Verifying Attested Wallets
Overview
Verifying the trustworthiness of an attested Ethereum wallet, such as a sleeper wallet or blockchain legend, is critical to avoid scams, compromised accounts, or fraudulent identities. This page outlines key checks to evaluate an attested wallet's legitimacy, focusing on attestation details, transaction history, and verification tools.
Note: This page covers high-level wallet verification for general users. For technical verification of ProofPack data structures and blockchain attestations, see Proof Verification.
Understanding Wallet vs. Proof Verification
There are two levels of verification when dealing with attested wallets:
Wallet Verification (This Page)
Purpose: Determine if a wallet owner is trustworthy
Focus: Who owns the wallet, when it was attested, transaction patterns
Audience: General users, compliance officers, risk assessors
Tools: EAS Scan, block explorers, transaction history
Proof Verification (Technical)
Purpose: Verify the authenticity and integrity of shared data
Focus: Cryptographic verification of ProofPack structures and attestations
Audience: Developers, technical users, automated systems
Tools: Code libraries, cryptographic verification, blockchain APIs
Relationship: Wallet verification helps you trust the wallet owner, while proof verification helps you trust the specific data they share.
Key Verification Checks
To assess a wallet's trustworthiness, perform the following checks:
1. Who Made the Attestation?
Ensure the attestation comes from a trusted source, such as Zipwire's Master Production Attestation Key. For the official wallet address and public key, see Zipwire's Master Attester Wallet Address and Public Key.
Verification: Confirm these details on Zipwire's GitHub: https://github.com/zipwireapp/zipwireapp/blob/master/PUBLICKEYS.md.
Security Note: Cross-check the attester's address on EAS Scan for the Base blockchain https://base.easscan.org/ to review its attestation history and ensure it hasn't been compromised.
A trusted attester's wallet should have a consistent history and no signs of unauthorized access.
2. When Was the Attestation Made?
The freshness of an attestation matters. A recent attestation (e.g., within days or weeks) reduces the likelihood that the wallet was stolen or sold after verification. Check the attestation's timestamp on EAS Scan to confirm its recency.
3. What Other Attestations Are Present?
Look for additional attestations to build confidence. For example:
An attestation containing a Merkle root hash of an identity document (issued by a trusted attester like Zipwire) is a strong indicator of human verification.
Request the wallet holder to provide a Merkle proof revealing specific identity data (e.g., name or document number) to verify the attestation's authenticity.
Multiple attestations from reputable sources enhance credibility.
Use EAS Scan to view all attestations linked to the wallet address and their respective attesters.
4. What Transactions Has the Wallet Made?
Analyze the wallet's blockchain activity for signs of legitimate use:
Consistent Activity: Real users typically have a history of sending/receiving tokens, interacting with dApps, or other transactions.
Red Flags: Sudden bursts of activity after long inactivity or no transactions beyond attestations may indicate a sleeper wallet or synthetic identity.
Use block explorers like Etherscan or BaseScan to review the wallet's transaction history.
Verification Tools
EAS Scan (Base Blockchain): Search for the wallet address or Zipwire's master attester address (see Zipwire's Master Attester Wallet Address and Public Key) to view attestation details: https://base.easscan.org/.
Zipwire's GitHub: Verify attester details to guard against hacked documentation: https://github.com/zipwireapp/zipwireapp/blob/master/PUBLICKEYS.md.
Merkle Proof Requests: Ask the wallet holder for proofs to validate identity-based attestations.
Why It Matters
Thorough verification ensures that an attested wallet is legitimate and not a compromised or fabricated identity. By checking the attester, attestation freshness, additional attestations, and transaction history, you can make informed decisions about trusting a wallet for dApp access, trading, or other interactions.
When to Use Technical Proof Verification
After establishing that a wallet is trustworthy through the checks above, you may need to verify specific data shared by the wallet owner:
Scenarios Requiring Technical Verification:
Age-restricted services - Verifying a user's age from a ProofPack
Compliance requirements - Validating identity documents for KYC/KYB
Access control - Checking nationality or residency requirements
Data integrity - Ensuring shared information hasn't been tampered with
Next Steps:
If you need to verify specific data shared by a wallet owner, see Proof Verification for technical implementation details, including:
Cryptographic verification of ProofPack structures
Blockchain attestation validation
Developer integration examples
Automated verification workflows
Related Resources
Proof Verification - Technical verification of ProofPack data structures
Last updated