Topic: Samourai wallet user de-anonymization - page 2. (Read 453 times)

I've warned people long time ago that the Bitcoin community has been infiltrated by trojan horses... some "Bitcoiners" are undercover feds.

When asked why they don't use block filters so they don't collect any data, Samourai even went so far as to claim that their mobile wallet was actually a full node wallet:

https://twitter.com/Kruwed/status/1576903392047534081
https://twitter.com/SamouraiWallet/status/1576923638846005248

Much of what Samourai devs and the whole team did was very problematic.
From the rampant sockpuppeting and personal attacks on social media to the blunt responses they would give to criticism like the one you had made above.
If the mobile wallet was a compromise in privacy it shouldn't have ever been released. And yet they made it a very central point of their marketing.

But there's only so much we can say about the project while its main proponents are probably looking forward to at least a dozen years in prison and/or a lengthy extradition process. So to the claim that Samourai was a honeypot, I'd say that the dev team was probably just  naive thinking the feds wouldn't go after them. The sad truth is having user data seized also puts user privacy in jeopardy based on how Samourai's infastracture was developed. Whether or not that makes the devs assholes given all the aforementioned is up to anyone's own judgment to make.

They explicitly accused Wasabi contributors of being liars for warning that all privacy settings in Samourai Wallet are off by default and posted a screenshot of these default-off settings turned on: https://twitter.com/SamouraiWallet/status/1647659684445265921

This behavior can only be described with one word: Malicious.

Yes, you're correct. I hadn't thought of it this way. Samourai was operating under a fashion such that if it was compromised, it could be Sybil attacked.

Probably the first time I'm going to agree with you in here. They were, deliberately or not, knowledgeably or not, performing Sybil attack. In this tweet, it is revealed that no only they were using the xpub keys to query the balances, but even keeping them. What's the excuse for not using block filters to users who didn't connect to their own node?

I asked this question in their Telegram group chat and got banned. I didn't expect this attitude.

I created an issue in Samourai's repo to have a warning shown to users that they were trusting Samourai's developers with all of their financial data and their IP address: https://web.archive.org/web/20230417145554/https://code.samourai.io/wallet/samourai-wallet-android/-/issues/458

However, Samourai insisted that they would not provide any information to the user whatsoever that they are being spied on by their Bitcoin wallet app and any PR created that warns users about the data they are leaking would not be merged.

Samourai is truly a despicable project. These assholes intentionally created a huge honeypot of Bitcoiner personal data and then handed it over to the feds.




You don't need to run a node for privacy. Light wallets like Wasabi, Zeus, Blixt, and Breez all use BIP157/BIP158 compact block filters. These filters allow you to sync all of the addresses in your wallet without sharing identifiable data with anyone else's full node.


You mean send your deanonymized coins through a coinjoin.  A "mixer" is a scamming website that has complete knowledge over which inputs go to which outputs, just like Samourai.


Samourai was performing the Sybil attack themselves since they designed their wallet to collect the xpub addresses and IP addresses of their customers. Now the Feds inherit all the data Samourai collected from this attack.

@BlackHatCoiner
The way authorities will be able to de anonymize Samourai past users is by way of accessing their xpub data. Essentially this data was on Samourai servers which authorities claim to have seized. Now, this allows for all past transactions made by mobile users (which were a sizeable portion of the network and therefore acting as a sibil attacker) to be traced. Deducting this data from all coinjoins makes it easy to decode each one. But also associate coinjoins together to deduct who is who even if they were using a node. Samourai's volume being smaller than their competing privacy wallet makes this task easier too.

Here's a thread about this:
https://twitter.com/oomahq/status/1789253579213004937

How can they do that? The whirlpool server is shutdown, we all know about the recent events. A Sybil attack requires the authorities to continue running whirlpool, as if nothing happened.

There's talk about decentralized whirlpool, but it's still unclear how this will be resistant to Sybil attacks. Previously, you only needed to trust that Samourai isn't sybil attacking, but now that chain analysis firms can join the Soroban network, I don't bet my hands on it.

Samourai wasn't using block filters. It was sending your xpub to their server. It is true that this was one very bad practice.

Chipmixer servers have been seized, and user data was taken about 7 Terabytes of Data. If this data was useful, many hackers were arrested in the last 5 years, as CM was the largest mixer for many years.
What I try to say is that the government will not analyze to track the privacy of individuals and that the entities that launder money take mixers as one of the points in the chain of concealment of identity and therefore the data will not be important without tracking all sources.

If you want to enhance your privacy, start with a full noed, make contact always via Tor not looking for your address in the blocs of the blocs and then without being a government agency you want to really follow you, you are safe.

If you know you can not run your own node, you can go for the less private but still anonymous way by using Tor. You can use SPV wallet like Electrum and enable Tor. This is not as private as running your own node with Tor but it is better and still anonymous as you are not connecting directly with your IP address.

Run your own node. That's the only way to ensure privacy of your transactions. Anyone else running a node for you can see every transaction you broadcast and potentially any blockfilter you use to scan for your address transactions for assuming Samourai has used such a feature. I know it might sound hard but even a pruned node would suffice in this situation.

(and send your deanonymoized coins through a mixer since nobody is able to determine what outputs go to what inputs, only the fact that you had used a mixer.)

Samourai wallet recently was seized and two leading members of the project were arrested and charged.

The issue with this is that samourai developers aside of providing the software to participate in coinjoin mixing transactions, were also hosting a node for everyone seeking to access this service from mobile. Essentially every mobile user was relying on their node.

It was possible for someone to rely on his own full node but not everyone did it. Now after the seizure of data possesed by Samourai developers though, authorities can essentially perform analysis equal to performing a Sybil attack and de-anonymize even those that had their own node.

Simply by knowing where the transactions of those using the node-service where going, it's easy to figure out the rest by picking up the pieces left and right. Especially given that the transactions going through Samourai's hosted service where a very seizable portion of the total. So all in all, anyone who had even used Samourai wallet should consider their past transaction privacy compromised and potentially act accordingly. I wish all these people best of luck and hope with all my heart that authorities leave them the fuck alone. Understandably it has to be very stressful having to go through this when you were promised top notch privacy... But what can you do, we learn from our mistakes.

Hopefully the next privacy solution that comes around is better and more robust.