Airdrops and Privacy: A Case Study in Cross-Blockchain Analysis

TL;DR

This paper investigates how the Clam airdrop impacted privacy across Bitcoin, Litecoin, and Dogecoin blockchains by using address clustering to reveal cross-chain entity linkages and privacy risks.

Contribution

It demonstrates that airdrops can inadvertently expose address ownership across multiple blockchains through clustering analysis, highlighting privacy vulnerabilities.

Findings

Address sharing between blockchains poses privacy risks.

Entities disclosed address ownership across multiple chains via airdrop activity.

Clustering reveals cross-chain linkages that compromise user privacy.

Abstract

Airdrops are a popular method of distributing cryptocurrencies and tokens. While often considered risk-free from the point of view of recipients, their impact on privacy is easily overlooked. We examine the Clam airdrop of 2014, a forerunner to many of today's airdrops, that distributed a new cryptocurrency to every address with a non-dust balance on the Bitcoin, Litecoin and Dogecoin blockchains. Specifically, we use address clustering to try to construct the one-to-many mappings from entities to addresses on the blockchains, individually and in combination. We show that the sharing of addresses between the blockchains is a privacy risk. We identify instances where an entity has disclosed information about their address ownership on the Bitcoin, Litecoin and Dogecoin blockchains, exclusively via their activity on the Clam blockchain.