In brief

  • Brave has been redirecting searches to crypto companies to affiliate links that give it a commission.
  • Binance, Coinbase and Trezor are among crypto companies that Brave profits from through affiliate links.
  • The company’s CEO apologized and promised that there will be no more links like this.

Brave, the crypto-friendly, privacy-first browser has been earning affiliate commissions by redirecting certain search queries to crypto companies via affiliate links.

Unlike the “opt-in” principle by which the company abides—advertisements are optional on the browser and pay out cryptocurrency to anyone who views them—Brave never asked its 15 million monthly users about these redirects.

A firestorm erupted today after twitter user Yannick Eckl, who goes by “CRYPTONATOR1337,” noticed that when Brave’s users searched for Binance, the browser automatically redirected to an affiliate version of the URL, which Brave profits from. 

Brave had recently partnered with the crypto exchange; Binance’s CEO, Changpeng Zhao, had also expressed support for Brave on Twitter.

The squall blossomed into a full-on storm after Dimitar Dinev, Managing Director of JRR crypto unearthed yet more redirect links. Digging into Brave’s GitHub page, Dinev found that Brave also redirects its users to the websites of Ledger, Trezor and Coinbase.

Brendan Eich, CEO and co-founder of Brave, immediately apologized when the breach was publicized. “Sorry for this mistake, he tweeted about the issue, which, he added, has since been “fixed.” 

“We will never revise typed in domains again, I promise,” he said; “I'm sad about it, too.” 

Eich has not responded to Decrypt’s request for further elaboration. 

In his defense, which Eich tweeted, he said that Brave is “trying to build a viable business.” Currently, it makes money by offering its users privacy-first ads that pay out in cryptocurrency. 

“But we seek skin-in-game affiliate revenue too,” he said. To do this, Brave must bring its users to exchanges through widgets and also look for revenue deals, “as all major browsers do.” 

He said that these redirects never revealed any user data to the affiliates, in keeping with the privacy-first agenda of the browser. Of the Binance redirect, he said: “That code identifies us, it's a Binance affiliate code, one fixed value for all users. It is not identifying you. Anyway, we're removing it.” 

Additionally, Eich argued that none of this was hidden: it’s been in the source code for months. 

Critics of Eich argued that he was apologizing simply because he got caught. 

Others still think that Brave has compromised its integrity. “You made THE mistake. This is probably the biggest reason why everyone chose Brave over others,” tweeted the pseudonymous “crypto.bi”.

"We are not depending for our survival on any affiliate revenue share," Eich told Decrypt. But the money can't hurt. And “our users want Brave to live,” he said.

Editor's note: A previous version of this article indicated that Eich believed that without affiliate links, the company would struggle to survive. Eich has since refuted this claim.