Samourai Wallet: Wasabi’s CoinJoin Management Lacks Privacy

Published at: July 21, 2019

The official Samourai Wallet Telegram account raised concerns over the alleged lack of privacy ensured by the CoinJoin implementation of competing wallet Wasabi on July 18. 

According to Samourai Wallet, Wasabi wallet CoinJoin transactions are often not as private as they are purported to be. The company pointed out:

“With Wasabi if you are mixing 10 BTC, I can trivially track that 10 BTC as it is peeled down into smaller UTXOS (unspent funds). [...] Additionally Wasabi outputs are in the order in which they are registered, allowing you to make educated guesses that cluster outputs that you can later cross reference when inputs are inevitably merged to make a spend.”

In the same message, Samourai explained that the mixing leftover change is part of the mixing transaction, and this links the funds. The company notes, “You literally leave crumbs along the trail.”

A company executive, who goes by the nickname of SW, claimed that in “Wasabi's implementation of ZeroLink there is routinely 30–60% of inputs issued from the same previous transaction” which decreases anonymity. 

He admits the issues described in the Telegram post only become a problem when combined with user behavior:

“The peeling chain and unmixed change can be mitigated against by the user staying around until their entire amount has been mixed for example, but when viewed holistically and crucially with lack of a PostMix spending strategy these architectural differences have serious consequences when common user behavior intervenes.”

According to SW, such behavior has also been demonstrated by the Wasabi team in the transaction of its donation to the Tor anonymous network. Analyzing the transaction, he claims to have linked a Wirex account address and 38 fully mixed inputs to the donation. SW said:

“My point is not to kick a competitor when they are down, my point is, if this can happen to the experts who run Wasabi then this is absolutely happening on a broader scale with less sophisticated users, and they likely have no idea it is happening, let alone what steps they need to make to prevent it.”

SW explained that, while many believe that users should learn complex coin control techniques to prevent anonymity loss, he believes that placing such a burden on users is dangerous. 

As Cointelegraph reported in late June, the co-founder and CEO of major U.S.-based cryptocurrency exchange Coinbase, Brian Armstrong, attracted criticism after praising private crypto transactions.

As a recent Cointelegraph analysis, some consider Bitcoin’s increasing anonymity a threat to privacy-focused coins.

Tags
Related Posts
Expert weighs in on Wasabi’s response to wallet security issues
Although the privacy-focused Bitcoin (BTC) wallet Wasabi Wallet recently dismissed allegations that its anonymity features may be compromised, a third-party expert disagrees. In an Aug. 19 blog post, Wasabi competitor Samourai claimed to have “discovered two potential privacy vulnerabilities in the Wasabi Wallet software.” Per the announcement, the company also found numerous issues with the anonymity of Wasabi Wallet’s CoinJoin Bitcoin mixer. Mário Havel, co-founder of crypto-and-privacy non-profit Paralelni Polis, said that Samourai’s allegations seem credible and can be verified in Wasabi’s code. He explained: “Disclosed vulnerabilities [...] are not affecting the security of the wallet. [Instead they] affect only …
Bitcoin / Aug. 24, 2020
Japanese Firm Unveils New Privacy Feature for Bitcoin Wallets
Japanese crypto firm Freessets has announced a new technology to enhance Bitcoin wallet (BTC) privacy. According to a June 8 announcement, Freessets has created a system that allows wallets to request their addresses’ Bitcoin balances without revealing it to the servers from which they request the balances or transaction history. The statement said that conventional Bitcoin wallets explicitly ask servers for the balance of their addresses, which links the balance, transactions and addresses. However, “using the technology Fressets has developed, it is mathematically proven that the servers cannot learn anything from the user’s query.” The significance of the development Adam …
Technology / June 10, 2020
Samourai BTC Wallet Removes Security Features at Google’s Behest for Transparency Policy
Bitcoin (BTC) wallet provider Samourai Wallet said it was disabling several security-related features in its products due to notices from Google to block the wallet, according to a Jan. 7. blog post. Samourai, which has aimed to provide a Bitcoin-centric experience through adding enhanced anonymity options and removing references to fiat currency, confirmed it was removing three functions from its wallet in time for its latest update released Tuesday. “Again, we are sorry for this inconvenience, but our hands have been tied by Google,” the blog post reads, adding: “We hope to bring these features back somehow in the future …
Bitcoin / Jan. 8, 2019
Tor Project Now Accepts Bitcoin Over Lightning Network
The Tor Project, the nonprofit organization behind the anonymous network Tor, announced that it now accepts Bitcoin (BTC) donations via the Lightning Network. The organization announced on Nov. 19 that it will accept Lightning Network donations as part of Bitcoin Tuesday, a fundraising initiative led by the crypto-for-charity organization The Giving Block. Tor recommended the BottlePay wallet for donations, which allows users to search for The Tor Project inside it and send crypto without copying and pasting addresses. The Lightning Network is a layer-2 payment protocol for the Bitcoin network that aims to expedite payments and address the network’s scalability …
Bitcoin / Nov. 20, 2019
ECB lays out ‘anonymous’ digital euro as public opposes ‘slavecoins’
The European Central Bank (ECB) continues pushing its central bank digital currency (CBDC) project despite Europeans apparently not feeling too positive about a digital euro. The ECB released another working paper on the digital euro, providing an extensive technical analysis of a potential European CBDC and its position in the existing financial system. Issued on May 13, the working paper aims to study issues like financial intermediation, payment choices and privacy in the digital economy, providing a large number of related algebra-based conclusions. The study suggests that a “CBDC with anonymity” is preferable to traditional digital payments like bank deposits …
Bitcoin / May 13, 2022