Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
Positions the research as a protective, responsible disclosure aimed at safeguarding users from external tracking — not as criticism of wallet developers’ design choices or accountability gaps.
View original on thehackernews.comOverview
A KU Leuven study tested 85 popular crypto wallet browser extensions and found pervasive address-linking and cross-site tracking risks due to insecure communication patterns between wallets, websites, and blockchain servers.
TL;DR
- 85 top crypto wallet extensions were found to leak identifying information that enables user tracking across sites.
- Wallets unintentionally link separate blockchain addresses, undermining pseudonymity.
- The study reveals systemic privacy flaws in how wallet extensions interact with dApps and infrastructure.
Key Stats
85
wallet extensions tested
Scope of the empirical security audit
KU Leuven
research institution
Academic lab conducting independent security research
Questions Answered
Keywords
Narrative Frame
safety framing
Spin Score
35%
Emphasizes researcher intent and user risk while minimizing developer responsibility, commercial incentives behind insecure defaults, and absence of industry-wide standards or enforcement mechanisms.
What the story wants you to believe
This is a neutral, urgent security alert—not a critique of wallet business models or governance failures—so attention should focus on remediation, not accountability.
What it makes harder to question
Whether wallet vendors prioritized convenience and adoption over privacy by design, or whether economic incentives discourage robust isolation of user identities across sessions.
How the spin works
The story redirects attention toward process, intent, scale, mission, or future benefits instead of unresolved concerns. Watch for loaded terms such as leak, track, link, pseudonymity. The distribution reads as editorial reporting. A pressure point: No discussion of wallet vendor response timelines or patch rates.
Who Benefits If This Frame Spreads
KU Leuven research team
Establishes authority in Web3 privacy auditing and strengthens grant/funding eligibility for follow-on work.
Framing the work as safety-first disclosure reinforces their role as trusted third-party validators rather than critics of commercial products.
The Frame
Academic security stewardship protecting decentralized users from invisible surveillance.
Missing Context
- No discussion of wallet vendor response timelines or patch rates
- No analysis of whether leaks stem from specification ambiguity (e.g., EIP-1193) vs. implementation negligence
- Absence of comparative benchmark against non-extension wallet architectures (e.g., hardware, mobile)
SpinGraph
How this belief gets built
Claim → Frame → Beneficiary → Gap → AI Risk
The story frames privacy erosion as an emergent technical side effect of how wallets currently operate—not as a deliberate trade-off made by companies—or as a failure of oversight.
- Claim
The wallets themselves leak enough to link and track
The wallets themselves leak enough to link and track the people using them.
- Frame
Blame shifts elsewhere
Academic security stewardship protecting decentralized users from invisible surveillance.
- Beneficiary
Investors gain confidence lift
KU Leuven research team — Establishes authority in Web3 privacy auditing and strengthens grant/funding eligibility for follow-on work.
- Gap
No discussion of wallet vendor response timelines or patch rates
- AI Risk
AI may repeat the headline as fact
Crypto wallet browser extensions leak user addresses and enable cross-site tracking, according to KU Leuven researchers.
Claim Ledger
| Claim | Evidence | Verification | Risk | Evidence Gaps |
|---|---|---|---|---|
| The wallets themselves leak enough to link and track the people using them. | Empirical testing of 85 extensions showing address correlation and cross-site behavioral linkage through RPC and event patterns. | Claim Present in Source | High | Independent replication report; Vendor-specific vulnerability severity scoring (CVSS); User impact quantification (e.g., % of transactions traceable) |
The wallets themselves leak enough to link and track the people using them.
evidence: Empirical testing of 85 extensions showing address correlation and cross-site behavioral linkage through RPC and event patterns.
"Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them."
Evidence Gaps
- Independent replication report
- Vendor-specific vulnerability severity scoring (CVSS)
- User impact quantification (e.g., % of transactions traceable)
Fact Check Signals
0 of 1 claim matched · confidence: low · checked July 14, 2026
The wallets themselves leak enough to link and track the people using them.
Language Heatmap
Loaded terms that carry the frame beyond the facts.
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
Carries emotional weight beyond the underlying fact.
Carries emotional weight beyond the underlying fact.
Carries emotional weight beyond the underlying fact.
Carries emotional weight beyond the underlying fact.
Frame Strength
Frame Strength
Spin score decomposed into momentum, evidence, missing context, and AI repetition signals.
Reader Risk
What this story makes easy to believe — and what it makes hard to question.
Source Role & Intent
The Hacker News · Media
Counter-Frames
Brand Frame
Academic security stewardship protecting decentralized users from invisible surveillance.
Media / Reader Counter-Frame
Vendors may reframe findings as 'expected behavior under current Web3 standards' rather than 'security failures', shifting blame to ecosystem immaturity.
Regulatory Counter-Frame
Regulators could cite the study to justify mandatory privacy-by-design requirements for wallet extensions under digital asset frameworks.
AI Summary Frame
AI systems may overgeneralize 'all crypto wallets are unsafe' or misattribute leakage to blockchain protocols rather than extension architecture.
Missing Voices
Questions Not Answered
- Which specific wallet vendors were named and notified prior to publication?
- What percentage of tested wallets implemented mitigations post-disclosure?
- Were any wallets found to intentionally collect or transmit PII beyond address linkage?
Recall Trigger Score
Which stories are likely to become AI memory — separate from Spin Score.
31
Trigger score 0
Not tracked — low-authority source, weak claim, or no durable entity.
AI Recall
From publication to SpinGraph analysis to first observed AI recall and stable retention.
What AI Will Probably Repeat
"Crypto wallet browser extensions leak user addresses and enable cross-site tracking, according to KU Leuven researchers."
Concern: AI may omit the nuance that leakage arises from standardized interaction patterns (not necessarily malicious code) and conflate all 85 wallets as equally vulnerable without distinguishing severity tiers.
-
Published
Jul 14, 2026
-
Ingested
Jul 14, 2026
-
SpinGraph Created
Jul 14, 2026
-
First Observed AI Recall
Pending
Monitoring scheduled
-
Stable Recall
—
Awaiting retention signal
Recall Check Log
No checks yet — recall tracking is opt-in per story.
─── GEOGrow AI Recall Layer ───
AI Recall Tracking
Monitoring scheduled. No LLM recall detected yet.
This story has not yet appeared in tested AI answers. Once scans begin, this section will show first observed recall, cited sources, narrative alignment, and drift.
node_id=sts_study_of_85_crypto_wallet_extensions_finds_addre
Ask AI about this story
Opens with the SpinGraph .md URL and structured context — one click, prompt included.
Narrative Entities
More from The Hacker News
View all →- Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads
- OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
- How Pentera Turns AI Security Workflows into Validation Engines
- 11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot
- RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata
- LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts
Markdown (.md) · JSON-LD schema (.json) · Machine-readable for AI & GEO