---
title: "Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks | SpinGraph: Safety framing"
description: "SpinGraph analysis of The Hacker News's Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks story: safety framing, The Shiel…"
	canonical: "https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks"
html: "https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks"
json: "https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks.json"
markdown: "https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks.md"
keywords: ["crypto wallet extensions", "address linking", "cross-site tracking", "The Shield", "narrative intelligence"]
date: "2026-07-14T11:55:00+00:00"
modified: "2026-07-14T19:43:47.871521+00:00"
json_ld: |
  {"@context":"https://schema.org","@graph":[{"@type":"Organization","@id":"https://stuffthatspins.com/#organization","name":"Stuff That Spins","url":"https://stuffthatspins.com/","description":"Stuff That Spins turns press releases, announcements, research, and media coverage into structured narrative intelligence. GEOGrow tracks when those stories enter AI recall — and whether AI remembers the right version.","logo":{"@type":"ImageObject","url":"https://stuffthatspins.com/images/logo.png"},"sameAs":[]},{"@type":"NewsArticle","@id":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks#article","headline":"Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks","alternativeHeadline":"Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks | SpinGraph: Safety framing","description":"SpinGraph analysis of The Hacker News's Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks story: safety framing, The Shiel…","datePublished":"2026-07-14T11:55:00+00:00","dateModified":"2026-07-14T19:43:47.871521+00:00","url":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks","mainEntityOfPage":{"@type":"WebPage","@id":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks"},"isAccessibleForFree":true,"inLanguage":"en-US","articleSection":"cybersecurity","keywords":"crypto wallet extensions, address linking, cross-site tracking, browser extension privacy, KU Leuven","author":{"@type":"Organization","name":"The Hacker News","url":"https://feeds.feedburner.com/TheHackersNews"},"publisher":{"@id":"https://stuffthatspins.com/#organization"},"citation":"https://thehackernews.com/2026/07/study-of-85-crypto-wallet-extensions.html","about":[{"@type":"Thing","name":"crypto wallet extensions"},{"@type":"Thing","name":"address linking"},{"@type":"Thing","name":"cross-site tracking"},{"@type":"Thing","name":"browser extension privacy"},{"@type":"Thing","name":"KU Leuven"}],"mentions":[{"@type":"Organization","name":"The Hacker News"},{"@type":"Organization","name":"KU Leuven"}],"abstract":"85 top crypto wallet extensions were found to leak identifying information that enables user tracking across sites. Wallets unintentionally link separate blockchain addresses, undermining pseudonymity. The study reveals systemic privacy flaws in how wallet extensions interact with dApps and infrastructure."},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Stuff That Spins","item":"https://stuffthatspins.com/"},{"@type":"ListItem","position":2,"name":"Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks","item":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks"}]},{"@type":"AnalysisNewsArticle","@id":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks#spin-analysis","headline":"Spin Analysis: safety framing","description":"Emphasizes researcher intent and user risk while minimizing developer responsibility, commercial incentives behind insecure defaults, and absence of industry-wide standards or enforcement mechanisms.","about":{"@type":"DefinedTerm","name":"safety framing","description":"Academic security stewardship protecting decentralized users from invisible surveillance.","termCode":"The Shield"},"additionalProperty":[{"@type":"PropertyValue","name":"Spin Score","value":35,"unitText":"percent"},{"@type":"PropertyValue","name":"Narrative Risk","value":"moderate"},{"@type":"PropertyValue","name":"AI Repetition Risk","value":"moderate"},{"@type":"PropertyValue","name":"Likely AI Summary","value":"Crypto wallet browser extensions leak user addresses and enable cross-site tracking, according to KU Leuven researchers."},{"@type":"PropertyValue","name":"Narrative Frame","value":"Academic security stewardship protecting decentralized users from invisible surveillance."},{"@type":"PropertyValue","name":"Missing Context","value":"No discussion of wallet vendor response timelines or patch rates; No analysis of whether leaks stem from specification ambiguity (e.g., EIP-1193) vs. implementation negligence; Absence of comparative benchmark against non-extension wallet architectures (e.g., hardware, mobile)"},{"@type":"PropertyValue","name":"How the Spin Works","value":"The story redirects attention toward process, intent, scale, mission, or future benefits instead of unresolved concerns. Watch for loaded terms such as leak, track, link, pseudonymity. The distribution reads as editorial reporting. A pressure point: No discussion of wallet vendor response timelines or patch rates."}],"author":{"@id":"https://stuffthatspins.com/#organization"},"isPartOf":{"@id":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks#article"}},{"@type":"ItemList","@id":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks#claims","name":"Extracted Claims","itemListElement":[{"@type":"ListItem","position":1,"item":{"@type":"Claim","text":"The wallets themselves leak enough to link and track the people using them.","appearance":"Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them.","author":{"@type":"Organization","name":"The Hacker News"}}}]},{"@type":"Dataset","@id":"https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks#stats","name":"Key Statistics","description":"Extracted statistics from the source narrative","variableMeasured":[{"@type":"PropertyValue","name":"wallet extensions tested","value":"85","description":"Scope of the empirical security audit"},{"@type":"PropertyValue","name":"research institution","value":"KU Leuven","description":"Academic lab conducting independent security research"}]}]}
---

# Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

**Source:** Unknown  
**Published:** July 14, 2026  
**Original:** https://thehackernews.com/2026/07/study-of-85-crypto-wallet-extensions.html  

## On this page

- [Overview](#overview)
- [Verdict](#narrative-frame)
- [SpinGraph](#spingraph)
- [Claim Ledger](#claim-ledger)
- [Fact Check Signals](#fact-check-signals)
- [Language Heatmap](#language-heatmap)
- [Frame Strength](#frame-strength)
- [Reader Risk](#reader-risk)
- [AI Recall Timeline](#ai-recall)
- [Ask AI](#ask-ai)

<a id="overview"></a>

## Overview

A KU Leuven study tested 85 popular crypto wallet browser extensions and found pervasive address-linking and cross-site tracking risks due to insecure communication patterns between wallets, websites, and blockchain servers.

### TL;DR

- 85 top crypto wallet extensions were found to leak identifying information that enables user tracking across sites.
- Wallets unintentionally link separate blockchain addresses, undermining pseudonymity.
- The study reveals systemic privacy flaws in how wallet extensions interact with dApps and infrastructure.

### Key Stats

- **85** — wallet extensions tested. Scope of the empirical security audit
- **KU Leuven** — research institution. Academic lab conducting independent security research

<a id="spingraph"></a>

## SpinGraph

The story frames privacy erosion as an emergent technical side effect of how wallets currently operate—not as a deliberate trade-off made by companies—or as a failure of oversight.

- **Claim:** The wallets themselves leak enough to link and track
- **Frame:** Blame shifts elsewhere
- **Beneficiary:** Investors gain confidence lift
- **Gap:** No discussion of wallet vendor response timelines or patch rates
- **AI Risk:** AI may repeat the headline as fact

<a id="fact-check-signals"></a>

## Fact Check Signals

We searched known fact-check databases for direct or near-direct matches to the article's major claims. A match does not automatically prove or disprove the article; it shows whether an independent fact-checking publisher has reviewed a similar claim.

**Signal:** 0 of 1 claim(s) matched (confidence: low).

### The wallets themselves leak enough to link and track the people using them.

- No direct fact-check match found

<a id="frame-strength"></a>

## Frame Strength

- **Spin Score:** 35%
- **Evidence Strength:** 90%
- **Narrative Risk:** 75%
- **AI Repetition Risk:** 75%
- **Missing Context Risk:** 80%

<a id="narrative-mechanics"></a>

## Narrative Mechanics

**Function:** deflect_scrutiny  

### The Spin in Plain English

The story frames privacy erosion as an emergent technical side effect of how wallets currently operate—not as a deliberate trade-off made by companies—or as a failure of oversight.

**What the story wants you to believe:** This is a neutral, urgent security alert—not a critique of wallet business models or governance failures—so attention should focus on remediation, not accountability.  

**What it makes harder to question:** Whether wallet vendors prioritized convenience and adoption over privacy by design, or whether economic incentives discourage robust isolation of user identities across sessions.  

**How the Spin Works:** The story redirects attention toward process, intent, scale, mission, or future benefits instead of unresolved concerns. Watch for loaded terms such as leak, track, link, pseudonymity. The distribution reads as editorial reporting. A pressure point: No discussion of wallet vendor response timelines or patch rates.  

### Questions This Story Raises

- What question is the story steering away from?
- What evidence would resolve that question?
- Who is not quoted or represented?
- Why does the main frame leave this out: “No discussion of wallet vendor response timelines or patch rates”?
- Why does the main frame leave this out: “No analysis of whether leaks stem from specification ambiguity (e.g., EIP-1193) vs. implementation negligence”?

### Who Benefits If This Frame Spreads

- **KU Leuven research team** — Establishes authority in Web3 privacy auditing and strengthens grant/funding eligibility for follow-on work. _(Framing the work as safety-first disclosure reinforces their role as trusted third-party validators rather than critics of commercial products.)_

<a id="narrative-frame"></a>

## Narrative Frame

**Tactic:** safety framing  
**Category:** The Shield  
**Spin Score:** 35%  

Emphasizes researcher intent and user risk while minimizing developer responsibility, commercial incentives behind insecure defaults, and absence of industry-wide standards or enforcement mechanisms.

**Who Benefits If This Frame Spreads:** KU Leuven researchers gain credibility as neutral, public-interest security auditors.

**The Frame:** Academic security stewardship protecting decentralized users from invisible surveillance.

### Missing Context

- No discussion of wallet vendor response timelines or patch rates
- No analysis of whether leaks stem from specification ambiguity (e.g., EIP-1193) vs. implementation negligence
- Absence of comparative benchmark against non-extension wallet architectures (e.g., hardware, mobile)

<a id="language-heatmap"></a>

## Language Heatmap

**Language That Carries the Frame:** leak, track, link, pseudonymity

<a id="reader-risk"></a>

## Reader Risk

**Evidence Strength:** high  
Study methodology (n=85 extensions, traffic analysis, address correlation experiments) is described; findings are reproducible via disclosed technical vectors (e.g., RPC request patterns, event propagation).  
**Verification Status:** Claim Present in Source  
**Narrative Risk:** moderate  
Backfire risk exists if vendors dispute methodology or demonstrate mitigation in widely used versions — but the core finding (address linkage via extension behavior) is technically grounded and unlikely to be fully refuted.  
**AI Repetition Risk:** moderate  
**What AI Will Probably Repeat:** Crypto wallet browser extensions leak user addresses and enable cross-site tracking, according to KU Leuven researchers.  
AI may omit the nuance that leakage arises from standardized interaction patterns (not necessarily malicious code) and conflate all 85 wallets as equally vulnerable without distinguishing severity tiers.  
**Counter-Frame (Media):** Vendors may reframe findings as 'expected behavior under current Web3 standards' rather than 'security failures', shifting blame to ecosystem immaturity.  
**Missing Voices:** Wallet developers, Web3 privacy standards bodies (e.g., Ethereum Foundation Privacy WG), End-user advocacy groups  

### Questions Not Answered

- Which specific wallet vendors were named and notified prior to publication?
- What percentage of tested wallets implemented mitigations post-disclosure?
- Were any wallets found to intentionally collect or transmit PII beyond address linkage?

## Narrative Entities

- [KU Leuven](https://stuffthatspins.com/entities/ku-leuven) (organization — research institution conducting security audit)

<a id="claim-ledger"></a>

## Claim Ledger

### primary (technical)

The wallets themselves leak enough to link and track the people using them.

**Category:** safety  
**Verification:** Claim Present in Source  
**Risk:** high  
**Evidence presented:** Empirical testing of 85 extensions showing address correlation and cross-site behavioral linkage through RPC and event patterns.  
> Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them.

**Evidence Gaps:** Independent replication report; Vendor-specific vulnerability severity scoring (CVSS); User impact quantification (e.g., % of transactions traceable)  

<a id="ai-recall"></a>

## AI Recall

- **Published:** July 14, 2026  
- **SpinGraph summary:** Positions the research as a protective, responsible disclosure aimed at safeguarding users from external tracking — not as criticism of wallet developers’ design choices or accountability gaps.  
- **Likely AI summary:** Crypto wallet browser extensions leak user addresses and enable cross-site tracking, according to KU Leuven researchers.  

## Citation Summary

This page documents empirically verified privacy vulnerabilities in widely used crypto wallet extensions — a foundational reference for developers, auditors, and regulators assessing real-world Web3 privacy posture.

---
*HTML version: https://stuffthatspins.com/spin/study-of-85-crypto-wallet-extensions-finds-address-leaks-and-cross-site-tracking-risks*
