Account Discovery: Identifying Web3 SNS Accounts at Risk of De-anonymization
Authors: 
Daiki Ito, 
Yuta Takata, Keika Mori, Ryoya Furukawa, Hiroshi Kumagai, Masaki KamizonoAuthors Info & Claims
Daiki Ito, Yuta Takata, Keika Mori, Ryoya Furukawa, Hiroshi Kumagai, Masaki KamizonoAuthors Info & ClaimsPages 259 - 268
Abstract
Web services that use a blockchain and crypto-assets (Web3 services) improve user privacy by anonymous logins using wallet addresses. However, since many users list their account identities (IDs) on social networking service (SNS) profile pages and reuse their account IDs for self-branding and curation purposes, which increases the risk of de-anonymization on Web3 services by linking these accounts. If such high-risk SNS accounts hold large amounts of crypto-assets, they are subject to account hijacking and spoofing attacks for financial gain. In this study, we proposed a method to discover highly relevant SNS accounts from a seed account on Web2 and Web3 SNSs and estimate their account ownership. We applied our method to 480 seed accounts of 9 different SNSs and discovered 1,233 new accounts. We found that SNSs with multiple URL input forms on their profile setting pages linked more accounts and revealed that 207 out of 253 (81.8%) users reused their IDs across different SNSs. We identified 26 accounts linked to personal and crypto-asset information that are at risk of de-anonymization. Our user study using crowdsourcing services showed that as many as 232 (40.8%) out of 568 respondents do not understand the traceability of blockchain transaction histories. We examined the security and privacy risks caused by account listing and ID reuse, and made recommendations for service providers and users based on our findings.
References
[1]
Amazon. 2023. Amazon Mechanical Turk. https://www.mturk.com/.
[2]
Marco Balduzzi, Christian Platzer, Thorsten Holz, Engin Kirda, Davide Balzarotti, and Christopher Kruegel. 2010. Abusing Social Networks for Automated User Profiling. In Recent Advances in Intrusion Detection (RAID). 422--441.
[3]
Vincent D. Blondel, Jean-Loup Guillaume, Renaud Lambiotte, and Etienne Lefebvre. 2008. Fast unfolding of communities in large networks. Journal of Statistical Mechanics: Theory and Experiment (2008), 555--580.
[4]
DappRadar. 2023. NFT (Non-Fungible Tokens) Marketplaces. https://dappradar.com/nft/marketplaces.
[5]
DeBank. 2023. DeBank. https://debank.com/.
[6]
Eli Tan and Coindesk. 2022. Bored Ape Yacht Club's Discord server was hacked, with $360,000 in NFTs stolen. Who's to blame is debated. https://fortune.com/2022/06/04/bored-ape-yacht-clubs-discord-server-was-hacked-with-360000-in-nfts-stolen-blame-debated/.
[7]
Ethereum Name Service. 2023. Ethereum Name Service. https://ens.domains/.
[8]
ethereum.org. 2023. Introduction to Web3: Identity. https://ethereum.org/en/web3/#identity.
[9]
Facebook. 2023. Create a username for your Facebook Page. https://www.facebook.com/help/121237621291199.
[10]
Facebook. 2023. Terms of Service. https://www.facebook.com/legal/terms.
[11]
Foundation. 2023. Foundation.app. https://foundation.app/.
[12]
Ayako A. Hasegawa, Takuya Watanabe, Eitaro Shioji, and Mitsuaki Akiyama. 2019. I Know What You Did Last Login: Inconsistent Messages Tell Existence of a Target's Account to Insiders. In Annual Computer Security Applications Conference (ACSAC). 732--746.
[13]
Instant Username Search. 2023. Instant Username Search. https://instantusername.com/.
[14]
K. Notopoulos. 2022. We Found The Real Names Of Bored Ape Yacht Club's Pseudonymous Founders. https://www.buzzfeednews.com/article/katienotopoulos/bored-ape-nft-founder-identity.
[15]
Thomas N. Kipf and Max Welling. 2017. Semi-Supervised Classification with Graph Convolutional Networks. In International Conference on Learning Representations.
[16]
Lancers. 2023. Lancers. https://www.lancers.jp/.
[17]
LinkedIn. 2023. User Agreement. https://www.linkedin.com/legal/user-agreement.
[18]
Alexandra Mai, Katharina Pfeffer, Matthias Gusenbauer, Edgar Weippl, and Katharina Krombholz. 2020. User mental models of cryptocurrency systems - A grounded theory approach. In Symposium On Usable Privacy and Security (SOUPS). 341--358.
[19]
Monika Ghosh. 2022. Beeple's Twitter account latest victim to phishing scam hacks. https://forkast.news/headlines/beeple-twitter-account-phishing-scam-hack/.
[20]
namecheck.com. 2023. namecheck.com. https://www.namecheck.com/.
[21]
OpenSea. 2023. How can I connect my Twitter account to my profile? https://support.opensea.io/hc/en-us/articles/4991160049171-How-can-I-connect-my-Twitter-account-to-my-profile-.
[22]
OpenSea. 2023. OpenSea, the largest NFT marketplace. https://opensea.io/.
[23]
R. Ginsburg. 2022. The Problem with Anonymity in Web3 and NFTs. https://nftnow.com/features/the-problem-with-anonymity-in-web3-and-nfts/.
[24]
Rarible. 2023. Community-centric NFT marketplace. https://rarible.com/.
[25]
sherlock-project. 2023. sherlock. https://github.com/sherlock-project/sherlock.
[26]
soxoj. 2023. Maigret. https://github.com/soxoj/maigret.
[27]
statista. 2023. Most popular social networks worldwide as of January 2023. https://www.statista.com/statistics/272014/global-social-networks-ranked-by-number-of-users/.
[28]
TikTok. 2023. TikTok Business Account Features. https://ads.tiktok.com/help/article/tiktok-business-account-features.
[29]
Twitter. 2023. About Twitter Blue: Features. https://help.twitter.com/en/using-twitter/twitter-blue.
[30]
Takuya Watanabe, Eitaro Shioji, Mitsuaki Akiyama, Keito Sasaoka, Takeshi Yagi, and Tatsuya Mori. 2018. User Blocking Considered Harmful? An Attacker-Controllable Side Channel to Identify Social Accounts. In IEEE European Symposium on Security and Privacy (Euro SP). 323--337.
[31]
Philipp Winter, Anna Harbluk Lorimer, Peter Snyder, and Benjamin Livshits. 2023. Security, Privacy, and Decentralization in Web3. (2023). arXiv:arXiv:2109.06836v2
Index Terms
- Account Discovery: Identifying Web3 SNS Accounts at Risk of De-anonymization
Recommendations
Account Reachability: A Measure of Privacy Risk for Exposure of a User's Multiple SNS Accounts
IIWAS '13: Proceedings of International Conference on Information Integration and Web-based Applications & ServicesWith the increased worldwide popularity of social networking services (SNSs), the leakage of a user's private information is becoming a serious problem. An increased number of users now have multiple accounts on various social networks and they tend to ...
Automatic Anonymization of Natural Languages Texts Posted on Social Networking Services and Automatic Detection of Disclosure
ARES '12: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and SecurityOne approach to overcoming the problem of too much information about a user being disclosed on social networking services (by the user or by the user's friends) through natural language texts (blogs, comments, status updates, etc.) is to anonymize the ...
Building relationships within corporate SNS accounts through social presence formation
We provide a deeper understanding of how corporate SNS accounts can effectively engage SNS users by focusing on social presence.Through an experiment with 809 Twitter users, we find the antecedents of social presence formation in the form and content ...
Comments
Information & Contributors
Information
Published In
April 2024
1898 pages
Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 21 May 2024
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
SAC '24
Sponsor:
Acceptance Rates
Overall Acceptance Rate 1,650 of 6,669 submissions, 25%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 28Total Downloads
- Downloads (Last 12 months)28
- Downloads (Last 6 weeks)11
Reflects downloads up to 14 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in