Wallet Address Privacy
Understanding why wallet addresses need special privacy protection and how Zipwire handles them differently for login vs attestations
Your blockchain wallet address is more than just a way to receive cryptocurrency—it's a unique identifier that can reveal your real identity if it gets linked to your personal information. This page explains why Zipwire treats wallet addresses with special care and why you might need to connect your wallet again even if you've used it before.
Why Wallet Addresses Are Sensitive
The Doxing Risk
Your wallet address is like a digital fingerprint. If someone can link your wallet address to your real identity, they can:
Track your financial activity - See all your transactions, token holdings, and DeFi interactions
Monitor your behavior - Understand your spending patterns, investment choices, and online activities
Build a profile - Combine blockchain data with other information to create a comprehensive picture of who you are
Target you - Use this information for phishing, social engineering, or other malicious purposes
Real Example: If your wallet address gets linked to your social media accounts, someone could trace your entire financial history and use it to impersonate you or target you with scams.
The Privacy Paradox
While blockchain transactions are public by design, your wallet address doesn't have to be linked to your real identity. The privacy comes from keeping this link secret. Once that link is broken, your financial privacy is compromised.
How Zipwire Protects Your Wallet Address
For Login: Address Hashing
When you use "Sign in with Blockchain" to log into Zipwire, we treat your wallet address like a password:
Hashed storage: Your wallet address is hashed (converted to a secure, unreadable format) before being stored
Login verification: We can verify you own the address without storing the actual address
Privacy preserved: Even if our database was compromised, your wallet address would remain protected
For Attestations: Secure Storage Required
However, for attestations, we need to know your actual wallet address because:
Blockchain recording: Attestations must be recorded on the blockchain under your specific wallet address
Verification: Others need to be able to verify that the attestation belongs to your wallet
Portability: You need to be able to use your attestations across different platforms
This creates a security challenge: we need to store your actual wallet address securely.
The Solution: User-Controlled Encrypted Storage
Your Data, Your Choice
For attestations, Zipwire uses a different approach:
Encrypted storage: Your wallet address is stored in encrypted form
User-controlled location: You choose where in the world this encrypted data is stored
Application access: Our application code can decrypt the address when needed to create attestations
Storage protection: Even if our engineers or hackers gain access to the underlying storage system, they cannot read your wallet address
Data deletion flexibility: You can delete source data while keeping attestation eligibility
Compliance: This approach meets data protection regulations while enabling attestations
How the Encryption Works
The encryption system is designed with multiple layers of protection:
Application-level encryption: Your wallet address is encrypted using strong cryptographic methods
Storage isolation: The encrypted data is stored separately from the encryption keys
Runtime decryption: Only the running application can decrypt the data when needed for attestations
Storage access protection: Direct access to the storage system (by engineers or hackers) only reveals encrypted data that cannot be decrypted without the application's encryption keys
Why You Need to Connect Again
Even if you've previously connected your wallet for login, you'll need to connect it again for attestations because:
Different security models: Login uses hashing, attestations use encrypted storage
Separate permissions: Each connection serves a different purpose
User consent: You explicitly choose to share your wallet address for attestations
Data location choice: You decide where your encrypted data is stored
Understanding the Two Connection Types
Login Connection (Sign in with Blockchain)
Purpose: Authenticate you to access Zipwire services What happens: Your wallet address is hashed and stored securely Privacy level: Maximum - we can't see your actual address Use case: Accessing your account, managing settings, etc.
Attestation Connection
Purpose: Enable blockchain attestations to your wallet What happens: Your wallet address is encrypted and stored in your chosen location Privacy level: High - encrypted but our application can decrypt it when needed for attestations Use case: Receiving IsAHuman and Private Data attestations
Best Practices for Wallet Privacy
General Privacy Tips
Use separate wallets: Consider using different wallets for different purposes
Avoid linking: Don't publicly link your wallet address to your real identity
Regular rotation: Consider creating new wallets periodically for sensitive activities
Be cautious: Think twice before sharing your wallet address publicly
With Zipwire
Understand the difference: Know when you're connecting for login vs attestations
Choose storage location: Select a data storage location that meets your privacy requirements
Review permissions: Always check what you're authorizing when connecting your wallet
Contact support: If you have privacy concerns, reach out to our team
Frequently Asked Questions
Why can't you just use the same connection for both?
The different security requirements make this impossible. Login needs to verify ownership without storing the address, while attestations need to store the actual address securely.
Is my wallet address safe with Zipwire?
Yes. For login, it's hashed and unreadable. For attestations, it's encrypted and stored in your chosen location. While our application code can decrypt it when needed to create attestations, even our engineers or hackers with access to the underlying storage system cannot read your wallet address.
Can I revoke access later?
Yes. You can disconnect your wallet at any time. However, the encrypted wallet address data remains stored until you delete your account. This enables an important privacy feature: you can delete your source data (like passport information) while still being able to claim attestations later.
What happens when I delete my source data?
When you delete your source data (like passport or ID documents), the encrypted wallet address remains. This means:
Attestations still claimable: You can still claim attestations that don't depend on the source data
Cryptographic proofs: Attestations use Merkle tree proofs, not the original documents
Privacy enhanced: You can remove sensitive documents while keeping your attestation eligibility
What if I don't want to share my wallet address for attestations?
That's completely fine! You can use Zipwire for login and other services without ever connecting your wallet for attestations. Attestations are optional.
How do I know where my data is stored?
When you connect your wallet for attestations, you'll be prompted to choose a data storage location. This choice is clearly presented and you can change it later.
Does this work with all blockchains?
Currently, Zipwire supports Ethereum and related networks. We're working on expanding support to other blockchains like Solana in the future.
Getting Help
If you have questions about wallet privacy or need help understanding how Zipwire protects your data, please contact our support team. We're committed to transparency about our privacy practices and are here to help you make informed decisions about your digital identity.
Wallet ConnectionsSign-in with EthereumAttestationsLast updated