If you think you are safe on the blockchain, think again! You’re constantly being watched, and malicious actors are getting more creative at stealing your precious crypto. Here’s what might be waiting for you.
Your Crypto and IP Address Are Exposed Interacting on DApps
Did you know that your personal data including your crypto and IP address are exposed whenever you connect to a DApp? Here’s how it works.
Your wallet does not actually interact with the blockchain directly. Instead, it can only do that through nodes. A node is one of the computers that run the blockchain’s software to validate and store the entire history of transactions on the network.
Each time you connect to a DApp, make a transaction or deposit funds to a protocol, the request is sent to a node, which verifies and executes the transactions. These nodes are usually deployed and run by node providers. But what you do NOT know is that node requests are also packed with sensitive information like your IP address, web browser version, and so on.
Now, of course, these data remain at the node company. They have strict policies not to share the data with a third party. But what if the company gets hacked or acquired by some other company? That is when your personal information is out in the open. Node providers can also ban you from accessing the blockchain entirely via their nodes.
Crypto Sandwich Attack on Decentralized Exchanges
Have you ever wondered why you end up paying more for the tokens you buy on certain decentralized exchanges (DEX), only to find out they are worth less afterwards? The truth is, when you trade on DEXes, you are always losing out to bots. Here’s how it works.
When you execute a trade, a bot front-runs your trade by buying the tokens right before your transaction is mined. This increases the price, making you buy for a higher price and pushing it even further up. Afterwards, the bot profits by selling the tokens after your purchase transaction is mined. This is called the “sandwich attack” because your pending transaction is “sandwiched” between the bots’ orders.
Each transaction is sent to a public mempool, which is a queue for the transactions that have not been added to a block and are still unconfirmed. It is visible to everyone, and bots, being quick enough, can exploit that. There is nothing much we can do about it because that is just the public nature of blockchains.
Getting Doxxed by Your Ethereum Name Service Domain
Showing off your Ethereum Name Service (ENS) domain is cool, but did you know that people can use that to track down your wallet addresses?
You can check out Unstoppable Domains: Get ready for a censorship immune future on how domain name services work.
While ENS is a huge step forward in terms of convenience, it also means several steps backward when it comes to privacy. Since most blockchains are open and transparent, anyone can use your ENS to snoop on your finances. It is the difference between sending someone an email and them being able to look at your entire inbox.
Here’s how it works. You will need a wallet address to register an ENS domain. As a result, each ENS domain has a wallet address attached to it. Even if you do not use your main wallet address to register your ENS, it is easy to trace this address back to your other addresses.
Let’s look at an example – neutral.eth. At first glance, there isn’t much going on. At first glance, there isn’t much going on, but when digging a little deeper, the Ethereum address that registered the name held 58,000 Ethereum at one point, worth about $15 million at the time. This address regularly received large payments from the crypto exchange Poloniex’s main wallet. And all activities stopped the same day Circle – who owned the Poloniex exchange at the time, got rid of trading fees. This shows it was a company wallet that created neutral.eth.
Just from an ENS domain alone, you can watch people’s movements, see insights into business deals and know just how much money people really have – all by observing public blockchain data. If your valuable information falls into the wrong hands, there would be a target on your back.
Certain DApps are run by node providers who can see your personal information such as IP address and web browser version etc.
When you execute a trade, a bot front-runs your trade by buying the tokens right before your transaction is mined. This increases the price, making you buy for a higher price and pushing it even further up. Afterwards, the bot profits by selling the tokens after your purchase transaction is mined.
Since each ENS domain has a wallet address attached to it, it is easy to trace this address back to your other addresses.