Topic: Scammer lead developer resigns from honeypot Wasabi Wallet - page 2. (Read 1436 times)

Very cheap actually. Or even free. Coordinator fee for self sybilling inputs goes back to them so this costs nothing. Coordinator fee from the target can cover sybil inputs transaction fee. Target pays for the sybilling, Wasabi pays nothing.

Or government says to BC analysis buddies 'we pay you to track this input' and so Wasabi can make a profit by self sybilling.

Yes, I grabbed the wrong links I'm mobile / remote at the moment.

But you are still passing information to hidden services in clear text. The links I wanted to grab discussed that sending things in the clear was now creating a need to trust the person getting the data (in this case wasabi but they were discussing ahem...other things) and the person running the last hop that service was connecting to which 99% of the time was the service itself.

Might not be making myself 100% clear here but the best way to say it is that since the wasabi coordinator itself is getting the info in cleartext unless they are running their onion services on the same server then somewhere even if it's just between Virtual Machine 1 and Virtual Machine 2 on the same physical hardware blade there is still data being unencrypted data being passed. Is it a 'real' threat? Depends on how they are doing things.

In the end, probably not important since you are trusting them to do things they way they say they are doing them anyway.

-Dave

Even if they do not sybil attack themselves, their back-end unit tests reveal that they request input approval from a chain analysis company (probably Coinfirm). A company which have a great incentive, I'll say, to execute a sybil attack.

I don't want to engage in Wasabi discussions since I think we've covered that arc and there isn't anything more to say, but even if Wasabi is not a honeypot and we ignore all the evidence of Wasabi being flawed software, it's just naive to put trust on people with principles that do not align with Bitcoin's.

I think you've misread something. First things first, the links you've mentioned talk about the exit nodes (which are your "way out" to the clearnet). Wasabi utilizes hidden services, that means, no exit nodes intervene.

And beyond that from here:
https://docs.wasabiwallet.io/using-wasabi/CoinJoin.html#wabisabi-protocol-step-by-step


because of this:
https://www.makeuseof.com/tor-exit-nodes-spying/
and this:
https://www.reddit.com/r/TOR/comments/mkd1s5/79_of_all_tor_nodes_are_hosted_within_14_eyes/
and this:
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df

Thinking that sending in cleartext is a good idea or that it provides any anonymity is a joke a best.

-Dave

Thanks for this link. So they did actually think it through. But this sounds easy enough to do:
That's going to be expensive on transaction fees, but sounds plausible.

They self sybil and fill Wasabi with fake volume. Very easy for them to link inputs and outputs.

Nobody in this thread seems to know anything about how it works yet they make all these nonsense claims.

No, they cannot see which input belongs to which output. https://docs.wasabiwallet.io/using-wasabi/CoinJoin.html#wabisabi-protocol-step-by-step

Wasabi team members pump lots of fake volume in to Wasabi. Probably funded by BC analysis. Support their failing wallet and make fake volume. Makes self sybilling very easy and unmixing Wasabi coinjoins very easy. Wasabi team members have admitted this. Evidence in my first post!

The point I was making is that if you are either a motivated criminal or a business or a government spinning up a ton of exit nodes and other services is not difficult.
And it makes people using 'many different exit nodes' for privacy loose a lot of it.

The tor cannot be tracked is bogus considering the number of tor sites that have been traced / seized over the years.

-Dave

Isn't it the other way around: SSL stripping doesn't reduce your privacy, but it makes you send Bitcoin to the wrong address.

I posted it earlier someplace but we are not their target audience for the most part. It's businesses that want 'privacy theater' so you can have peoples coins and put on a nice show that due to the fact that they are using this wallet with this feature that people can have privacy. And look we will never send you 'tainted' coins because these nice people are checking them for you.

Much like people buying bitcoin ETFs instead of just buying coin.

Tor is pointless, no you can't steal funds with this attack using Tor but to think it provides privacy is weak at best.

https://therecord.media/thousands-of-tor-exit-nodes-attacked-cryptocurrency-users-over-the-past-year


-Dave

One thing still isn't clear to me: does the coinjoin coordinator see which input belongs to which output? If so, they know everything. If not, I'm curious how it works on a technical level (but don't really want to spend time on it since I'll never use them anyway).

I highly doubt that such a move would destroy the wallet; zkSNACKs already successfully convinced their remaining user base that the current collaboration with blockchain analysis is not a privacy issue, so I think they'll market it successfully, again.

A mixed output can’t be linked to its origin. That’s why the protocol Wasabi was originally based on is called ZeroLink. Chain analysis companies wouldn’t know anything besides what’s already publicly visible on the blockchain. The coordinator is blind to which outputs were funded by which inputs. Tor and block filters also ensure additional privacy from the coordinator which is in contrast to Whirlpool, where by default you’re connecting over your clear IP and revealing your XPUBs. It’s also different than Jambler based mixers, which many in this forum seem so fond of. Jambler, which also blacklists tainted coins, is custodial and knows the direct link between deposits and withdrawals.

The "privacy minded users" are not their target. Instead their target is the majority who don't really understand how to improve their privacy and are too lazy to do any research so they end up in a honeypot like Wasabi wallet.
That's more than enough for a blockchain analysis company to get ahead in the competition and make a ton of money selling its services to bitcoin businesses who are forced by the authorities to subscribe to such malicious services.

In my opinion the danger Wasabi poses which needs to be emphasized is not to its own users, it is to other privacy oriented projects and also to privacy in general.

Think of this scenario: a user who mixes their coin using anything but Wasabi (like centralized mixers, other CoinJoin implementations, etc.) has their transaction rejected and their account restricted by a centralized service they're using (like a CEX). But users who use Wasabi don't face the same problem since the blockchain analysis company knows their coins origin and has the "link" which they provide authorities.
They start complaining on the internet and start being advised to use the Wasabi (they honeypot) because they didn't have their coins seized when using Wasabi.

Before you know it the number of users of real privacy improving tools fall, their volume falls too making CoinJoin and mixing harder while making banning them a lot easier and less costly for centralized services making those services comply more willingly.

It makes as sense as if a privacy proclaiming service hired a blockchain surveillance firm to spy on their clients.  Oh wait!

All privacy minded users already abandon Wasabi. Only used by newbies who don't know better or who are tricked by scammers adverts. And Wasabi already might have been bought by BC analysis company! They will never admit it.

Bought by a blockchain analysis company?

Besides self-sabotage, why would one of them try to buy out Wasabi Wallet (and zksnacks). Would that not be counter-intuitive since they would lose money buying something to destroy?

I've always imagined if a blockchain analysis company wanted to create a wallet, they'd load it full of spyware and other kinds of tracking. Like Coinbase.

EDIT: silly me, I completely missed the news that Wasabi wallet are trying to sell out (literally this time).

I like to think that everyone who really understands privacy has already left Wasabi; being acquired by a blockchain analysis firm may not matter all that much to current users. zkSNACKs would also just continue to claim users are fully private due to their open-source client code and zero-knowledge components of the system, just like they did when the 'Blacklisting Update' came out.

Also consider how many companies have some (sometimes shady) parent company that simply nobody knows about; this could maybe be done in a low-key way that doesn't pull too much attention.

Wouldn't it be more likely for all privacy minded users to abandon Wasabi entirely? Even if the current bad reputation isn't enough, that will end the moment it's bought by a blockchain analysis company.