Researchers at KU Leuven analyzed 85 widely used cryptocurrency wallet browser extensions and uncovered critical privacy failures that expose users to address linking and cross-site tracking attacks.

The study revealed that these wallet extensions leak sufficient metadata during interactions with websites and blockchain servers to allow adversaries to connect multiple cryptocurrency addresses belonging to the same user. This linking capability enables attackers to track users across different websites and deanonymize their transaction activity, a serious threat to the pseudonymity that cryptocurrency users expect.

The fundamental problem lies in how these extensions communicate with external services. Browser-based crypto wallets must interact with blockchain nodes, decentralized applications, and cryptocurrency exchanges to function. During these interactions, extensions transmit identifying information through network requests, HTTP headers, and browser fingerprinting signals. Attackers monitoring this traffic can correlate the same extension instance across different sessions and websites, then map individual wallet addresses to specific users.

The privacy breach compounds when users visit websites that already possess their personal information. An attacker observing both the wallet extension's behavior and the user's authenticated session on a service like a cryptocurrency exchange can directly link the user's legal identity to their previously pseudonymous wallet addresses and transaction history.

This research exposes a widespread implementation flaw across the crypto wallet ecosystem. Even privacy-focused wallets fail to properly isolate their communications or randomize identifying signals. The extensions lack adequate masking of their network requests and fail to implement sufficient separation between different sessions and contexts.

For cryptocurrency users, this means their transaction privacy is compromised by the tools designed to protect their assets. For organizations holding customer cryptocurrency accounts, the finding suggests regulatory and compliance risks, particularly under regulations requiring transaction monitoring and customer identity verification.

The researchers did not name specific vulnerable extensions in the available excerpts, but the breadth of the study across 85 major wallets indicates the problem is systemic rather than isolated to a handful of