Blockchain analysis platform Arkham has found itself in hot water after it was revealed that the company had leaked its own customers' private information.
The issue stems from Arkham's weblink referral program, where users can invite others onto the platform by sharing their unique referral URL.
While these URLs appear to be a random sequence of characters, they are actually an easily decodable version of the user's email address written in Base64.
This means that anyone who has shared their Arkham link may have unintentionally put their anonymity or, at the very least, their email address at risk.
The revelation was brought to light by m4gicpotato, a privacy advocate and prominent figure within the crypto community.
M4gicpotato, who has been working in the crypto space under various aliases since 2017, took to Twitter to share their findings, which quickly went viral.
"ALL ARKHAM REFERRAL LINKS SHARED ON TWITTER IS DOXXING EVERYONE BECAUSE THE EMAIL IS IN THE REFERRAL URL," they wrote in Monday Twitter thread.
Another Twitter user claimed they had notified Arkham about this issue earlier this year, but the team did not take any measures.
"I dm'd Arkham about this in January 2023, they said they are aware of the problem," user @MatsumotoWins said.
Arkham has yet to release an official statement regarding the incident and how they plan to address the privacy concerns raised by their customers.
The revelation came shortly after Arkham unveiled the Arkham Intel Exchange, which it called the world’s first on-chain “intelligence marketplace.”
The platform is expected to create a new way for people to share and trade blockchain-related intelligence, creating a new market and opportunity for on-chain researchers.
In a recent blog
Read more on cryptonews.com