KU Leuven Researchers Find 85 Browser Crypto Wallets Leak User Data

Academic study says the way popular wallet extensions talk to websites lets outsiders link separate crypto addresses to the same person.

ThreatVectr Newsdesk· 3 min read
Full-frame edge-to-edge photoreal news-editorial image, 16:9 framing
Share

Key points

  • Researchers at KU Leuven in Belgium tested 85 of the most popular cryptocurrency wallet browser extensions and found privacy leaks in every one.
  • The wallets expose enough information during normal use to link a person's separate crypto addresses together.
  • Websites can quietly track users across the internet through the way wallets announce themselves in the browser.
  • On any site that already knows a user's name or email, the leak can attach a real identity to their entire on-chain history.
  • The findings, first reported by The Hacker News, cover extensions used by millions of people worldwide.

A team of academic researchers at KU Leuven has published a study showing that the browser extensions people use to hold cryptocurrency are themselves a privacy problem.

The researchers looked at 85 of the most widely installed wallet extensions. These are the small add-ons, like MetaMask and similar tools, that sit inside Chrome or Firefox and let a user sign in to crypto websites and move funds.

Every wallet in the study leaked something.

What does the leak actually mean for an ordinary user?

It means the person behind the wallet can be followed around the web, and their different crypto accounts can be tied together.

Here is the picture in plain terms. When you visit a website, your wallet extension has to introduce itself so the site knows you can pay in crypto. That introduction, the researchers found, includes signals unique enough to fingerprint you, meaning to recognise your specific browser and wallet setup the next time you show up somewhere else.

Separately, the way wallets fetch data from blockchain servers, the computers that keep the public ledger of transactions, can reveal which addresses belong to the same person. Many users keep several addresses on purpose, to keep savings separate from spending, or to stay anonymous. The study says that separation often does not hold.

And there is a sharper edge. If you use your wallet on a site that already knows who you are, a shop with your delivery address, an exchange with your ID on file, a forum with your email, that site can now connect your name to every address the leak reveals. Your on-chain history stops being pseudonymous.

How did the researchers test this?

They installed each of the 85 extensions and watched what they sent, to whom, and when. They looked at the code inside the wallets and the network traffic going out. The leaks were not the result of a hack. They were the result of ordinary design choices repeated across the industry.

The researchers say the problem is structural. Wallets talk to a small number of shared blockchain data providers, and those providers see a lot. Wallets also expose themselves generously to any webpage that asks, which makes fingerprinting easy.

What should wallet users do right now?

A few practical steps.

Keep high-value funds in a hardware wallet, a small physical device that stores keys offline, rather than a browser extension you use daily. Use different browsers, or browser profiles, for different crypto identities you want to keep apart. Be cautious about connecting your wallet to sites that also hold your real name or email, because that is where linkage becomes identification.

None of this fixes the underlying issue. That sits with the wallet developers.

The KU Leuven team has disclosed the findings to the vendors. Fixes will depend on how each wallet chooses to change the way it announces itself to sites and the way it queries blockchain servers. Users should expect updates over the coming months, and should install them promptly when they arrive.

Regulators have so far focused crypto privacy rules on exchanges and payment services. Wallet extensions, which sit closer to the user, have received less scrutiny. This study is likely to change that conversation.

© 2026 Threat Vectr