Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Crypto Wallet Extensions’ Privacy Risks Uncovered

Crypto Wallet Extensions’ Privacy Risks Uncovered

Posted on July 14, 2026 By CWS

Researchers from KU Leuven have identified significant privacy concerns associated with 85 popular crypto wallet browser extensions. The study highlights how these wallets potentially expose user information, creating tracking risks across different websites and linking separate wallet addresses.

Linking of Wallet Addresses

The research team discovered that the way crypto wallets interact with websites and blockchain servers can inadvertently link an individual’s multiple wallet addresses. This linkage allows external parties to track users across different sites, compromising their anonymity. Out of the tested wallets, 17 were found to expose connections between a user’s distinct addresses, affecting roughly 23 million installations.

Such exposure is facilitated when a wallet transmits multiple addresses in a single request or when requests are sent in rapid succession. These practices enable server operators to compile addresses into unified profiles, posing a significant privacy threat.

Inadequate Logout Procedures

Another critical issue identified is the ineffective logout process employed by many crypto wallets. A total of 36 wallets, representing 82% of the sample, were found to announce their presence to websites, creating a unique fingerprint of installed wallets even without user interaction.

When users disconnect from a site, many wallets fail to terminate access properly. Of the Web3 applications tested, only a third effectively revoked permissions. Additionally, even when sites issued revoke commands, many wallets ignored them, allowing continued access to addresses despite user attempts to log out.

Cross-Site Exposure Risks

The researchers also revealed how previously connected wallets could expose user data on unrelated sites. A shared tracking script running on both a crypto app and an ordinary site can extract wallet addresses through hidden frames. If a site holds personal data, this could lead to the de-anonymization of crypto profiles.

This vulnerability underscores the risk of linking wallet addresses to real identities, potentially endangering user privacy by exposing transactions and balances.

The study emphasizes the need for users to manage site permissions actively and adopt separate wallets for different activities. While some wallet providers have addressed these concerns, the researchers’ findings call for broader industry changes to enhance privacy protections.

The study’s insights, which build upon earlier research, demonstrate that the existing wallet designs inherently expose user information. The findings were presented at the PETS 2026 privacy conference in Calgary, pushing for an ecosystem-wide standard to safeguard user data.

The Hacker News Tags:address leaks, blockchain privacy, browser extensions, cross-site tracking, crypto identity, crypto wallets, data exposure, internet security, KU Leuven study, online tracking, PETS conference, privacy risks, privacy weaknesses, user privacy, Web3 security

Post navigation

Previous Post: CISA Alerts on Cisco IOS Vulnerability Exploitation
Next Post: Enhancing SOC Efficiency: Cut Alert Overload & MTTR

Related Posts

Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions The Hacker News
Europol Dismantles Major Phishing Service Linked to 64,000 Attacks Europol Dismantles Major Phishing Service Linked to 64,000 Attacks The Hacker News
Drupal Urges Immediate Core Security Updates Drupal Urges Immediate Core Security Updates The Hacker News
CISA Flags SolarWinds Vulnerability in Security Alert CISA Flags SolarWinds Vulnerability in Security Alert The Hacker News
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels The Hacker News
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines
  • Enhancing SOC Efficiency: Cut Alert Overload & MTTR
  • Crypto Wallet Extensions’ Privacy Risks Uncovered
  • CISA Alerts on Cisco IOS Vulnerability Exploitation

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines
  • Enhancing SOC Efficiency: Cut Alert Overload & MTTR
  • Crypto Wallet Extensions’ Privacy Risks Uncovered
  • CISA Alerts on Cisco IOS Vulnerability Exploitation

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark