ConsenSys Wants Your IP Address, Crypto Wallet, Bank Account

ConsenSys has a new privacy policy, which states it collects IP addresses and other sensitive data for all MetaMask users relying on Infura


ConsenSys co-founder Joseph Lubin | Source: Collision.conf/"Collision 2018" (CC license)


ConsenSys, the Ethereum studio behind popular crypto infrastructure such as MetaMask and Infura, is now formally collecting IP and Ethereum wallet addresses of users.

The firm revised its privacy policy on Nov. 23 to notify MetaMask users that it would hoover up the data when using Infura as default Remote Procedure Call (RPC) provider. 

Alongside IP and wallet addresses, ConsenSys says it collects usernames, passwords and gender information, as well as financial data such as asset holdings, bank account numbers and bank routing numbers (MetaMask supports Visa and Mastercard purchases for crypto).

But in cases where a user utilizes their own Ethereum node or a third-party RPC provider, then neither Infura nor MetaMask will collect IP and wallet addresses, ConsenSys said.

Infura is a primary node backbones of the Ethereum ecosystem, allowing Web3 developers to connect their apps to the Ethereum network via APIs and other tools. Its popularity has been a sticking point for decentralization purists for years. 

ConsenSys formally acquired all of the rights to Infura in late 2019. MetaMask is one Web3 app that relies on Infura by default — it’s a self-custody crypto wallet allowing over 21 million monthly active users to interact with decentralized applications (dapps) on the Ethereum blockchain via their web browser. 

ConsenSys’ update follows a similar move by decentralized exchange Uniswap, which recently said it collects some on-chain data to improve user experience.

Still, the decision to overtly declare data collection has attracted the ire of privacy-minded crypto folk, and has many wondering whether Web3 is any different from Web2’s data dragnet.

Privacy advocates suggest minimizing online footprints and massively reducing the amount of sensitive data shared with internet service providers.

ConsenSys’ didn’t initially state why it made the move, but some speculated that regulatory restrictions may be the reason. Infura dropped Tornado Cash as a client in the wake of US sanctions on the crypto mixer back in August.

Daniele Servadei, CEO of merchant tooling startup Sellix, reasoned that Consensys is required to keep the data due to the European Union’s General Data Protection Regulation (GDPR), or it’ll receive a huge fine.

“This news just shows how important it is to have a personal node for the crypto you want to use and why centralized services are bad,” Servadei told Blockworks. ConsenSys didn’t return Blockworks’ request for comment by press time.

ConsenSys later addressed the controversy in a blog post. “The updates to the policy do not result in more intrusive data collection or data processing, and were not made in response to any regulatory changes or inquiries,” the firm said.

IP address and wallet collection is not Infura-specific and consistent with how web architecture works, ConsenSys said, “though we continue to pursue technical solutions to minimize this exposure, including anonymization techniques.”

Decentralized Infura alternatives gain sudden interest

Other industry participants shared concern over whether ConsenSys could responsibly safeguard the data it collects. Rashid Ali, CEO of metaverse firm Exarta, asked: “Looking at the breaches happening every year, is data ever really safe with a centralized organization?” 

With this in mind, there are Infura alternatives which, at this stage, don’t appear to collect sensitive user information.

Decentralized infrastructure provider Ankr saw its token jump as much as 23% after Consensys’ update. Another option is Alchemy, which doesn’t have a token. MetaMask has been expected to release one but hasn’t as yet.

In any case, this isn’t the first time ConsenSys and MetaMask have come under fire for deprioritizing user privacy. 

In March 2019, MetaMask developers drew flak for opting to keep its “privacy mode” turned off by default. When the setting was inactive, MetaMask broadcasted Ethereum wallet addresses to every website users visited alongside all third party trackers. 

Turning it on by default would’ve broken older dapps, MetaMask said at the time. The team made privacy mode standard about five months later.

Updated Nov. 25, 2022 at 3:04 am ET: Included ConsenSys’ blog post addressing the matter.

Don’t miss the next big story – join our free daily newsletter.


Upcoming Events

MON - WED, MARCH 18 - 20, 2024

Digital Asset Summit (DAS) is returning March 2024. What you can expect: And more! Don’t miss out on the opportunity to be in the room when the future of crypto is decided. Join us and help shape the future of our […]

recent research

Research report - cover graphics-2.jpg


Base has doubled-down on its commitment to the Superchain vision, has shown early signs of success with nearly $400M in TVL, and has become home to novel dapps such as which has seen significant traction.


Blockchain is a “natural fit” in games based on open economies and user-generated content, says Wyatt


Their current stance is a half-baked attempt that could stifle innovation and burden an emerging industry


Maker’s DeFi-focused “subDAO” passed a proposal activating a lending market for DAI on the Gnosis Chain


Certain creditors could be repaid sooner, with one hedge fund exec telling Blockworks it expects a payout by the end of the year


Busan is South Korea’s second largest city with a population around 3.4 million


Cyprus granted eToro crypto registration, setting the groundwork for the company to operate crypto services post-MiCa rollout