Users who shared links to a waitlist for the Arkham service had their email addresses exposed on Twitter due to how the references were encoded.
Arkham, a “blockchain intelligence company,” announced what it’s calling the “world’s first on-chain intelligence exchange” on July 10 alongside the launch of a new coin, ARKM, through Binance’s Launchpad service.
Crypto Twitter has had a predictably split response to the announcement, with negative sentiment surrounding Arkham’s purported mission to “deanonymize the blockchain” causing some ire. Chief among the complaints, many of which describe the company’s Intel Exchange as a “snitch-to-earn” or “snitching-as-a-service” program, involves Arkham's perceived role as a centralized intelligence agency.
Fuck this.
— Hudson Jameson (@hudsonjameson) July 10, 2023
It's not even the snitch-to-earn component that I'm entirely against (it is useful as a decentralized whistleblowing dapp for public good).
The submissions end up on Arkham + Arkham Fnd is the central arbiter.
Someone should fork the contracts and decentralize this. https://t.co/hnfehiukd9
As Arkham stated in its announcement thread, there are numerous positive use cases for the utilization of blockchain sleuths as information brokers. However, some experts are concerned about the potential for misuse that the exchange’s proposed business model appears to follow.
According to Arkham, users will be able to anonymously post and accept bounties for information concerning transactions on the blockchain. Once a bounty is completed, whatever entity paid out the bounty will have exclusive access to the data for a period of 90 days. Once the initial exclusivity period ends, Arkham says it will release the data to the public.
hey isn't the most profitable use of this just to put a bounty on whale wallets and then kidnap people?
— farp (@farp_farp) July 10, 2023
like
did that come up in any meetings?
Other commenters wondered what considerations Arkham had given to the notion that a bounty marketplace could put a target on the backs of whales.
Alongside the announcements, Arkham’s been accused of leaking the email addresses of users who signed up for the company’s waitlist and then shared the link on social media.
ABSOLUTE LMAO. ALL #ARKHAM REFERRAL LINKS SHARED ON TWITTER IS DOXXING EVERYONE BECAUSE THE EMAIL IS IN THE REFERRAL URL. @inversebrahhttps://t.co/HM6veJOmNp -> bkatmis012@gmail.com https://t.co/1INvtXLEva pic.twitter.com/m38VnNMS8k
— m4gicpotato ⟁ (@m4gicpotato) July 10, 2023
Evidently, the web form encodes the user’s email address in simple BASE64. This makes it a trivial matter for someone to associate an email address with the Twitter account sharing the link, prompting at least some speculation that the encoding wasn’t an oversight.
One Twitter user declared that the supposed "doxing” was intentional, adding that Arkham’s “whole goal is to dox (assuming the big players), and what easier way [than] making it easy to decode via ref link."
Definitely. I’m just saying it has to be intentional. Their whole goal is to dox (assuming the big players), and what easier way then making it easy to decode via ref link. It just wasn’t supposed to be exposed this early though. I might just be giving them too much credit tho
— slizzle (@zlizzle) July 10, 2023