Ethereum Staking Can Reveal Your IP Address
According to Ethereum expert, ETH staking can reveal sensitive information about the staker. Bankless podcast discussed what comes after Ethereum Shapella upgrade.
According to Ethereum expert, ETH staking can reveal sensitive information about the staker. Bankless podcast discussed what comes after Ethereum Shapella upgrade.
Recently, a significant network update took place in Ethereum – Shapella upgrade. The upgrade constitutes a package of Ethereum improvement proposals (EIPs) implementing various functions into the Ethereum network. Most importantly, this upgrade allowed validators to withdraw the previously staked ETH and made further staking liquid and more attractive.
Overall, the upgrade was a success, and since its launch, many exciting events have occurred, described in our recent article about Early Effects of the Shapella Upgrade.
However, a recent revelation by a researcher at Ethereum foundation, Justin Drake, has alarmed the crypto community. He said that metadata is transmitted during the ETH staking, including the IP address of the computer that participates in the staking.
Justin Drake spoke the fatal phrase in an episode of Bankless podcast, where he and two other Ethereum experts, Tim Beiko and Anthony Sassano were invited to share their perspectives on the recent Shapella upgrade and what comes next.
The issue of staker data was discussed in the context of their identification for possible airdrops to solo validators. Justin Drake predicted that solo validators could receive 'special airdrops' in the future, and the metadata, such as their accounts, IP addresses, as well as working patterns, could allow to distinguish them from institutional stakers such as cryptoexchanges or banks. However, what was presented as an 'advantage' for solo stakers, raised other concerns.
The problem is that IP address can be used to calculate the device's location. This can be dangerous for users engaged in staking from home devices since attackers can calculate their physical location. This, in turn, can lead to cyber attacks on the user or even attacks in real life.
Technically, the logging of IP addresses is not a bug. Staking is carried out through the Ethereum client that needs these IP addresses for network communications. However, it is still a privacy flaw that should have been considered by developers or, at least, properly communicated.
A noteworthy participant in the crypto community under the pseudonym "Pledditor" had immediately equated Ethereum to the totalitarian state from the novel "1984" by George Orwell.
Not everyone reacted so emotional to Justin Drake's phrase. More advanced users find it normal that the public IP address is used in many networks for synchronization and using tools such as VPN or Proxy can easily solve the problem.
Nevertheless, this is another argument against so called solo, amateur staking that could provide a true decentralization — something Ethereum founders always wanted to achieve. Proof-of-stake blockchain validation is technically as complicated as Bitcoin mining, concentrating it within hands of specialist staking service providers.
The new form of money and finance comes with more functionality, and lower transaction costs, but puts more responsibility on the shoulders of the users. In general, it is recommended to use fully user-controlled open-source systems, such as Linux, as well as VPN services, to protect your privacy not only in blockchain applications but working in the public networks as such. Some find it complicated, but it is becoming a part of our normal web life. Whether people accept this challenge or turn back to the safe bankers, we will Observe.