Crypto data firm Arkham Intelligence is under fire after privacy-conscious users discovered that the firm has been irresponsible about user data.
Arkham’s Privacy Problem
It is never a good idea to be negligent with customer data, especially in the crypto and blockchain space, where users value their security and privacy above everything else. Looks like crypto data firm Arkham Intelligence has learned this the hard way. The company committed multiple gaffes when it revealed its latest service that would uncover the identities of digital wallet owners. Privacy-conscious crypto advocates rose up in arms about this new service when they realized the firm had already been inadvertently leaking private customer information through its referral program.
Faulty Referral Program Doxxed User Emails
Under this program, users could invite others to the Arkham platform by sharing a unique referral URL. At quick glance, these URLs appeared to be a random string of characters. But under deeper inspection, it was uncovered that they could be easily deciphered to reveal the user’s email address, encrypted with Base64.
The company’s biggest product allows tracking crypto transactions and identification of wallet owners. Its latest product, “Intel Exchange,” has raised even more eyebrows in the privacy-focused corners of the cryptoverse.
The uncovering of the weblink slip-up has already added to the company’s reputation of not following a more privacy-focused approach in its services and operations.
M4gicpotato Comments On Privacy Breach
A privacy advocate known as m4gicpotato, who has been involved in crypto under various aliases since 2017 and is a contributor to the privacy blockchain Beam, shed light on the matter via Twitter.
They wrote,
“All Arkham referral links shared on Twitter is doxxing everyone because the email is in the referral URL.”
The post quickly gained viral attention, with m4gicpotato expressing concerns about the infringement on user privacy. They have also criticized Arkham’s decision to encode user emails using Base64, emphasizing that this additional layer of obfuscation compounded the privacy concerns surrounding the company.
The full extent of the number of affected users remains unclear. In theory, anyone who generated and shared a referral link may have inadvertently disclosed their email address. Some users even posted their links on Twitter, further exacerbating the potential privacy risks.
CEO Responds
The company’s CEO, Miguel Morel, responded to the controversy, claiming that the coding of the referral program was done in this manner in the beta stage to allow Arkham to identify and reward users who were referring others. He claimed that the change has already been made to the code to encrypt user email properly to prevent reverse engineering.
He tweeted,
“Our industry has been plagued with bad actors who survive by hiding in the shadows. Crypto intelligence brings them into the light, and that’s what our platform and our research have always done.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source:https://cryptodaily.co.uk/2023/07/arkham-has-been-doxxing-users