Address Reuse: Privacy Killer Found In 50% Of All Bitcoin Transactions

Address Reuse: Privacy Killer Found In 50% Of All Bitcoin Transactions

This article was brought to you with friendly support of Trezor.


According to blockchain data, many Bitcoiners use the same address more than once. Around 50% of all Bitcoin transactions involve addresses which were used before.

You may have heard that bitcoin is anonymous and great for privacy. This is not entirely accurate, and the latest research shows that half of all Bitcoin addresses are being used more than once, diminishing privacy further.

Table of Contents

Address Reuse Explained

Address reuse refers to a single Bitcoin address receiving funds more than once. Since the blockchain data is public, it can be proven that this well-known Bitcoin privacy mistake still happens in around 50% of all transactions:

bitcoin-address-reuse
source

Technical Definition Of Address Reuse & Privacy Tools

While there isn’t a clear standard for how to measure or define address reuse, OXT calculates address reuse ratio as: [(UTXOs created – new addresses) / UTXOs] created. This equation yields a percentage of addresses used in a particular time period that aren’t new; a proportion of all addresses that have been reused.

Still, the overall picture of Bitcoin privacy is looking better. The Lightning network, which allows transactions to take place on a secondary payment layer rather than on the public Bitcoin blockchain, is growing in popularity. Further, privacy wallets such as Wasabi Wallet — have added ZeroLink and other privacy features for their users.

Hardware wallet manufacturers have also become more focused on privacy and one of the largest wallet manufacturers, Trezor, now offers coincontrol and CoinJoin features directly in its wallet suite.

But privacy features are only useful if people actually use them. In the case of Bitcoin, address reuse is a common problem. This privacy deficiency is a pitfall many new and inexperienced users fall into.

Why Is Bitcoin Address Reuse Bad?

It is considered bad practice to reuse Bitcoin addresses because it weakens privacy for the entity who is reusing the address as well as for their counterparty.

If an adversary can tie one transaction to the real-world identity behind a particular address, then they also know that all of the other payments sent to that address were received by that same individual. Additionally, payments sent from that address are known to be sent from that same person.

To better understand the privacy implications of address reuse, it’s important to know how Bitcoin transactions work. We have written a beginner’s guide on UTXOs, explaining exactly that:

What Are Bitcoin UTXOs – Beginner’s Guide

[wpcc-iframe class=”wp-embedded-content” sandbox=”allow-scripts” security=”restricted” style=”position: absolute; clip: rect(1px, 1px, 1px, 1px);” title=”“What Are Bitcoin UTXOs – Beginner’s Guide” — Bitcoin News” src=”https://bitcoinnews.com/what-is-bitcoin-utxo/embed/#?secret=kPYdSiRtrQ%23?secret=IH8Dp4tU02″ data-secret=”IH8Dp4tU02″ width=”600″ height=”338″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ scrolling=”no”]

In short, when a Bitcoin address is reused, the transaction history is inherited. This means that an address that is used multiple times allows external parties to trace transactions and draw conclusions about the financial status and behavior.

But shouldn’t financial privacy be our utmost priority? Being careless about it can mean that we are exposed to risks such as hacker attacks as well as illicit corporate and government surveillance.

Bitcoin Address Reuse Often Happens Because Of Convenience

Truly, we can’t blame people for using the same address twice. After all, it’s a convenient way of dealing with your wallet since users can memorize their address if they stick with one.

The Bitcoin Wiki suggests that “Bitcoin invoices” may have been a better name for “addresses” due to the the misconceptions around the “address” terminology. If Bitcoin addresses are supposed to be for single use, they act more like invoices than addresses in the traditional sense to which the analogies refer.

With Lightning, this terminology has been changed and on Lightning the addresses are called “invoices.” Lightning invoices are single use and expire after some time, which increases the overall privacy.

However, most users still do not care enough about their financial privacy and they are used to a fixed address from their bank account and email provider.

Convenience doesn’t have to be the opposite of privacy. Modern Bitcoin wallets use hierarchical deterministic wallets to make it easier to work with many different Bitcoin addresses. Hardware wallets like Trezor automatically generate new addresses each time you receive a transaction; they’re all controlled and managed from the same wallet.

Address Reuse History May Reflect Influx Of New Users

When newbies learn about Bitcoin, they are easily overwhelmed with information. Avoiding address reuse is often a less important topic when getting started. Perhaps, that’s one of the reasons why address reuse is still such a big problem.

The monthly historical data shows a peak of 77.63% address reuse in February 2013, before a downward trend to a bottom of 41.34% in December 2017. A spike in address reuse was recorded again around July 2015, however, this was likely due to a “stress test” during that month.

Address-reuse-months

In recent years, Bitcoin address reuse has been on the rise. In November 2018, more than 50% of the addresses used were not new. In March of 2019, 53.57% of addresses had been used before.

In December 2022 address reuse appears in 50% of all transactions which is a slight improvement from 2020 and 2021.

address-reuse-December-2022
Bitcoin-address-reuse-chart

It should be noted that much of the address reuse may have been caused by VeriBlock, which is a project that uses Bitcoin OP_RETURN transactions in an effort to bring additional security to alternative blockchains. Forbes reported that VeriBlock accounts for 20% of daily Bitcoin transactions at the time, and the relevant transactions listed on the VeriBlock website indicate that the system reuses addresses many times for their proof-of-proof activities. Here’s a VeriBlock-related address that has been used 97 times at the time of this writing.

The reverse in the trend regarding address reuse happened roughly seven months before VeriBlock started having any kind of impact on the Bitcoin network. This suggests that the initial trend reversal was related to the sudden decline in the influx of new users following Bitcoin’s price crash around this time.

How To Minimize Address Reuse?

To reduce address reuse in Bitcoin is beneficial for everyone as well as for the network as a whole. The less address reuse appears, the more privacy we gain. Of course this is bit simplified: Privacy on Bitcoin depends on many other things and is the subject of ongoing debate.

Another trend that we can observe is the increase usage of the Lightning network; because Lightning operates outside of the Bitcoin core protocol, Lightning payments do not face the risk of reusing Bitcoin addresses.

Nonetheless, most Bitcoiners would agree that address reuse should be avoided. If you deal with someone who reuses his Bitcoin address, that’s not just bad for them but also for you as your address gets linked to a reused address, with all the privacy risks that entails.

The biggest problem with address reuse in Bitcoin is that major wallets and exchanges have not upgraded to deterministic wallets and users are ignorant about the downsides of address reuse.

[wpcc-iframe loading=”lazy” class=”youtube-player” width=”800″ height=”450″ src=”https://www.youtube.com/embed/4A3urPFkx8g?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent” allowfullscreen=”true” style=”border:0;” sandbox=”allow-scripts allow-same-origin allow-popups allow-presentation”]

To further improve the downward trend and lower address reuse Bitcoiners must continue to push exchanges and wallet developers to follow best practices. But success depends on the individual bitcoin user as well.

Bitcoiners have to learn about address reuse in order to avoid the mistake. Unfortunately, most users only learn about their mistake if they’re made aware of it. Therefore, we need to educate users about the risks and downsides of address reuse and make people aware of the threat that comes with large-scale blockchain surveillance and diminished privacy.

Privacy reuse is a problem Bitcoiners need to solve collectively to improve the privacy for all users.

Coinjoin Versus Lightning For Bitcoin Privacy

[wpcc-iframe class=”wp-embedded-content” sandbox=”allow-scripts” security=”restricted” style=”position: absolute; clip: rect(1px, 1px, 1px, 1px);” title=”“Coinjoin Versus Lightning For Bitcoin Privacy” — Bitcoin News” src=”https://bitcoinnews.com/coinjoin-versus-lightning-for-bitcoin-privacy/embed/#?secret=uSba3Pz3cf%23?secret=zmY0jXMM1p” data-secret=”zmY0jXMM1p” width=”600″ height=”338″ frameborder=”0″ marginwidth=”0″ marginheight=”0″ scrolling=”no”]

Please consider sharing this article if you have a friend who isn’t aware of the risks of address reuse.

administrator

Related Articles