ConsenSys Wants Your IP Address, Crypto Wallet, Bank Account

ConsenSys has a new privacy policy, which states it collects IP addresses and other sensitive data for all MetaMask users relying on Infura

by Shalini Nagarajan /
article-image

ConsenSys co-founder Joseph Lubin | Source: Collision.conf/"Collision 2018" (CC license)

share

ConsenSys, the Ethereum studio behind popular crypto infrastructure such as MetaMask and Infura, is now formally collecting IP and Ethereum wallet addresses of users.

The firm revised its privacy policy on Nov. 23 to notify MetaMask users that it would hoover up the data when using Infura as default Remote Procedure Call (RPC) provider. 

Alongside IP and wallet addresses, ConsenSys says it collects usernames, passwords and gender information, as well as financial data such as asset holdings, bank account numbers and bank routing numbers (MetaMask supports Visa and Mastercard purchases for crypto).

But in cases where a user utilizes their own Ethereum node or a third-party RPC provider, then neither Infura nor MetaMask will collect IP and wallet addresses, ConsenSys said.

Infura is a primary node backbones of the Ethereum ecosystem, allowing Web3 developers to connect their apps to the Ethereum network via APIs and other tools. Its popularity has been a sticking point for decentralization purists for years. 

ConsenSys formally acquired all of the rights to Infura in late 2019. MetaMask is one Web3 app that relies on Infura by default — it’s a self-custody crypto wallet allowing over 21 million monthly active users to interact with decentralized applications (dapps) on the Ethereum blockchain via their web browser. 

Newsletter

Subscribe to Blockworks Daily

ConsenSys’ update follows a similar move by decentralized exchange Uniswap, which recently said it collects some on-chain data to improve user experience.

Still, the decision to overtly declare data collection has attracted the ire of privacy-minded crypto folk, and has many wondering whether Web3 is any different from Web2’s data dragnet.

Privacy advocates suggest minimizing online footprints and massively reducing the amount of sensitive data shared with internet service providers.

ConsenSys’ didn’t initially state why it made the move, but some speculated that regulatory restrictions may be the reason. Infura dropped Tornado Cash as a client in the wake of US sanctions on the crypto mixer back in August.

Daniele Servadei, CEO of merchant tooling startup Sellix, reasoned that Consensys is required to keep the data due to the European Union’s General Data Protection Regulation (GDPR), or it’ll receive a huge fine.

“This news just shows how important it is to have a personal node for the crypto you want to use and why centralized services are bad,” Servadei told Blockworks. ConsenSys didn’t return Blockworks’ request for comment by press time.

ConsenSys later addressed the controversy in a blog post. “The updates to the policy do not result in more intrusive data collection or data processing, and were not made in response to any regulatory changes or inquiries,” the firm said.

IP address and wallet collection is not Infura-specific and consistent with how web architecture works, ConsenSys said, “though we continue to pursue technical solutions to minimize this exposure, including anonymization techniques.”

Decentralized Infura alternatives gain sudden interest

Other industry participants shared concern over whether ConsenSys could responsibly safeguard the data it collects. Rashid Ali, CEO of metaverse firm Exarta, asked: “Looking at the breaches happening every year, is data ever really safe with a centralized organization?” 

With this in mind, there are Infura alternatives which, at this stage, don’t appear to collect sensitive user information.

Decentralized infrastructure provider Ankr saw its token jump as much as 23% after Consensys’ update. Another option is Alchemy, which doesn’t have a token. MetaMask has been expected to release one but hasn’t as yet.

In any case, this isn’t the first time ConsenSys and MetaMask have come under fire for deprioritizing user privacy. 

In March 2019, MetaMask developers drew flak for opting to keep its “privacy mode” turned off by default. When the setting was inactive, MetaMask broadcasted Ethereum wallet addresses to every website users visited alongside all third party trackers. 

Turning it on by default would’ve broken older dapps, MetaMask said at the time. The team made privacy mode standard about five months later.

Updated Nov. 25, 2022 at 3:04 am ET: Included ConsenSys’ blog post addressing the matter.

Get the news in your inbox. Explore Blockworks newsletters:

  • Blockworks Daily: The newsletter that helps thousands of investors understand crypto and the markets, by Byron Gilliam.
  • Empire: Start your morning with the top news and analysis to inform your day in crypto.
  • Forward Guidance: Reporting and analysis on the growing intersection of crypto and macroeconomics, policy and finance.
  • 0xResearch: Alpha directly in your inbox. Market highlights, data, degen trade ideas, governance updates, token performance and more.
  • Lightspeed: Built for Solana investors, developers and community members. The latest from one of crypto’s hottest networks.
  • The Drop: For crypto collectors and traders, covering apps, games, memes and more.
Tags

Upcoming Events

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates (5).png

Research

Tokenization Today

Outside of stablecoins, the value of tokenized assets sits below $20B, dominated by the following asset classes: private credit, US Treasuries, commodities, institutional alternative funds, stocks, non-US government debt, and corporate bonds. In the coming months, we see the greatest opportunities in the tokenization of illiquid markets, particularly private equity. However, the successful integration of offchain assets into blockchain ecosystems relies heavily on clear and consistent regulatory frameworks, with purpose-built infrastructure to support it.

by Carlos Gonzalez Campo

/

news

article-image

AnalysisSupply Shock

Deep dive: How Michael Saylor came back from losing $6B in 1 day

The MicroStrategy founder understood digital scarcity long before Bitcoin, and it’s a story of bubbles, brokers and a “monster bull run.”

by David Canellis /
article-image

BusinessEmpire Newsletter

Mega VC raises aren’t ‘good for the decentralized efforts’ of crypto

DAS panelists shared strong venture capital takeaways, from how big a raise should be to the role VCs play in the industry

by Katherine Ross /
article-image

DeFiLightspeed Newsletter

Jupiter competitor Titan moves to private mainnet

Titan Exchange CEO Chris Chung says Titan bests Solana’s incumbent DEX aggregator Jupiter on price 80% of the time

by Jack Kubinec /
article-image

Empire NewsletterPolicy

The SEC is ‘paving the way for growth’ in crypto

The SEC’s newest statement on PoW mining adds further clarity, though a commissioner points out its limits

by Katherine Ross /
article-image

Forward Guidance NewsletterMarkets

Powell describes ‘tariff inflation’ as potentially ‘transitory’

Markets react to Fed Chair Jerome Powell’s comments at yesterday’s FOMC meeting

by Casey Wagner /
article-image

Forward Guidance NewsletterPolicy

Trump praises crypto ‘pioneers’, reaffirms need for supportive laws

At DAS, the US president noted he’s called upon Congress to enact “simple, common-sense rules” for stablecoins and market structure

by Ben Strack /