Pages:
Author

Topic: Scammer lead developer resigns from honeypot Wasabi Wallet - page 2. (Read 1452 times)

jr. member
Activity: 35
Merit: 35

That's going to be expensive on transaction fees, but sounds plausible.

Very cheap actually. Or even free. Coordinator fee for self sybilling inputs goes back to them so this costs nothing. Coordinator fee from the target can cover sybil inputs transaction fee. Target pays for the sybilling, Wasabi pays nothing.

Or government says to BC analysis buddies 'we pay you to track this input' and so Wasabi can make a profit by self sybilling.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
I think you've misread something. First things first, the links you've mentioned talk about the exit nodes (which are your "way out" to the clearnet). Wasabi utilizes hidden services, that means, no exit nodes intervene.

Yes, I grabbed the wrong links I'm mobile / remote at the moment.

But you are still passing information to hidden services in clear text. The links I wanted to grab discussed that sending things in the clear was now creating a need to trust the person getting the data (in this case wasabi but they were discussing ahem...other things) and the person running the last hop that service was connecting to which 99% of the time was the service itself.

Might not be making myself 100% clear here but the best way to say it is that since the wasabi coordinator itself is getting the info in cleartext unless they are running their onion services on the same server then somewhere even if it's just between Virtual Machine 1 and Virtual Machine 2 on the same physical hardware blade there is still data being unencrypted data being passed. Is it a 'real' threat? Depends on how they are doing things.

In the end, probably not important since you are trusting them to do things they way they say they are doing them anyway.

-Dave
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
They self sybil and fill Wasabi with fake volume. Very easy for them to link inputs and outputs.
Even if they do not sybil attack themselves, their back-end unit tests reveal that they request input approval from a chain analysis company (probably Coinfirm). A company which have a great incentive, I'll say, to execute a sybil attack.

I don't want to engage in Wasabi discussions since I think we've covered that arc and there isn't anything more to say, but even if Wasabi is not a honeypot and we ignore all the evidence of Wasabi being flawed software, it's just naive to put trust on people with principles that do not align with Bitcoin's.

[...]
I think you've misread something. First things first, the links you've mentioned talk about the exit nodes (which are your "way out" to the clearnet). Wasabi utilizes hidden services, that means, no exit nodes intervene.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
They self sybil and fill Wasabi with fake volume. Very easy for them to link inputs and outputs.

And beyond that from here:
https://docs.wasabiwallet.io/using-wasabi/CoinJoin.html#wabisabi-protocol-step-by-step

Quote
It is very important that the coordinator cannot link Alice to Bob. Because Alice has sent the cleartext input, and Bob sends the cleartext output. So, if the two were to be linked, then the coordinator can specifically link the input to the output, meaning that the anonymity set is 1. Because Alice received a credential from the coordinator, and because Bob is a new Tor identity not linked to Alice, the coordinator can verify that nobody is cheating, but it cannot deanonymize the peers.

because of this:
https://www.makeuseof.com/tor-exit-nodes-spying/
and this:
https://www.reddit.com/r/TOR/comments/mkd1s5/79_of_all_tor_nodes_are_hosted_within_14_eyes/
and this:
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df

Thinking that sending in cleartext is a good idea or that it provides any anonymity is a joke a best.

-Dave
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Thanks for this link. So they did actually think it through. But this sounds easy enough to do:
They self sybil and fill Wasabi with fake volume. Very easy for them to link inputs and outputs.
That's going to be expensive on transaction fees, but sounds plausible.
jr. member
Activity: 35
Merit: 35
They self sybil and fill Wasabi with fake volume. Very easy for them to link inputs and outputs.
newbie
Activity: 26
Merit: 19
zkSNACKs already successfully convinced their remaining user base that the current collaboration with blockchain analysis is not a privacy issue, so I think they'll market it successfully, again.
One thing still isn't clear to me: does the coinjoin coordinator see which input belongs to which output? If so, they know everything. If not, I'm curious how it works on a technical level (but don't really want to spend time on it since I'll never use them anyway).

Nobody in this thread seems to know anything about how it works yet they make all these nonsense claims.

No, they cannot see which input belongs to which output. https://docs.wasabiwallet.io/using-wasabi/CoinJoin.html#wabisabi-protocol-step-by-step
jr. member
Activity: 35
Merit: 35
Wasabi team members pump lots of fake volume in to Wasabi. Probably funded by BC analysis. Support their failing wallet and make fake volume. Makes self sybilling very easy and unmixing Wasabi coinjoins very easy. Wasabi team members have admitted this. Evidence in my first post!
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Tor is pointless, no you can't steal funds with this attack using Tor but to think it provides privacy is weak at best.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year
Isn't it the other way around: SSL stripping doesn't reduce your privacy, but it makes you send Bitcoin to the wrong address.

The point I was making is that if you are either a motivated criminal or a business or a government spinning up a ton of exit nodes and other services is not difficult.
And it makes people using 'many different exit nodes' for privacy loose a lot of it.

The tor cannot be tracked is bogus considering the number of tor sites that have been traced / seized over the years.

-Dave
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Tor is pointless, no you can't steal funds with this attack using Tor but to think it provides privacy is weak at best.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year
Isn't it the other way around: SSL stripping doesn't reduce your privacy, but it makes you send Bitcoin to the wrong address.
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.
The "privacy minded users" are not their target. Instead their target is the majority who don't really understand how to improve their privacy and are too lazy to do any research so they end up in a honeypot like Wasabi wallet.....

I posted it earlier someplace but we are not their target audience for the most part. It's businesses that want 'privacy theater' so you can have peoples coins and put on a nice show that due to the fact that they are using this wallet with this feature that people can have privacy. And look we will never send you 'tainted' coins because these nice people are checking them for you.

Much like people buying bitcoin ETFs instead of just buying coin.

...Tor ...
Tor is pointless, no you can't steal funds with this attack using Tor but to think it provides privacy is weak at best.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year


-Dave

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
zkSNACKs already successfully convinced their remaining user base that the current collaboration with blockchain analysis is not a privacy issue, so I think they'll market it successfully, again.
One thing still isn't clear to me: does the coinjoin coordinator see which input belongs to which output? If so, they know everything. If not, I'm curious how it works on a technical level (but don't really want to spend time on it since I'll never use them anyway).
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
Another reason why it would be a great acquisition for them is that it would give them a huge competitive advantage over other blockchain analysis firms. They'd be the only ones able to provide data on Wasabi CoinJoin'ed transactions.
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.
Bought by a blockchain analysis company?
Besides self-sabotage, why would one of them try to buy out Wasabi Wallet (and zksnacks). Would that not be counter-intuitive since they would lose money buying something to destroy?
I highly doubt that such a move would destroy the wallet; zkSNACKs already successfully convinced their remaining user base that the current collaboration with blockchain analysis is not a privacy issue, so I think they'll market it successfully, again.
newbie
Activity: 26
Merit: 19
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.
The "privacy minded users" are not their target. Instead their target is the majority who don't really understand how to improve their privacy and are too lazy to do any research so they end up in a honeypot like Wasabi wallet.
That's more than enough for a blockchain analysis company to get ahead in the competition and make a ton of money selling its services to bitcoin businesses who are forced by the authorities to subscribe to such malicious services.

In my opinion the danger Wasabi poses which needs to be emphasized is not to its own users, it is to other privacy oriented projects and also to privacy in general.

Think of this scenario: a user who mixes their coin using anything but Wasabi (like centralized mixers, other CoinJoin implementations, etc.) has their transaction rejected and their account restricted by a centralized service they're using (like a CEX). But users who use Wasabi don't face the same problem since the blockchain analysis company knows their coins origin and has the "link" which they provide authorities.
They start complaining on the internet and start being advised to use the Wasabi (they honeypot) because they didn't have their coins seized when using Wasabi.

Before you know it the number of users of real privacy improving tools fall, their volume falls too making CoinJoin and mixing harder while making banning them a lot easier and less costly for centralized services making those services comply more willingly.

A mixed output can’t be linked to its origin. That’s why the protocol Wasabi was originally based on is called ZeroLink. Chain analysis companies wouldn’t know anything besides what’s already publicly visible on the blockchain. The coordinator is blind to which outputs were funded by which inputs. Tor and block filters also ensure additional privacy from the coordinator which is in contrast to Whirlpool, where by default you’re connecting over your clear IP and revealing your XPUBs. It’s also different than Jambler based mixers, which many in this forum seem so fond of. Jambler, which also blacklists tainted coins, is custodial and knows the direct link between deposits and withdrawals.
legendary
Activity: 3472
Merit: 10611
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.
The "privacy minded users" are not their target. Instead their target is the majority who don't really understand how to improve their privacy and are too lazy to do any research so they end up in a honeypot like Wasabi wallet.
That's more than enough for a blockchain analysis company to get ahead in the competition and make a ton of money selling its services to bitcoin businesses who are forced by the authorities to subscribe to such malicious services.

In my opinion the danger Wasabi poses which needs to be emphasized is not to its own users, it is to other privacy oriented projects and also to privacy in general.

Think of this scenario: a user who mixes their coin using anything but Wasabi (like centralized mixers, other CoinJoin implementations, etc.) has their transaction rejected and their account restricted by a centralized service they're using (like a CEX). But users who use Wasabi don't face the same problem since the blockchain analysis company knows their coins origin and has the "link" which they provide authorities.
They start complaining on the internet and start being advised to use the Wasabi (they honeypot) because they didn't have their coins seized when using Wasabi.

Before you know it the number of users of real privacy improving tools fall, their volume falls too making CoinJoin and mixing harder while making banning them a lot easier and less costly for centralized services making those services comply more willingly.
sr. member
Activity: 364
Merit: 298
Besides self-sabotage, why would one of them try to buy out Wasabi Wallet (and zksnacks). Would that not be counter-intuitive since they would lose money buying something to destroy?

It makes as sense as if a privacy proclaiming service hired a blockchain surveillance firm to spy on their clients.  Oh wait!
jr. member
Activity: 35
Merit: 35
Another reason why it would be a great acquisition for them is that it would give them a huge competitive advantage over other blockchain analysis firms. They'd be the only ones able to provide data on Wasabi CoinJoin'ed transactions.
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.

All privacy minded users already abandon Wasabi. Only used by newbies who don't know better or who are tricked by scammers adverts. And Wasabi already might have been bought by BC analysis company! They will never admit it.

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Another reason why it would be a great acquisition for them is that it would give them a huge competitive advantage over other blockchain analysis firms. They'd be the only ones able to provide data on Wasabi CoinJoin'ed transactions.
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.

Bought by a blockchain analysis company?

Besides self-sabotage, why would one of them try to buy out Wasabi Wallet (and zksnacks). Would that not be counter-intuitive since they would lose money buying something to destroy?

I've always imagined if a blockchain analysis company wanted to create a wallet, they'd load it full of spyware and other kinds of tracking. Like Coinbase.

EDIT: silly me, I completely missed the news that Wasabi wallet are trying to sell out (literally this time).
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
Another reason why it would be a great acquisition for them is that it would give them a huge competitive advantage over other blockchain analysis firms. They'd be the only ones able to provide data on Wasabi CoinJoin'ed transactions.
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.
I like to think that everyone who really understands privacy has already left Wasabi; being acquired by a blockchain analysis firm may not matter all that much to current users. zkSNACKs would also just continue to claim users are fully private due to their open-source client code and zero-knowledge components of the system, just like they did when the 'Blacklisting Update' came out.

Also consider how many companies have some (sometimes shady) parent company that simply nobody knows about; this could maybe be done in a low-key way that doesn't pull too much attention.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Another reason why it would be a great acquisition for them is that it would give them a huge competitive advantage over other blockchain analysis firms. They'd be the only ones able to provide data on Wasabi CoinJoin'ed transactions.
Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.
Pages:
Jump to: