Close Menu
    What's Hot

    Iran’s Former Leader Denies Times Report

    Millennials will pay taxes on the ‘Great Wealth Transfer’—and the cut is staggering. Here’s exactly how much they owe

    House Votes for Permanent Daylight Saving Time

    Facebook X (Twitter) Instagram
    Trending
    • Iran’s Former Leader Denies Times Report
    • Millennials will pay taxes on the ‘Great Wealth Transfer’—and the cut is staggering. Here’s exactly how much they owe
    • House Votes for Permanent Daylight Saving Time
    • Iran’s Cyberattackers Tracked Phones of U.S. Military Personnel in the Mideast, Data Suggests
    • At War With Iran Again, Trump Finds an Opponent He Cannot Easily Dominate
    • Former Child Care Worker in Sydney Facing Over 300 Abuse Charges Is Identified
    • Top Tax Official to Leave Trump Administration
    • OpenAI researcher Miles Wang in talks to launch AI drug discovery startup valued at $2B
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

    adminBy adminJuly 15, 2026No Comments7 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

    Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them.

    The way these wallets talk to websites and blockchain servers can tie a person’s separate addresses together and let outsiders follow them from site to site. And on a site that already holds a name or email, the same leaks can put a real name to an “anonymous” crypto identity.

    This is not a hack. The wallets behave exactly as they were built to. The 85 extensions together have about 35 million users listed on the Chrome Web Store.

    The team, from the university’s DistriNet security group, posted the paper this month and will present it at the PETS 2026 privacy conference in Calgary in late July.

    They ran real wallets against real Web3 sites and mapped out five privacy weaknesses in how wallets and websites interact. When they reported the most far-reaching one to the wallet makers before publishing, most declined to call it a bug at all.

    Problem 1: Your separate addresses get linked

    Many people keep several wallet addresses on purpose, to keep parts of their financial life apart. That only works if nobody can tell the addresses belong to the same person. But to show your balance, a wallet constantly pings outside servers, and those requests carry your address, in the clear, to whoever runs the server.

    When a wallet puts two of your addresses in one request, that server learns they are yours. Seventeen wallets exposed connections between a user’s separate addresses. Thirteen did it the obvious way, bundling two addresses into one request. Four more gave themselves away by firing separate requests within milliseconds of each other, a weaker but still useful signal.

    Cybersecurity

    Together, those wallets cover about 23 million of the installs studied. Whoever runs the server, or anyone who later gets its data, can stitch the addresses into one profile.

    Problem 2: Logging out often doesn’t log you out

    This problem and the next one share a starting point: a website can tell which wallets you have installed. Each wallet announces itself to any page it loads, so a script can read the exact set you carry, a fingerprint that works even if you never connect a wallet and even if you block cookies.

    The researchers found that 36 of the 85 wallets do this, and their users make up about 82% of the installs studied. Those same 36 are the group behind the numbers below.

    When you connect a wallet to a site and later disconnect, you assume the site loses access. Often it doesn’t, for two separate reasons.

    First, many sites never actually tell the wallet to cut off access. Of the 30 popular Web3 apps the team tested, only 11 sent a real revoke command when a user clicked Disconnect or Logout. The rest just cleared their own screen.

    Second, even when the command is sent, many wallets ignore it. In 22 of those 36 wallets, the site could still read your address after asking the wallet to revoke it, and that access survived clearing cookies and restarting the browser.

    That makes the address a powerful tracking tag. It is globally unique, and unlike a cookie, it does not disappear when you clear your browser. The stale permission sits inside the extension until you open the wallet’s “Connected Sites” list and remove the site by hand; until then, a script on the page keeps reading the address in the background.

    Problem 3: A wallet you once connected to can expose you on other sites

    The last problem reaches the furthest. Of those same 36 wallets, 23 will hand out your address from inside a frame that one page has loaded from another site. On its own, that does nothing. The catch is what a shared tracker can do with it.

    Say the same tracking script runs on a crypto app you once connected to and on an ordinary, unrelated website. On the ordinary site, the tracker quietly loads that crypto app inside an invisible frame.

    The app’s page was already authorized by the wallet, and these wallets answer from inside the frame, so the wallet hands the address back to the script with no click from the user. The app has to allow being embedded for this to work, though plenty of them do.

    Link that address to a name or email the site already has on file, and a pseudonymous crypto profile turns into a named person. A wallet address is a public record of its balances, transactions, and token holdings. Tie that to a real identity and a browsing history, and an attacker has a named target whose money is now in view.

    The researchers showed this path is real and usable; they did not claim trackers are already running it at scale.

    What to do, and how the industry responded

    For users, the fixes are only partial. Open your wallet and clear out old site permissions you no longer use. That stops the stale-address tracking from Problem 2, but it does nothing about the address leaks to servers or the installed-wallet fingerprint.

    The researchers’ demo shows how your own wallet behaves; it runs in your browser and, they say, stores nothing. Use a throwaway wallet to be safe. It also helps to keep different activities on separate wallets or browser profiles. The bigger fixes are out of users’ hands.

    The researchers focused their disclosure on that cross-site problem and told the affected wallet makers before publishing. By a February 2026 retest, Coinbase Wallet and Coin98 had already fixed it, and Hana Wallet did so later. But of the eight vendors the paper says replied through their bug bounty programs, most declined to treat it as a bug.

    MetaMask called it a known issue, closed the report as a duplicate, and said it had no immediate plans to stop injecting its provider because that would break too many apps.

    Cybersecurity

    Rabby said the attack would need the same malicious script running on two sites at once, calling that “virtually impossible,” and concluded that “the vulnerability does not exist.” OKX agreed the finding was technically correct, but closed it as informational because it exposes data without stealing money.

    Bybit, Backpack, and Core called it low-risk or out of scope. The full replies are published in the researchers’ repository.

    The study builds on 2023 research by Christof Ferreira Torres and colleagues, who first showed browser wallets leaking addresses to outside servers. This work catches leaks that earlier tools missed, maps out the cross-site tracking, and shows how the same leak could be used to unmask people.

    Where scanners like WalletRadar and WalletProbe hunt for outright bugs, this paper shows that a wallet does not need a bug to expose you. That sets it apart from the fake wallet extensions caught stealing keys last year. There, criminals stole. Here, nothing is stolen, and the leak is built in.

    The paper went up on arXiv on July 7 and is set for presentation at PETS 2026 in Calgary, July 20 to 25. For now, the wallets work as designed, and several of their makers have said, in effect, that the design is fine.

    The real fix is not another warning to users. It is wallets that stop exposing themselves inside embedded frames, and an ecosystem standard that says what logging out must actually do.

    address CrossSite Crypto extensions finds leaks Risks Study tracking wallet
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleOpinion | Lindsey Graham’s Choice
    Next Article Spain show teamwork may yet win out in World Cup of superstars as Kylian Mbappe and France eliminated | Football News
    admin
    • Website

    Related Posts

    At War With Iran Again, Trump Finds an Opponent He Cannot Easily Dominate

    July 15, 2026

    Researchers Say Claude for Chrome Flaw Lets Rogue Extensions Trigger Gmail Reads

    July 14, 2026

    Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

    July 14, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Iran’s Former Leader Denies Times Report

    Millennials will pay taxes on the ‘Great Wealth Transfer’—and the cut is staggering. Here’s exactly how much they owe

    House Votes for Permanent Daylight Saving Time

    Iran’s Cyberattackers Tracked Phones of U.S. Military Personnel in the Mideast, Data Suggests

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by