, even recently tweeted that "Ethereum is synonymous with privacy." Maybe this is true before, but with the launch of the Ethereum name service , Users' private lives are facing unprecedented challenges.

English link: