Teach you how to master DeFi privacy protection practical skills step by step

By Leo Young

Blockchain, crypto assets, and decentralized finance (DeFi) do not inherently protect user privacy. On the contrary, all transaction information is on the chain, exposing DeFi users' usage habits and even personal identities to the world.

A recent example is the controversy caused by Sam Bankman-Fried, CEO of derivatives trading platform FTX and Alameda Research, who was suspected of shorting DeFi tokens. Some people in the DeFi community pointed out that on-chain data clearly showed that he transferred nearly $80 million of platform currency FTT to Cream Finance to mortgage and borrow assets such as COMP and YFI, and then sold them. Although he explained the motivation for this operation, it still caused dissatisfaction in the community.

A wallet address of Sam Bankman-Fried has been closely monitored by DeFi enthusiasts. Source:
https://debank.com/portfolio/0x477573f212a7bdd5f7c12889bd1ad0aa44fb82aa

Whether it is a whale or an individual, I believe no one is willing to disclose all their past transaction records to the outside world. Privacy will also be the basis for the large-scale application of DeFi. When using DeFi applications, privacy issues must be paid attention to.

In fact, for ordinary users, it is entirely possible to improve the level of privacy protection through some simple usage tips. This article recommends some basic methods to protect privacy.

Of course, if you want to acquire advanced skills and understand more about the principles and practices of Ethereum privacy protection, it is recommended to read the "Practical Guide to Ethereum Network Privacy Protection" previously released by Lianwen.

Basic Tips: Getting Started with Using DeFi Safely

1. Register a new email address

Having a brand new email address that no one else can identify is essential to maintaining your anonymity.

It is recommended to use encryption software services such as postale.io, ProtonMail, Tutanota, anonymous email service Secure Email , or you can also consider the disposable email service Guerrilla Mail .

Useful links
Postale: https://postale.io/
ProtonMail: https://protonmail.com/
Tutanota: https://tutanota.com/zhhans/
Secure Email: https://www.secure-email.org/
Guerrilla Mail: https://www.guerrillamail.com (often has connection failure issues)

Registering a new email address requires avoiding personal identity verification or phone registration, and turning on two-step verification. After registering a new email address, you can receive push notifications from apps like Etherscan .

Be careful to avoid any communication related to your identity. Remember, this is your DeFi-specific mailbox .

2. Separate public and private transaction addresses

Any public transaction address should be separated from private transaction addresses. For example, the address used to receive donations should be separated from the address of personal assets .

3. Transactions using full nodes

When using a full-node wallet , all transaction information is stored locally. After verifying the transaction information through its own node, the result is broadcast to the entire network to ensure that information such as IP addresses will not be leaked. Deploying a full node not only ensures the security of its own transactions, but also helps the network to be more decentralized . Of course, this requirement is a bit high, because the hardware requirements of a full node are not low for most users. Currently, the entire Bitcoin block is nearly 360 GB, and the entire Ethereum block is nearly 480 GB.

4. Use a hardware wallet

Hardware wallets include Ledger, imKey, Cobo, etc. Another option is to use a dedicated mobile phone to store digital assets, but remember to keep it offline, set a password, and keep it safe.

5. Things not to do

Avoid saying things like "I just paid 20 gwei gas fee" or "MKR vote failed" on social networking sites . These may reveal your transaction address.

More importantly, avoid having ENS (Ethereum Name Service) with the same name as your social account.

Essential Tips: Decouple Transaction Addresses from Identity

Friends who are familiar with the Bitcoin network know that Bitcoin transactions can use hardware wallets, use new addresses for each transaction, or use special addresses for different types of transactions. Even if this cannot completely get rid of on-chain data analysis and tracking, if a different address is used for each transaction and the same address is not reused, the historical connection of past transactions can be broken and personal privacy can be protected to a certain extent.

Unlike the Bitcoin UTXO account model, the Ethereum balance account model has little privacy protection even if the address is not reused. If you want to delete the past transaction history on Ethereum, you have to create a new account .

Solution: Tornado Cash

Tornado Cash is a privacy-preserving mixer application on Ethereum that uses zero-knowledge proof technology. The mixer allows user funds to be mixed with other user funds to achieve the effect of " destroying transaction history ".

Users can transfer a certain amount of ETH (currently 0.1, 1, 10, 100 ETH) to the smart contract fund pool, obtain a transaction voucher, and then withdraw money from the fund pool to a new address.

The longer you deposit funds in the pool and the larger the amount of funds in the pool, the more privacy you will have when withdrawing funds.

However, there are a few things to note when using Tornado Cash:

• You can choose to keep the deposit and withdrawal transaction voucher to prove the transaction. If it is accidentally leaked in the future, your transaction record will also be leaked.

• If you use the same IP address or API interface to deposit and withdraw funds from the fund pool, your location may be exposed.

• If the same DApp is used for deposits and withdrawals, and the browser cookies are not cleared during the period, the DApp service provider may contact the depositor and withdrawer through cookies. Users are advised to use different IPs, different browsers, different computers and other strengthening measures.

• If multiple deposits are made from an address and the same amount of withdrawals are made to the same address , the identity may be exposed. For example, if an address makes ten deposits of 10 ETH each to the Tornado Cash pool, and then ten withdrawals are made to the same address, then there is a high probability that the deposit address can be linked to the withdrawal address.

• In addition, it can be withdrawn in batches at different time points to avoid disclosing relevant addresses, transaction amounts, time and other information.

Special risk warning: IP address leakage

When using decentralized applications such as Uniswap, Balancer, Synthetix, and Compound, not only can smart contracts access your wallet address, but all usage records are also public.

Furthermore, your wallet address can be linked to your physical location .

All user behaviors on the network will be tracked by operators, public network service providers, and online service providers.

The most commonly used applications for Ethereum are the wallet MetaMask and the browser Etherscan . Like any Internet service, MetaMask and Etherscan can read your IP address and link your physical location to your wallet address.

Solution:

Using a Virtual Private Network (VPN)

Using a virtual private network can hide the physical location of the wallet address. If you use a virtual private network and use the Tor browser at the same time, privacy is enhanced through nodes.

Brave, the privacy browser

Brave is a privacy-preserving browser with Tor privacy protection built in. Its native token is BAT.

It is recommended to use the incognito window mode of the browser and clear the browsing history before and after each use.

Other useful tools recommended

• mydefi.org can track all DeFi applications and transfer records used by an address or account

• ethtective.com View all address records related to a certain address