Wasabi Wallet - Open Source, Noncustodial Coinjoin Software - page 21.

Kruw

member

Activity: 378

Merit: 93

Enable v2transport=1 and mempoolfullrbf=1

Quote from: JollyGood on July 12, 2024, 10:17:20 AM

What about this Kruw?

Quote from: JollyGood on July 11, 2024, 02:52:50 AM

What is the latest with regards to your relationship with zkSNACKS? Can you clarify whether you are an employee of the team behind WasabiWallet or are you just someone that proposes code changes and they have no relationship to you and you to them? I asked because when I read in your bio "Contributor to Wasabi Wallet" it does not define the extent of the relationship between you and them.

zkSNACKs shut down a month ago:

Quote from: Kruw on May 02, 2024, 12:33:06 PM

https://blog.wasabiwallet.io/zksnacks-is-discontinuing-its-coinjoin-coordination-service-1st-of-june/

JollyGood

legendary

Activity: 2534

Merit: 1713

Top Crypto Casino

What about this Kruw?

Quote from: JollyGood on July 11, 2024, 02:52:50 AM

What is the latest with regards to your relationship with zkSNACKS? Can you clarify whether you are an employee of the team behind WasabiWallet or are you just someone that proposes code changes and they have no relationship to you and you to them? I asked because when I read in your bio "Contributor to Wasabi Wallet" it does not define the extent of the relationship between you and them.

Quote from: Kruw on July 12, 2024, 06:50:28 AM

~

Kruw

member

Activity: 378

Merit: 93

Enable v2transport=1 and mempoolfullrbf=1

Wasabi is now available for Start9 personal servers! https://marketplace.start9.com/wasabi-webtop?api=community-beta-registry.start9.com&name=Community%20Beta%20Registry

This is a community project developed by https://github.com/remcoros - thank you for the contribution!

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: alani123 on July 11, 2024, 04:34:51 PM

Wasabi is a high profile target for sure. Obfuscating millions with in dollar value on the daily surely rattles some feathers. Maybe the hackers could have wanted to make people lose faith in such project but made it so it looks like they were after financial gain. Either way I think this whole ordeal is going to make privacy tech more hardened in the long run. But it might take some time for the next step into the privacy revolution.

A VERY high-profile target, and probably a target that state-level actors want to compromise and make it into their honeypot from which they could compromise more users.

Let's wait for the news post-hack.

alani123

legendary

Activity: 2422

Merit: 1451

Leading Crypto Sports Betting & Casino Platform

Wasabi is a high profile target for sure. Obfuscating millions with in dollar value on the daily surely rattles some feathers. Maybe the hackers could have wanted to make people lose faith in such project but made it so it looks like they were after financial gain. Either way I think this whole ordeal is going to make privacy tech more hardened in the long run. But it might take some time for the next step into the privacy revolution.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: BlackHatCoiner on July 10, 2024, 03:29:58 AM

That's probably the malicious coordinator: https://bitcointalksearch.org/topic/m.64308723.

Why can't the client, by default, not allow joining a coordinator with these ridiculous settings?

That's the point I was telling Kruw. It might take time before some people/groups running those coordinators to be trusted because they need to build a reputation. I believe a reputation system for coordinators will definitely be needed to guide the community which coordinators are trustworthy, and which of them have high liquidity + unique users.

Quote from: alani123 on July 10, 2024, 06:51:18 PM

Is there going to be a report on what this "sophisticated" attack was? From what I can see here there was a changed hash from one of the binaries. So was the download server hacked? Was the coordinator hacked through a central point of failure?

Could this have all been prevented if the clients had more common sense settings? I can't understand from what has been posted already. Anyway it's interesting that the Wasabi team is still delivering patches even after they closed their main revenue source. I'll wait for the post mortem.

Obviously there was a hack, or it could also be an inside job. Either of the two. Unless there was an "honest mistake", WHICH will be in itself suspicious.

Dont Trust Verify

newbie

Activity: 27

Merit: 23

Quote from: dkbit98 on July 10, 2024, 05:34:10 AM

And STOP using Kruw centralized coordinator hypocrite who is doing money laundering scam!

Quote from: dkbit98 on July 10, 2024, 05:23:22 AM

Kruw centralized coordinator crap appears to be directly connected with scammer who hacked several exchanges MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc.
This is direct money laundering and now we can say that Kruw is also a scammer and criminal, and that is much worse than all his unproved scam accusations against bitcointalk members.
We also found out that many of wasabi centralized coordinators are just another way of attack on bitcoin users.

wabisabi coinjoin tx:
https://mempool.space/tx/538a97650fc877efcaf55fd36d8e06a675873284a160efbaf59c60f7880ae750

kruw coordinator used:
https://wasabist.io/8/95e809d3c00fd3beaddef141b021ddaab64dbf23f3a74035a5b983f8894cf77c

Source:
https://x.com/1440000bytes/status/1810923857584242755

If a nonprofit coordinator is a scam because it was used by a hacker what does that make Jambler which was used by the very same hacker? What does it make those like yourself who profited directly for many months from advertising this mixer?

https://www.talkimg.com/images/2024/07/11/o70r1.jpeg

JollyGood

legendary

Activity: 2534

Merit: 1713

Top Crypto Casino

What is the latest with regards to your relationship with zkSNACKS? Can you clarify whether you are an employee of the team behind WasabiWallet or are you just someone that proposes code changes and they have no relationship to you and you to them? I asked because when I read in your bio "Contributor to Wasabi Wallet" it does not define the extent of the relationship between you and them.

Quote from: Kruw on July 10, 2024, 09:01:44 PM

Here's the disclosure of the incident: https://github.com/WalletWasabi/WalletWasabi/discussions/13249

Kruw

member

Activity: 378

Merit: 93

Enable v2transport=1 and mempoolfullrbf=1

Quote from: alani123 on July 10, 2024, 06:51:18 PM

Is there going to be a report on what this "sophisticated" attack was? From what I can see here there was a changed hash from one of the binaries. So was the download server hacked? Was the coordinator hacked through a central point of failure?

Could this have all been prevented if the clients had more common sense settings? I can't understand from what has been posted already. Anyway it's interesting that the Wasabi team is still delivering patches even after they closed their main revenue source. I'll wait for the post mortem.

Here's the disclosure of the incident: https://github.com/WalletWasabi/WalletWasabi/discussions/13249

alani123

legendary

Activity: 2422

Merit: 1451

Leading Crypto Sports Betting & Casino Platform

Is there going to be a report on what this "sophisticated" attack was? From what I can see here there was a changed hash from one of the binaries. So was the download server hacked? Was the coordinator hacked through a central point of failure?

Could this have all been prevented if the clients had more common sense settings? I can't understand from what has been posted already. Anyway it's interesting that the Wasabi team is still delivering patches even after they closed their main revenue source. I'll wait for the post mortem.

JollyGood

legendary

Activity: 2534

Merit: 1713

Top Crypto Casino

Regardless of what any of us might think about WasabiWallet and their use of blockchain analysis, they were very fast of the mark with this update almost as soon as they discovered the exploit. I suppose that shows the determination on their part to not let unscrupulous co-ordinators steal from clients that opted to use their wallet rather than an alternative.

Quote from: examplens on July 10, 2024, 09:09:52 AM

Well, this escalated quickly.Wasabi has just announced a new release 2.1.0, with an indication that everyone using coordinators should do a mandatory update.

Kruw

member

Activity: 378

Merit: 93

Enable v2transport=1 and mempoolfullrbf=1

Quote from: BlackHatCoiner on July 10, 2024, 03:29:58 AM

That's probably the malicious coordinator: https://bitcointalksearch.org/topic/m.64308723.

Why can't the client, by default, not allow joining a coordinator with these ridiculous settings?

The new version now sets a default minimum input count of 21.

Quote from: Kruw on May 31, 2024, 12:08:41 PM

If a coordinator is running many rounds in parallel with low minimum input counts/fast input registration timeouts, you should already be avoiding them altogether since their config isn't making good use of scarce block space.

I suppose I should take the opportunity to repeat this advice as well.

examplens

legendary

Activity: 3542

Merit: 3625

Crypto Swap Exchange

Quote from: dkbit98 on July 10, 2024, 05:34:10 AM

One Wasabi developer Lucas posted that one Wasabi release was replaced with fake installer and they are investigating issue.
I would recommend everyone to STOP using Wasabi wallet and all coordinators asap or you could lose your coins.

Well, this escalated quickly.
Wasabi has just announced a new release 2.1.0, with an indication that everyone using coordinators should do a mandatory update.

Quote

- Advanced send workflow with coin control
- Coordinator Connection String
- Security improvements
- New look for the website

Full release notes & Download: https://github.com/WalletWasabi/WalletWasabi/releases/tag/v2.1.0.0

https://x.com/wasabiwallet/status/1811035230947402177

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: BlackHatCoiner on July 10, 2024, 03:29:58 AM

Why can't the client, by default, not allow joining a coordinator with these ridiculous settings?

One Wasabi developer Lucas posted that one Wasabi release was replaced with fake installer and they are investigating issue.
I would recommend everyone to STOP using Wasabi wallet and all coordinators asap or you could lose your coins.
https://x.com/lontivero/status/1810835747324448989

BinaryWatch also confirmed that Wasabi Wasabi-2.0.8.1 had checksum changed!
This is a good reminder why we need to always verify release when we download latest version of software.

Quote from: dkbit98 on July 10, 2024, 05:23:22 AM

Kruw centralized coordinator crap appears to be directly connected with scammer who hacked several exchanges MEXC, Gate, Binance, Kraken, OKX, HTX, HitBTC, etc.
This is direct money laundering and now we can say that Kruw is also a scammer and criminal, and that is much worse than all his unproved scam accusations against bitcointalk members.
We also found out that many of wasabi centralized coordinators are just another way of attack on bitcoin users.

wabisabi coinjoin tx:
https://mempool.space/tx/538a97650fc877efcaf55fd36d8e06a675873284a160efbaf59c60f7880ae750

kruw coordinator used:
https://wasabist.io/8/95e809d3c00fd3beaddef141b021ddaab64dbf23f3a74035a5b983f8894cf77c

Source:
https://x.com/1440000bytes/status/1810923857584242755

BlackHatCoiner

legendary

Activity: 1512

Merit: 7340

Farewell, Leo

That's probably the malicious coordinator: https://bitcointalksearch.org/topic/m.64308723.

Why can't the client, by default, not allow joining a coordinator with these ridiculous settings?

cygan

legendary

Activity: 3402

Merit: 9199

icarus-cards.eu

the Wasabi devs warns against using the coordinator called WasabiCoordinator with this official tweet
the use of coinjoining by this coordinator is explicitly discouraged here!

https://x.com/wasabiwallet/status/1810829065588228193

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: PrivacyG on July 08, 2024, 01:54:56 PM

Blockchain Analysis companies spread terror and do nefarious things too. They are working against individuals and specifically against their Privacy, which to me qualifies under the term 'nefarious' very well. These companies are any thing but Saints or Innocent if you ask me.

Sadly, we have reached a point where, if you want privacy, it means that you are hiding something because why would a "normal" law-abiding and innocent citizen want privacy? This isn't me speaking, it's them. Substitute "them" with whatever you want. Someone who wants to stay private will therefore be considered a potential threat and enemy to Big Brother, and you will then be targeted or sanctioned for not showing them what they want to see. From their perspective, blockchain analysis is an important cog in their machine and not something nefarious. You, on the other hand, are a fascist right-wing who is threatening democracy. What a great time to be alive. Roll Eyes

PrivacyG

legendary

Activity: 882

Merit: 1873

Crypto Swap Exchange

Quote from: Wind_FURY on July 08, 2024, 03:46:06 AM

Quote from: PrivacyG on July 07, 2024, 11:39:15 AM

I will give some Money to a Terrorist Group. The actual purpose is that with no Money left, innocent kids and wives of Terrorists could die of hunger. Is my donation now justified and I am innocent or is it implicitly bad to donate to a known bad actor that works against us all?

Terrorist groups?

👀

Ser, that's a Straw Man Fallacy because terrorist groups spread terror and do actual nefarious things. zkSNACKS' developers were merely looking for a way to filter out "tainted" outputs, and they accepted the trade-offs to safeguard their coordinator from "taint". They were not giving money to terrorist groups.

Come on, no where did I try to assume they were giving Money to Terrorist groups. I think it is pretty evident I was simply giving an example for why the actual purpose of giving Money does not matter if it is sent to a bad actor. I even specifically mentioned this in the end of my example. You could have the most innocent purpose, it does not matter if the destination Wallet is of an Evil person, Organization or company.

But since you make it seem like I was calling it a Terrorist funding, I have a thing or two to say about the similarities,

Quote from: Wind_FURY on July 08, 2024, 03:46:06 AM

Ser, that's a Straw Man Fallacy because terrorist groups spread terror and do actual nefarious things.

Blockchain Analysis companies spread terror and do nefarious things too. They are working against individuals and specifically against their Privacy, which to me qualifies under the term 'nefarious' very well. These companies are any thing but Saints or Innocent if you ask me.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: PrivacyG on July 07, 2024, 11:39:15 AM

Quote from: Wind_FURY on July 07, 2024, 11:27:48 AM

If the actual purpose of paying for blockchain analysis is to filter the outputs coming into their coordinator from "taint", then perhaps not.

I will give some Money to a Terrorist Group. The actual purpose is that with no Money left, innocent kids and wives of Terrorists could die of hunger. Is my donation now justified and I am innocent or is it implicitly bad to donate to a known bad actor that works against us all?

Terrorist groups?

👀

Ser, that's a Straw Man Fallacy because terrorist groups spread terror and do actual nefarious things. zkSNACKS' developers were merely looking for a way to filter out "tainted" outputs, and they accepted the trade-offs to safeguard their coordinator from "taint". They were not giving money to terrorist groups.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: PrivacyG on July 06, 2024, 06:17:19 AM

How about those who advertise as a Privacy oriented Service but then they pay a Third Party to collect and share data with Agencies, are they Scammers too?

Of course not. Don't you know they are open-source and donate money to other open-source projects? You are only a scammer if you wear a signature of mixing service. Those are the rules we have always lived by. It's not like Kruw makes them up as he goes. And let me tell you another thing. zkSNACKs only funded blockchain analysis companies to keep the terrorists and scammers away. Damn those nasty terrorists, always trying to hurt us. Kruw was a big ambassador of that and hailed their actions. In fact, he loved the idea so much that his coordinator allows those same terrorists and scammers to coinjoin. But like I said, it's not like he makes up the rules as he goes. Roll Eyes

Topic: Wasabi Wallet - Open Source, Noncustodial Coinjoin Software - page 21. (Read 11758 times)