The Bisq DAO: On the Privacy Cost of Participation
This highlights a privacy problem for users of decentralized exchanges, but it is incremental as it applies existing clustering techniques to a new context.
The paper tackles the privacy risks for participants in the Bisq DAO, a decentralized exchange component, by analyzing data published on the Bitcoin blockchain and Bisq network, revealing that participants' activities like trading and voting can be aggregated and linked to real-world identities.
The Bisq DAO is a core component of Bisq, a decentralized cryptocurrency exchange. The purpose of the Bisq DAO is to decentralize the governance and finance functions of the exchange. However, by interacting with the Bisq DAO, participants necessarily publish data to the Bitcoin blockchain and broadcast additional data to the Bisq peer-to-peer network. We examine the privacy cost to participants in sharing this data. Specifically, we use a novel address clustering heuristic to construct the one-to-many mappings from participants to addresses on the Bitcoin blockchain and augment the address clusters with data stored within the Bisq peer-to-peer network. We show that this technique aggregates activity performed by each participant: trading, voting, transfers, etc. We identify instances where participants are operating under multiple aliases, some of which are real-world names. We identify the dominant transactors and their role in a two-sided market. We conclude with suggestions to better protect the privacy of participants in the future.