Privacy and Safety: Why you should value your anonymity
A recent article by Wired underscores the alarming rise in physical threats and violence used to coerce individuals into transferring their valuable digital assets to criminal accounts. When malicious actors can link a digital wallet to its owner, high-net-worth individuals become prime targets for theft, market manipulation, and identity fraud. In the most severe cases, this can lead to blackmail, extortion, home invasions, or worse.
The visibility inherent in public blockchain ledgers is a significant risk factor, as it exposes users to such dangers by making it easy to trace and associate financial activity with specific individuals. Privacy is crucial not only for security but also for individual safety.
This article delves into how bad actors can use open blockchains to identify and target victims and how on-chain privacy solutions like Panther Protocol can mitigate risk.
How can bad actors identify potential victims?
In most cases, bad actors require access to the password or keys to the digital assets to achieve their goals. Typically, these criminal activities involve identifying a target or target wallet, gaining access to its credentials, and then transferring the assets to their own wallet or account. According to Chainalysis, One third of hacks in DeFi involve off-chain activities, using off-chain data to access this sensitive information.
Blockchain cybersecurity firm, Halborn, identifies the most common methods of compromising private keys as phishing, malware, weak passwords, insecure key storage, weak key generation, social engineering and cloud storage breaches. While some compromised keys have come from mass attacks (“spray and pray”), where a large number of potential victims are hacked indiscriminately with a low probability of success, targeted attacks (such as spear phishing) have a much higher probability of success. Open transactions may leave users more vulnerable to these types of attacks, allowing hackers target a particular wallet or set of wallets in an attempt to obtain the keys.
When you make a cryptocurrency payment at a café or any public venue, your transaction details, including the send addresses, can potentially be observed and linked to your other digital wallets. Panther Protocol's Shielded Pool will mitigate this risk by enabling you to transact using zAssets—private, mirror tokens that conceal the true origin of the underlying assets.
By using zAssets for your transactions, the public visibility of your send address will be obfuscated, making it difficult for anyone to link the transaction back to your other wallets. This will effectively shield your wallet addresses from observers, preventing them from tracing back to your broader collection of wallets and other sensitive financial information.
Decoupling identity from wallet addresses
Unique identifiers like .Eth domains or NFT profile pictures can inadvertently expose your on-chain identity, linking your social presence to your financial activities and making you vulnerable to unwanted tracking and privacy invasion.
Panther Protocol is designed to allow you to interact with DeFi platforms using zAssets, ensuring that your on-chain transactions will be conducted privately. Even if you use a public-facing identity, such as a .Eth domain, transactions made in Panther’s Shielded Pool will not reveal your wallet’s holdings or activities. Additionally, Panther Zones are intended to ensure that any identity-related actions you take remain private and secure.
Preventing blockchain analysis and clustering
Blockchain analysis can reveal patterns in your transaction history, potentially exposing your identity or linking multiple wallets under your control. This information could be exploited by bad actors to target your assets through various phishing or hacking methods.
Transactions conducted through Panther Protocol’s zTrade and zSwap functionalities are designed to be private and unlinkable. By leveraging ZKPs, these transactions will be shielded from blockchain analysis tools. The unique architecture of the Shielded Pool, which utilizes append-only Merkle trees, is designed to ensure that each transaction is recorded privately, without disclosing its details or history. This will make it difficult for attackers to use clustering algorithms to trace multiple addresses back to a single entity. Additionally, as more users transact via Panther Protocol, the anonymity set will grow. The increasing number of unique deposit wallets and UTXOs will exponentially complicate the efforts of clustering algorithms to identify the source of each transaction.
When a bad actor connects you to any of the wallets you frequently engage with, they can potentially discover other wallets you own by analyzing transaction patterns in your data trail. If a wallet regularly interacts with known exchange addresses, an attacker may link these transactions to external data, such as exchange account information, which could reveal the wallet owner’s identity
To uncover wallet owners' identities, malicious actors could combine blockchain data with other information sources. For example, if a wallet regularly interacts with exchange addresses acquired through data leaks or breaches, an attacker could use exchange records, which often contain personal identification details to identify the owner.
Transaction patterns, such as recurring payments or transfers to specific addressel personal or business relationships. This information can be cross-referenced with publicly available data or information obtained through the various methods described above.
Clustering algorithms can be used by law enforcement to identify bad actors. Still, they can equally be used by bad actors to group related addresses that a single entity may control. By integrating blockchain data with metadata (such as IP addresses) and off-chain information, attackers can more accurately identify high-value targets, matching them with identities that are collected offline.
Defending Against Dusting Attacks
Dusting attacks involve sending small amounts of cryptocurrency to a wallet in order to analyze its transaction patterns and potentially uncover the identity behind it. By tracking how this dust is moved, attackers can gain insights into the wallet owner’s activities.
With Panther Protocol, even if your wallet is targeted by a dusting attack, any subsequent transactions using zAssets will occur within its Shielded Pool, which is designed to prevent the dust from revealing any meaningful information. Panther’s privacy-enhancing technology will ensure that the dust cannot be traced through the Panther system, as transactions within the Shielded Pool are shielded and do not disclose the movement of underlying assets or include deposits of unwanted assets.
Securing Against Social Engineering and Off-Chain Attacks
Bad actors may also use more traditional scams like phishing, smishing, and social engineering to link wallets to their owners. Other scams involve real-world interactions, such as SIM swapping attacks; hacking into your email or using dark-web obtained email addresses and passwords or KYC data to access personal information.
Many of the most effective attacks on digital assets occur off-chain and these methods typically rely on gathering sufficient information about a target to gain access to their wallets and keys.
Although Panther Protocol is primarily designed to enhance on-chain privacy, the protection it will offer is intended to extend indirectly to off-chain attacks. By keeping your on-chain activities private and untraceable, Panther aims to significantly reduce the data available for attackers to exploit in off-chain schemes. After all, how can attackers attempt to socially engineer their way into your crypto assets if they don't even know you possess them?