EIP7503: Travel Advisory For Crypto Whales

Reading time: 7m 2s

Folks, at this point, we have seen enough to know that a travel advisory is needed if you hold any significant amount of crypto. 

Simply because the only thing worse than ZachXBT sleuthing on you is for the organized crime syndicates - the ones with guns, duct tape, and no iota of compassion - to track your onchain and in-real-life movements to execute a “wrench attack.”  

A wrench attack is exactly what it sounds like - someone hits you with a $5 wrench (or worse) until you hand over your private keys. It’s the oldest form of theft applied to the newest form of money, and in the last few years, it has gone from a fringe concern to an epidemic.

Don’t just take it from us. Check out this CertiK report that verified 72 wrench attacks globally in 2025, a 75% jump from the year prior. 

Losses exceeded $40 million, and that figure is almost certainly a fraction of the real number, because most victims never report what happened. 

One of the most high-profile and ironic cases was in January 2025, when Ledger co-founder David Balland and his wife were kidnapped and held for 24 hours in France. 

This points to a grim reality, one that has us accepting that crypto crime has moved offline, and the most advanced encryption on earth means nothing when someone is pointing a gun at you or your family. 

How they find you

The big question and the one that should make your stomach turn, is how do they find you? 

We believe that these syndicates are not just guessing; they are, in fact, professionals in open-source intelligence (OSINT) operations. 

They combine the transparency of these public ledger networks with social media footprints, leaked databases, and event attendance lists to build target dossiers. 

The attack chain looks something like this:

Wallet identification  

First and foremost, every transaction you’ve ever made on Ethereum is public. Next, advanced tools let anyone trace wallet flows with surgical precision. 

If your wallet has ever touched an ENS name, a social profile, a dApp login, or an exchange with KYC, the game is already over. Your 0x address is attached to a name.

Real-world identification  

Next, they need your face and your address. Getting that is easy - crypto event attendance lists, conference badges, panel recordings on YouTube, Instagram geotags, X,  real-time selfie posts, LinkedIn profiles, all of these are easy gateways. 

Leaked data finishes the job  

This is where it gets really ugly. In 2025, Coinbase disclosed a massive data breach after rogue overseas support agents were bribed into leaking customer data. 

Nearly 70,000 users had their names, phone numbers, home addresses, government IDs, and account balance snapshots exposed. 

Oddly, individuals also contribute to the target behind their backs. Things like flexing gains on Telegram groups and whatnot aren’t exactly the type of actions that won’t attract the attention of crime. 

Organized crime groups then outsource the physical violence to local gangs, reducing their own exposure while enabling a wider pool of attackers. 

When a criminal has taken complete physical possession of you or your family, every technical defence fails. The only true countermeasure is to ensure they never know you have the money in the first place.

Enter Worm as the Cloak of Clagiostro 

If a public ledger is what makes you a target, the logical response is to remove yourself from the public ledger entirely. 

This is where existing privacy tools fall short and where WORM steps in with a fundamentally different proposition.

We covered the limitations of Tornado Cash and Railgun in our first article, but they bear repeating in this context. 

Tornado Cash is essentially a balaclava, you’re hidden inside, but every surveillance camera in the building just flagged you the second you interacted with the contract. 

Worse, it’s been sanctioned, which means using it paints an even bigger target on your back than doing nothing at all.

Railgun is more sophisticated. The zk-SNARK shielded pool is genuinely impressive, and the Proof-of-Innocence mechanism is a clever approach to regulatory compliance. 

But the core problem is that your wallet interacts with Railgun’s smart contract, and that interaction is visible onchain. 

You’re shielded inside the pool, sure, but the entrance and exit points are exposed.

WORM, on the other hand, doesn’t hide what you did. It makes it impossible to prove you did anything at all.

Quick recap for those who didn’t catch the first article. 

WORM is built on EIP-7503, which introduces Private Proof-of-Burn (PPoB) to Ethereum. 

You generate a cryptographic burn key, derive a stealth burn address from it, and send your ETH there. 

That address is mathematically proven to be unspendable; no private key exists that can sign transactions from it. 

On Etherscan, the transaction looks indistinguishable from any regular EOA-to-EOA transfer. Maybe you sent money to a friend. Maybe you made a mistake. 

There’s no way to tell, because unspendable addresses are mathematically indistinguishable from regular ones on the Secp256k1 curve.

Then you generate a zk-SNARK proof offchain, submit it to the WORM contract from a completely different address, and mint fresh tokens. 

The WORM process eliminates deposit contracts, pools, and smart contract interactions on the burn side. 

What it is, is a plain Ethereum transfer to a standard-looking address, followed by a proof-verified mint on a clean wallet.

The anonymity set isn’t a mixer pool of a thousand participants. Rather, it is every Ethereum address that has ever received ETH but never sent a transaction.

That’s millions of addresses, meaning that you are not just hiding in a crowd, but hiding in the entire history of Ethereum. 

The cool thing about WORM is what’s coming. An even simpler way to go private, through a one-click process. 

WORM enables privacy in one click 

Worm simplifies the process of going private to one click. Rather than executing the entire steps yourself: 

You paste your receiver address (preferably, a fresh wallet with zero history). 

You input the amount of ETH you’d like to receive on the other side. 

The frontend then handles everything. It burns your public ETH, generates the proof, mints BETH, redeems it for WORM, and swaps it to clean ETH via a standard DEX swap. 

From going private to staying private

WORM gives you the tool. But a tool is only as good as the operational discipline behind it. 

If you’re using WORM, here are some practical rules to enable you not to leave a trail:

Use WORM for execution 

Use the one-click frontend to destroy your public ETH, receive clean ETH in a fresh wallet via a standard DEX swap, and never look back. 

Use round numbers  

Burning exactly 177.238 ETH is a fingerprint. Burning 100 ETH or 150 ETH is noise. 

Unique, highly specific amounts are the digital equivalent of wearing a name tag at a masquerade ball. 

Round numbers blend into the millions of round-number transactions that happen on Ethereum every day. 

If your holdings don’t divide neatly into round numbers, break them up across multiple burns at different times.

Use a completely new receiver address  

This should go without saying, but we’ll say it anyway: the receiver address must be brand new. 

Never used for anything, ever. Not linked to an ENS name, not connected to a dApp, not associated with any exchange. 

Generate it fresh for use, and treat your old wallet as permanently compromised from a privacy standpoint.

Time-stagger your burns 

Don’t burn your entire stack in a single transaction. Space your burns out over days or weeks. 

Different amounts, different times, different receiver addresses. Pattern recognition is how analysts work. You can break the pattern if you time-stagger your burns. 

General travel advisory  

We believe that going dark onchain using tools like WORM is step one. Step two is staying dark. 

What we recommend is simple. Scrub your social media of anything that signals wealth. Stop posting conference selfies in real-time. 

Also, flexing portfolio screenshots in group chats is idk maybe a bad idea, would advise that you don’t. 

Lastly, if you’ve been to crypto events, assume your face is in someone’s database and act accordingly. Your onchain privacy is only as strong as your offchain operational security.

The road ahead for BETH-enabled privacy 

Just before we wrap this up, it is important to state that WORM’s architecture functions because of BETH, the minted proof that you burned your ETH.

In a scenario where there is a pool for BETH and ETH, users can get back ETH, completing the life cycle of the EIP-7503 privacy flow. 

However, this pool can only exist if there is demand for BETH. To ensure this, the WORM team introduced the $WORM tokenomics which we introduced in the previous article. 

However, to ensure that BETH gets more usage across ecosystems and more demand, the team will be exploring additional and progressive utility for BETH in the future, such as using BETH as proof-of-burn mining fuel. 

The idea is that devs can take advantage of this to build WORM-like crypto assets with different emission algorithms and distribution ideas. 

Closing thoughts

As long as your net worth is broadcasted on a public ledger, your physical safety is compromised. Full stop. 

Once a criminal can link your face to your wallet, you are a target.

WORM creates plausible deniability. It permanently severs the link between your identity and your wealth. For the user, this means that the target on your back ceases to exist.

The timing for such a tech matters. The surveillance apparatus is only getting tighter. KYC databases are proliferating, and governments in Europe are pushing DAC-8 proposals that would require reporting of idle crypto holdings. 

WORM is to be considered in this light as a legible hedge against a surveillance-heavy future because it shields your financial interests in a way that completely delineates any trace to you, especially if you’ve been reckless or indifferent in the past. 

However, as always, this is still relatively experimental tech. Do your own research before engaging. 

‍

Thanks to the Worm team for unlocking this article. All of our research and references are based on public information available in documents, etc., and are presented by blocmates for constructive discussion and analysis. To read more about our editorial policy and disclosures at blocmates, head here.