HomeCryptoEthereumThe privacy of the Ethereum Name Service has been violated

The privacy of the Ethereum Name Service has been violated

Ethereum Name Service (ENS) is a way to facilitate the sending and especially the receiving of ETH and other tokens, however, it has serious privacy issues. The Decrypt.co team was able to track 133,000 ENS addresses by calculating for each of them the balances related to the tokens detained, they were also able to identify several known people even if they were not using their real name.

The transactions that are recorded on the Ethereum blockchain are public, which means that by associating the identity of its owner to an ENS, it is possible to trace all public transactions linked to it. 

For example, when analyzing the ENS netural.eth they found that it contains only a few OmiseGo tokens, but analyzing the address that registered this name, they found that it contains 58,000 ETH, worth about 15 million dollars, and other tokens for about 2.5 million dollars. 

In addition, Decrypt found that the address in question regularly receives funds from the crypto exchange Poloniex, in particular just under 500 ETH received before November 8th, 2018. 

Another address analyzed is the one that registered the ENS consensys.eth, weifund.eth and metamask.eth: it contains 31,600 ETH, or about $8 million. The hypothesis of Decrypt.co is that it could be the Ethereum billionaire Joe Lubin, owner of ConsenSys, who also finances Decrypt.co itself and was the incubator of MetaMask and Weifund. 

Another case is that of ENS silberjunge.eth, which contains ETH worth only $17, but whose address used for registration contains 1,163 ETH, as well as other tokens, for a total value of over $370,000. The hypothesis is that it’s Thorsten Schulte, since banally searching “silberjunge” on Google it turns out that it’s the pseudonym Schulte uses. 

Even the CEO of SpankChain, Ameen Soleimani, ended up under the magnifying glass of this analysis because he owns both ameen.eth and ameensol.eth. It was discovered that on November 30th, 2019 he executed a 10 ETH transaction to Global Block Branding CEO, James Kim, who claims to own 20,000 ENS addresses and sells them.

In other words, it is all too easy to use the Ethereum Name Service to associate an identity with an Ethereum public address, because the latter is necessary to register the ENS, and once used, it is publicly visible.

Decrypt also reveals that this could allow criminals to extract a list of people who possess large amounts of tokens and attack them, due to the excessive “openness” of Ethereum, seeing that its blockchain is very transparent. 

It was also possible to trace transactions with which salaries were paid in ETH or other tokens, such as those of Jack Cheng, or to trace the physical movements of people, as in the case of the co-founder of CoinGecko, Bobby Ong, who was in Osaka on October 7th, 2019 to participate in the DAIsucki meetup. 

This survey shows how useful anonymity, or private transactions, can be, and how the Ethereum Name Service allows to overcome it in order to spy on public transactions of ENS owners. 

Marco Cavicchioli
Marco Cavicchioli
Born in 1975, Marco has been the first to talk about Bitcoin on YouTube in Italy. He founded ilBitcoin.news and the Facebook group" Bitcoin Italia (open and without scam) ".