Samourai Wallet: Wasabi’s CoinJoin Management Lacks Privacy
The official Samourai Wallet Telegram account raised concerns over the alleged lack of privacy ensured by the CoinJoin implementation of competing wallet Wasabi on July 18.
According to Samourai Wallet, Wasabi wallet CoinJoin transactions are often not as private as they are purported to be. The company pointed out:
“With Wasabi if you are mixing 10 BTC, I can trivially track that 10 BTC as it is peeled down into smaller UTXOS (unspent funds). [...] Additionally Wasabi outputs are in the order in which they are registered, allowing you to make educated guesses that cluster outputs that you can later cross reference when inputs are inevitably merged to make a spend.”
In the same message, Samourai explained that the mixing leftover change is part of the mixing transaction, and this links the funds. The company notes, “You literally leave crumbs along the trail.”
A company executive, who goes by the nickname of SW, claimed that in “Wasabi's implementation of ZeroLink there is routinely 30–60% of inputs issued from the same previous transaction” which decreases anonymity.
He admits the issues described in the Telegram post only become a problem when combined with user behavior:
“The peeling chain and unmixed change can be mitigated against by the user staying around until their entire amount has been mixed for example, but when viewed holistically and crucially with lack of a PostMix spending strategy these architectural differences have serious consequences when common user behavior intervenes.”
According to SW, such behavior has also been demonstrated by the Wasabi team in the transaction of its donation to the Tor anonymous network. Analyzing the transaction, he claims to have linked a Wirex account address and 38 fully mixed inputs to the donation. SW said:
“My point is not to kick a competitor when they are down, my point is, if this can happen to the experts who run Wasabi then this is absolutely happening on a broader scale with less sophisticated users, and they likely have no idea it is happening, let alone what steps they need to make to prevent it.”
SW explained that, while many believe that users should learn complex coin control techniques to prevent anonymity loss, he believes that placing such a burden on users is dangerous.
As Cointelegraph reported in late June, the co-founder and CEO of major U.S.-based cryptocurrency exchange Coinbase, Brian Armstrong, attracted criticism after praising private crypto transactions.
As a recent Cointelegraph analysis, some consider Bitcoin’s increasing anonymity a threat to privacy-focused coins.