Expert weighs in on Wasabi’s response to wallet security issues

Published at: Aug. 24, 2020

Although the privacy-focused Bitcoin (BTC) wallet Wasabi Wallet recently dismissed allegations that its anonymity features may be compromised, a third-party expert disagrees.

In an Aug. 19 blog post, Wasabi competitor Samourai claimed to have “discovered two potential privacy vulnerabilities in the Wasabi Wallet software.” Per the announcement, the company also found numerous issues with the anonymity of Wasabi Wallet’s CoinJoin Bitcoin mixer.

Mário Havel, co-founder of crypto-and-privacy non-profit Paralelni Polis, said that Samourai’s allegations seem credible and can be verified in Wasabi’s code. He explained:

“Disclosed vulnerabilities [...] are not affecting the security of the wallet. [Instead they] affect only [the anonymity in] some CoinJoin scenarios in which the user is mixing more [unspent transaction outputs].”

Wasabi lead developer Adam Ficsor explained that the issue raised by Samourai is the lack of randomness in unspent transaction output, or UTXO, selection when performing CoinJoin mixing. He claimed that this does not impact anonymity, since only the users themselves know all the UTXOs in their wallet.

Havel pointed out that Wasabi users who use its CoinJoin feature should always know how to manage their UTXOs in a way that preserves anonymity:

“Doing privacy correctly, especially with tools like coin control requires some learning and attention. In this case, the user has to be aware of possible attack scenarios and avoid them by managing UTXOs correctly.”

Wasabi’s Ficsor also said that Samourai has “claimed to ‘deanonymize’ Wasabi numerous times in the past.” This statement is in line with July 2019 reports in which Samourai first raised concerns over Wasabi’s CoinJoin implementation. Ficsor said that “the community knows their claims are inflated.” Mário Havel disagrees:

“There were many clashes in the past, more or less reasonable, but generally Samourai research does a good and interesting job for the privacy ecosystem of Bitcoin. Most of the claims against Wasabi are based around [the aforementioned problem, which is that] it requires some knowledge to use it properly privately.”

Havel does admit, however, that “Samourai and Wasabi are competition” and that both capitalize on their users’ CoinJoin fees. Both companies also benefit from damaging the reputation of their competition. He concluded:

“Personally, I use both wallets since both have different features and perks. [...] Both are great wallets even without the CoinJoin feature and it is only up to the user how he uses it and what features of the wallet he needs.”

Tags
Bitcoin
Cryptocurrencies
Wallet
Bitcoin Wallet
Privacy
Anonymity
Related Posts
Japanese Firm Unveils New Privacy Feature for Bitcoin Wallets
Japanese crypto firm Freessets has announced a new technology to enhance Bitcoin wallet (BTC) privacy. According to a June 8 announcement, Freessets has created a system that allows wallets to request their addresses’ Bitcoin balances without revealing it to the servers from which they request the balances or transaction history. The statement said that conventional Bitcoin wallets explicitly ask servers for the balance of their addresses, which links the balance, transactions and addresses. However, “using the technology Fressets has developed, it is mathematically proven that the servers cannot learn anything from the user’s query.” The significance of the development Adam …
Technology / June 10, 2020
Tor-enabled Bitcoin nodes are back after bug on network
The Bitcoin (BTC) network has been steadily recovering in terms of running BTC nodes after a major outage on the Tor network. According to the latest data from node monitoring resource Bitnodes, Tor-enabled Bitcoin (BTC) nodes are back to normal following almost a full-swing crash in early January 2021. As of Jan. 13, the number of reachable Tor-based BTC nodes amounted to 2,581, up from as few as 122 nodes on Jan. 9. Based on Bitnodes data, Tor-enabled Bitcoin nodes make up a significant part of the Bitcoin network, normally accounting for about 25% of totally reachable running nodes. According …
Decentralization / Jan. 15, 2021
Bitcoin Blender Cryptocurrency Mixing Service Shuts Itself Down
Cryptocurrency mixing service Bitcoin Blender has reportedly willingly shut down after issuing a short notice asking its users to withdraw their funds, tech news outlet BleepingComputer reports on May 30. Per the report, the message describing the service that appeared on the homepage of the website present both on the Tor network (often referred to as the darknet, dark web or deep web) and on clearnet before it shut down was the following: “We are a hidden service that mixes your bitcoins to remove the link between you and your transactions. This adds an essential layer of anonymity to your …
Blockchain / May 31, 2019
Binance’s Official Crypto Wallet Adds Support for XRP and Credit Card Purchases
The official wallet of leading cryptocurrency exchange Binance, Trust Wallet, has added support for credit card purchases and Ripple’s XRP token. The company announced the new features in a press release shared with Cointelegraph on March 12. Trust Wallet was acquired by Binance in July of last year in the exchange’s first public acquisition. According to the press release, users can now send, receive, store and exchange XRP via Trust Wallet. According to the wallet’s official website, Trust Wallet also supports Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC) and Bitcoin Cash (BCH), among others, and as well as any ERC20, ERC223 …
Bitcoin / March 12, 2019
Tor Project Now Accepts Bitcoin Over Lightning Network
The Tor Project, the nonprofit organization behind the anonymous network Tor, announced that it now accepts Bitcoin (BTC) donations via the Lightning Network. The organization announced on Nov. 19 that it will accept Lightning Network donations as part of Bitcoin Tuesday, a fundraising initiative led by the crypto-for-charity organization The Giving Block. Tor recommended the BottlePay wallet for donations, which allows users to search for The Tor Project inside it and send crypto without copying and pasting addresses. The Lightning Network is a layer-2 payment protocol for the Bitcoin network that aims to expedite payments and address the network’s scalability …
Bitcoin / Nov. 20, 2019