Web3 has a metadata problem, and it’s not going away
Opinion by: Casey Ford, PhD, researcher at Nym Technologies
Web3 rolled in on the wave of decentralization. Decentralized applications (DApps) grew by 74% in 2024 and individual wallets by 485%, with total value locked (TVL) in decentralized finance (DeFi) closing at a near-record high of $214 billion. The industry is also, however, heading straight for a state of capture if it does not wake up.
As Elon Musk has teased of placing the US Treasury on blockchain, however poorly thought out, the tides are turning as crypto is deregulated. But when they do, is Web3 ready to “protect [user] data,” as Musk surrogates pledge? If not, we’re all on the brink of a global data security crisis.
The crisis boils down to a vulnerability at the heart of the digital world: the metadata surveillance of all existing networks, even the decentralized ones of Web3. AI technologies are now at the foundation of surveillance systems and serve as accelerants. Anonymity networks offer a way out of this state of capture. But this must begin with metadata protections across the board.
Metadata is the new frontier of surveillance
Metadata is the overlooked raw material of AI surveillance. Compared to payload data, metadata is lightweight and thus easy to process en masse. Here, AI systems excel best. Aggregated metadata can reveal much more than encrypted contents: patterns of behaviors, networks of contacts, personal desires and, ultimately, predictability. And legally, it is unprotected in the way end-to-end (E2E) encrypted communications are now in some regions.
While metadata is a part of all digital assets, the metadata that leaks from E2E encrypted traffic exposes us and what we do: IPs, timing signatures, packet sizes, encryption formats and even wallet specifications. All of this is fully legible to adversaries surveilling a network. Blockchain transactions are no exception.
From piles of digital junk can emerge a goldmine of detailed records of everything we do. Metadata is our digital unconscious, and it is up for grabs for whatever machines can harvest it for profit.
The limits of blockchain
Protecting the metadata of transactions was an afterthought of blockchain technology. Crypto does not offer anonymity despite the reactionary association of the industry with illicit trade. It offers pseudonymity, the ability to hold tokens in a wallet with a chosen name.
Recent: How to tokenize real-world assets on Bitcoin
Harry Halpin and Ania Piotrowska have diagnosed the situation:
“[T]he public nature of Bitcoin’s ledger of transactions […] means anyone can observe the flow of coins. [P]seudonymous addresses do not provide any meaningful level of anonymity, since anyone can harvest the counterparty addresses of any given transaction and reconstruct the chain of transactions.”
As all chain transactions are public, anyone running a full node can have a panoptic view of chain activity. Further, metadata like IP addresses attached to pseudonymous wallets can be used to identify people’s locations and identities if tracking technologies are sophisticated enough.
This is the core problem of metadata surveillance in blockchain economics: Surveillance systems can effectively de-anonymize our financial traffic by any capable party.
Knowledge is also an insecurity
Knowledge is not just power, as the adage goes. It’s also the basis on which we are exploited and disempowered. There are at least three general metadata risks across Web3.
-
Fraud: Financial insecurity and surveillance are intrinsically linked. The most serious hacks, thefts or scams depend on accumulated knowledge about a target: their assets, transaction histories and who they are. DappRadar estimates a $1.3-billion loss due to “hacks and exploits” like phishing attacks in 2024 alone.
-
Leaks: The wallets that permit access to decentralized tokenomics rely on leaky centralized infrastructures. Studies of DApps and wallets have shown the prevalence of IP leaks: “The existing wallet infrastructure is not in favor of users’ privacy. Websites abuse wallets to fingerprint users online, and DApps and wallets leak the user’s wallet address to third parties.” Pseudonymity is pointless if people’s identities and patterns of transactions can be easily revealed through metadata.
-
Chain consensus: Chain consensus is a potential point of attack. One example is a recent initiative by Celestia to add an anonymity layer to obscure the metadata of validators against particular attacks seeking to disrupt chain consensus in Celestia’s Data Availability Sampling (DAS) process.
Securing Web3 through anonymity
As Web3 continues to grow, so does the amount of metadata about people’s activities being offered up to newly empowered surveillance systems.
Beyond VPNs
Virtual private network (VPN) technology is decades old at this point. The lack of advancement is shocking, with most VPNs remaining in the same centralized and proprietary infrastructures. Networks like Tor and Dandelion stepped in as decentralized solutions. Yet they are still vulnerable to surveillance by global adversaries capable of “timing analysis” via the control of entry and exit nodes. Even more advanced tools are needed.
Noise networks
All surveillance looks for patterns in a network full of noise. By further obscuring patterns of communication and de-linking metadata like IPs from metadata generated by traffic, the possible attack vectors can be significantly reduced, and metadata patterns can be scrambled into nonsense.
Anonymizing networks have emerged to anonymize sensitive traffic like communications or crypto transactions via noise: cover traffic, timing obfuscations and data mixing. In the same spirit, other VPNs like Mullvad have introduced programs like DAITA (Defense Against AI-guided Traffic Analysis), which seeks to add “distortion” to its VPN network.
Scrambling the codes
Whether it’s defending people against the assassinations in tomorrow’s drone wars or securing their onchain transactions, new anonymity networks are needed to scramble the codes of what makes all of us targetable: the metadata our online lives leave in their wake.
The state of capture is already here. Machine learning is feeding off our data. Instead of leaving people’s data there unprotected, Web3 and anonymity systems can make sure that what ends up in the teeth of AI is effectively garbage.
Opinion by: Casey Ford, PhD, researcher at Nym Technologies.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
Taiwanese lawmaker Ko Ju-Chun has called on the government to consider adding Bitcoin to its national reserves, suggesting it could serve as a hedge against global economic uncertainty.
Ko, a legislator at-large in Taiwan’s legislative body, the Legislative Yuan, took to X on Friday to report that he had advocated Bitcoin (BTC) investment by the Taiwanese government at the National Conference on May 9.
In his remarks, Ko cited Bitcoin’s potential to become a hedge amid global economic risks and urged Taiwan to recognize the cryptocurrency alongside gold and foreign exchange reserves to boost its financial resilience.
Ko’s announcement came shortly after the legislator held talks with Samson Mow, who advocates for Bitcoin adoption by states like El Salvador at his BTC tech firm Jan3.
Taiwan is an export-oriented economy
Ko highlighted that Taiwan is an export-driven economy that has experienced significant fluctuations in its national currency, the New Taiwan dollar, amid global inflation and intensifying geopolitical risks.
“We currently have a gold reserve of 423 metric tons, and our foreign exchange reserves amount to $577 billion, including investments in US Treasury bonds,” the lawmaker stated.
In a scenario of more intense currency volatility or potential regional conflicts, Taiwan may “very likely be unable to ensure the security and liquidity,” Ko continued, adding that Bitcoin could be a great addition to Taiwan’s reserves for several reasons.
“Bitcoin has been operating for over 15 years. It has a fixed total supply, is decentralized, and is resistant to censorship. Many countries are focusing on its hedging attributes. At the same time, in intense situations, it may not face the risk of embargo,” he said.
Bitcoin is not the only solution
Referring to many global initiatives considering Bitcoin adoption as a reserve asset, Ko stressed that he’s not advocating for Bitcoin as the “only solution” to rising economic challenges.
Instead, the legislator suggested adding a “small proportion of Bitcoin” into the diversified assets as tools for sovereign asset allocation and risk hedging, and backup capacity of Taiwan’s financial system.
Related: Trump tricked into pushing XRP for crypto reserve: Report
He previously suggested that Taiwan could allocate a maximum of 5% of its $50 billion reserve to Bitcoin in an X post on May 6.
“When exchange rate risk and regional uncertainty increase, it is time to introduce new tools to construct a more flexible financial strategy framework,” Ko said, adding:
“As former Dean Chen Chong said, Bitcoin is the gun of the digital era. It may also be the gold of the digital era, the silver of the digital era. Or it could be gunpowder. A wise nation will not let weapons be in others’ hands.”
The news comes as Taiwan is emerging as a crypto-friendly jurisdiction, with the Financial Supervisory Commission pushing institutional trials of crypto custody services in late 2024.
Mainland China continues to maintain its hostile stance on cryptocurrency after imposing a ban on multiple crypto activities, including mining, in 2021.
Magazine: Adam Back says Bitcoin price cycle ’10x bigger’ but will still decisively break above $100K
German law enforcement seized 34 million euros ($38 million) in cryptocurrency from eXch, a cryptocurrency platform allegedly used to launder funds stolen after Bybit’s record-breaking $1.4 billion hack.
The seizure, announced on May 9 by Germany’s Federal Criminal Police Office (BKA) and Frankfurt’s main prosecutor’s office, involved multiple crypto assets, including Bitcoin (BTC), Ether (ETH), Litecoin (LTC) and Dash (DASH). The move marks the third-largest crypto confiscation in the BKA’s history.
The authorities also seized eXch’s German server infrastructure with over eight terabytes of data and shut down the platform, the announcement added.
eXch exchanged crypto without AML
In the statement, the BKA described eXch as a “swapping” service that allowed users to exchange various crypto assets without implementing Anti-Money Laundering (AML) measures.
The platform had operated since 2014 and reportedly facilitated about $1.9 billion in crypto transfers, some of which were believed to be of “criminal origin,” including assets laundered during the Bybit hack.
“Among other things, a portion of the $1.5 billion stolen from the Bybit crypto exchange, which was hacked on Feb. 21, 2025, is said to have been exchanged via eXch,” the authorities wrote.
Multisig, FixedFloat among laundering cases
According to a post by crypto sleuth ZachXBT, eXch was also involved in laundering millions of funds from other crypto thefts and exploits, including Multisig, FixedFloat and the $243 million Genesis creditor theft.
Those were in addition to “countless phishing drainer services over the past few years with refusal to block addresses and freeze orders,” ZachXBT said.
ZachXBT was among the first security analysts to report on eXch’s links to laundering $35 million of crypto assets stolen from Bybit soon after the hack was confirmed.
Related: Hacken CEO sees ‘no shift’ in crypto security as April hacks hit $357M
“Lazarus Group transferred 5K ETH from the Bybit Hack to a new address and began laundering funds via eXch (a centralized mixer) and bridging funds to Bitcoin via Chainflip,” ZachXBT wrote in a Telegram post on Feb. 22.
eXch announced termination of services by May 1
After initially denying involvement in laundering funds from the Bybit hack, eXch eventually announced it would cease operations by May 1 in a Bitcoin Talk post published in mid-April.
“Even though we have been able to operate despite some failed attempts to shut down our infrastructure […], we don’t see any point in operating in a hostile environment where we are the target of SIGINT [Signals Intelligence] simply because some people misinterpret our goals,” it wrote.
Addressing the seizure, senior public prosecutor Benjamin Krause stressed the importance of action against “quick and anonymous opportunities for money laundering for any amount.”
“Crypto swapping is an essential component of the underground economy, used to conceal incriminated funds from illegal activities such as hacking or trading in stolen payment card data, thus making them available to perpetrators,” he said.
Magazine: Finally blast into space with Justin Sun, Vietnam’s new national blockchain: Asia Express
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports1 year agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business3 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway