The perils of transacting on a public network
Thanks to Yanay Prop who authored the original draft of this article, and is responsible for 100% of the research
{{blog_divider}}
Cuban’s First NFT
Last month, Mark Cuban, swashbuckling entrepreneur and media mogul, best known for pioneering radio-on-the-internet in the early days of Web1, discovered he had prematurely entered the broadcasting business onWeb3— when his personal financial history on Ethereum was unveiled for the world to browse.
It began with a seemingly trivial tweet. Cuban shared a piece of NFT artwork with his followers.
But It Soon Unravelled...
One quick sleuth, Steven from TheBlock, immediately traced the original source of funds used by Cuban’s holding address.He knew this address must be controlled by one of:
- A centralised wallet / exchange
- TornadoCash
- Mark Cuban himself
Oh hello @mcuban's Ethereum wallet.https://t.co/GWvz57YDU6It was immediately obvious that Cuban himself controlled the funding address.
From this, Cuban’s financial history was laidbare.
When we use Ethereum, we leave a tangled web of transactions that’s burned into the network forever. It can haunt you a little now, and can haunt you a lot later, as data accumulates, and the transaction graph thickens.
A small amount of knowledge lets observers retrace our unbroken steps through DeFi, forwards and backwards. To demonstrate, let’s pick through Cuban’s “financial tattoo” (that quote courtesy of The Defiant).
{{blog_divider}}
Cuban’s Brief Financial History
Cuban’s address became active last month (January 2021), and here’s his trading book on Etherscan:
His first transactions involved DAI and WETH, via AAVE.Notice:
- He deposits and withdraws a number of times at first
- Initial amounts are modest for a billionaire — 1000 aDAI and 1 aWETH
Both features suggest he’s a DeFi newbie.
This was probably his only DeFi address, at the time. In a few days, he was comfortable enough to deposit 1000 aWETH into AAVE — and began earning his first yield.
{{blog_divider}}
The Trivial Problem: Fly Tipping
When a celebrity’s home address is revealed, the paparazzi, the merchants, the fanatics, will congregate.
On cue, mischief-makers and door-to-door salesmen came calling at Cuban’s address, dumping novelty tokens.
Hey @mcuban, heard you like DefiI just sent you $1,000 in Defi Pulse Index (DPI), a basket of tokens from 10 of Defi's leading productsIn return, we ask for **ONE MINUTE** of your time so that Defi's top ambassador @sassal0x can pitch what is possible today.
What do you say? pic.twitter.com/t07e1he3rf
Cuban also became the owner of several ENS domains — some useful, others significantly less useful.
Grim sentiments aside, it’s just the start of the problems Cuban would have faced, if he’d continued broadcasting his data.
{{blog_divider}}
The Real Problem: Everything Else
Imagine that Cuban now re-routes his Aave income — funding projects, streaming salaries, paying for subscriptions, services, etc.
So now Ethereum watchers can see:
- his business activities
- his personal activities
- his financial strategies and opinions
- a widening window on his asset base
- in time, his location in time and space
All readable straight off etherscan — and that’s before machine learning, and its eerie ability to pick features from ‘barren’ datasets.
And for us: the users. Imagine us trying to manage all this personal data, potentially thousands of transactions, and keeping a mental tally of connected transaction types.
To solve it, you’re back to trusting centralised parties again — at the cost of your data, if not your assets.
{{blog_divider}}
This Is All Of Us, Right Now
Every Web3 user has been doing this — not justCuban.Notably, back in October 2019, top Silicon Valley fund a16z had their SNX balances exposed when crypto-twitter linked them to a holding address.
And with more utilities to make crypto easier to use, such as ENS domains, user privacy has degraded evenfurther.
Convenience premiums are everywhere in crypto today — high costs on dexes, borrow-lend spreads in DeFi, privacy costs on mainnet.
But innovation is steadily bringing them down.
{{blog_divider}}
What About TornadoCash?
TornadoCash is a good way to break your transaction graph, and it’s an important public utility.
In particular:
- It’s fully decentralised
- It has no information asymmetry on its users
- It breaks your transaction graphs, and gets better the longer you wait
As with everything, it has its drawbacks:
- Expensive: ~1m gas
- Withdrawal times: relatively long, to allow the anonymity set to build
- Very manual: the user needs to manually break transaction graphs
Additionally, recent efforts have sought to de anonymise TornadoCash users.
{{blog_divider}}
What’s Aztec Doing About Privacy On Ethereum?
Aztec 2.0, our private rollup, is preparing for soft launch. We want to eliminate the trade-offs between usability, cost, and privacy.
Our 2021 roadmap is as follows:
- Deposits, withdrawals, and private sends for ERC-20s
- Anonymous Layer 1 DeFi: you will be able to do liquid transactions, e.g. DAI-ETH in Uniswap, as part of the Aztec anonymity set
- Private smart contracts: our language Noir will put smart contracts into the hands of developers, and we’ll build or fund an Aztec-native dex too
Our cutting-edge ZK-SNARK technology, PLONK, invented by our world-class research team, provides both gas-relief and privacy, so you don’t have to choose between the two.
We hope you enjoy using Aztec’s mission-critical technology as we launch and upgrade the new network through2021.
{{blog_divider}}
Always Maintain Your Data Hygiene
Regardless of how you use Ethereum, observe and use the following:
- Awareness: remember every on-chain transaction is public, forever
- Address-Splitting: separately fund your wallets for different uses, without connecting these addresses directly on-chain
- Privacy Services: These services help protect you from leaving a permanent footprint on Web3
- Get in Touch!
{{blog_divider}}
Get in Touch!
If you have any questions or comments, please message us at tom [at] aztecprotocol.com, or else by joining one of our community channels below:
{{blog_divider}}
Join our Community
{{blog_divider}}
Acknowledgements
Thanks again to to Yanay Prop who researched and authored the first draft of this article.