Topic: Wasabi Wallet - Open Source, Noncustodial Coinjoin Software - page 5. (Read 8542 times)

You can detect if a coordinator is attempting a Sybil attack. I explained this to you already, remember?

A Sybil attack becomes much easier to execute if the coordinator is malicious. They could simply accept a small number of coins for the round and replace the rest with coins controlled by chain analysis. This would undermine the reliability of the anonymity set.

And this becomes exponentially more effective when there sits little liquidity in the coordinator. This is why I have claimed in the past that the protocol is not entirely trustless.

You're lying. zkSNACKs did absolutely nothing to degrade the security or durability of Wasabi's software.

Picture this: You're a company that aims to improve Bitcoin privacy. To me, this means combating surveillance resulting from blockchain analysis. The enemy, among every blockchain spectator out there, is primarily blockchain surveillance firms, as they hold vast amounts of data, ranging from the light wallet servers they operate to the numerous data points they buy and sell with third parties, such as KYC data, IP addresses, etc.

What would you think of this company's integrity if it suddenly announced that it would be funding the enemy? That's essentially what happened, as far as the public is aware. Of course, they didn't say, "we will be funding blockchain surveillance", but something like "we will buy information about the inputs". But in reality, they were only making these firms more powerful by buying into this harmful notion. Here's another strange and suspicious aspect of this situation: why purchase from these firms when you openly acknowledge that their analysis is based on false positives?

And even we justify all that; justify zkSNACKs for preemptively starting funding blockchain analysis and blacklisting, and blame it on the authorities for potentially pressuring them in the future. How on Earth can one justify that their input registration was permitted by the blockchain analysis firm? This is like making your software insecure and fragile, on purpose. People with the greatest incentive to break coinjoins suddenly had the power over who is allowed to join a coinjoin. This is nuts.

If you're asking me, this is way too much gesture to the authorities, and ultimately for no reason. zkSNACKs had similar confrontation by the US government, as Samourai did, despite the fact that they (zk) sold out their users.

And these were just two of the practices employed by Wasabi; there are countless other red flags that make it impossible for me to trust them with my privacy, even if the client software is open-source.

We knew. No centralized service can survive over the long term; that's the reason Bitcoin was created.

We certainly weren't "scamming" anyone, as there was often a warning that using the X mixer required you to trust it with your coins. Calling this practice a scam is as baseless as claiming that those who directed you to FTX were scamming, simply because they might have foreseen its shutdown, given the numerous examples of other CEXs that had been hacked or gone bankrupt.

To clarify my position: I don't believe Kruw is a scammer (and if I ever referred to him as such, I publicly apologize). Whether or not constantly evading arguments is considered fraudulent is open to debate. But, I have actually defended him against people who labeled him a scammer due to this recent bug. I do, however, find him untrustworthy for the reasons I've outlined in here.

Well, we have to. Without privacy solutions like coinjoins, Bitcoin becomes the wet dream of blockchain surveillance. It's just that the solutions currently available, in my view, are insufficient. At least comparably to privacy technologies employed by Monero. (It's been a while since I paid with Bitcoin last time.)

Perhaps the line we need to draw is against maximalism, where anything that cannot be implemented in the Bitcoin protocol is dismissed as "unnecessary shitcoin features".

Whether he is dishonest (or can be considered dishonest, is) open for debate but the type of characteristics he has consistently displayed over a long period of time certainly have shown him to be someone that will not be liked or appreciated by the majority in this forum. Regarding the actual number of funds that were coin joined through his co-ordinator, it seems Open Coordinator will probably catch up fast.

Thank you very much for your answers, especially for the tips regarding Trezor and Lightning.


If I understand correctly, the "siphoning" didn’t mean that the rogue coordinator was "sweeping" coins or accessing private keys. This, along with the updates that have taken place since then, is reassuring.


Yes and no. You're right that the coordinator itself has been abolished, but so has the fee, as the whole concept has shifted towards a more free and open model. Take, for example, Wabisator - Wabisabi Coordinators List, including Kruw's free coordinator.


Yes, that's true, but they quickly adapted to the changes in the market. The new version immediately allowed for more user-friendly handling of coordinators. In the latest version, you can even set a coordinator fee cap, and it includes default protection settings. Overall, I see these as positive developments. Blockchain analysis and mass surveillance were definitely not the right direction. I completely share the concerns about these issues. Thankfully, they are now a thing of the past (or so it seems).

Hi, welcome to the forum.


I think you wanted to say "The coordinator has been abolished" instead (without word "fee"), since that's what zkSNACKs did[1].


Some people doesn't find the delicate balance reasonable, especially because zkSNACKs used to mention blockchain analysis company as part of mass surveillance[2]. And FWIW, you also had to edit configuration file to switch coordinator. I expect only few of Wasabi wallet user aware of it.


Ginger Wallet[3] and joinstr[4] may fit your criteria.

[1] https://blog.wasabiwallet.io/zksnacks-is-discontinuing-its-coinjoin-coordination-service-1st-of-june/
[2] https://web.archive.org/web/20181228073613/https://wasabiwallet.io/
[3] https://gingerwallet.io/
[4] https://joinstr.xyz/

You don't even need to send them to yourself on Lightning, you can just spend anywhere on Lightning privately.


Every single Bitcoin node can monitor outputs that went through a coordinator's coinjoins since Bitcoin is a public blockchain, so there's no "honeypot" involved with the coordinator's node.

What's your opinion on adding an extra layer of privacy after a CoinJoin through sending your CoinJoined outputs to yourself through the Lightning Network?

What if a coordinator is a honeypot, and they could monitor the outputs that went through them. Would they be capable of monitoring those outputs if they passed through a multi-hop transaction in the Lightning Network?

What have I ever said that was dishonest? Provide a direct quote.


Although Trezor is no longer supporting coinjoin development, you can still re-enable the dormant feature manually since all the code is open source: https://wasabi.kravens.nl/#trezor


Exactly. Any critic of blacklisting could have ran their own coordinator at any time to solve their own complaints. The fact they never did proves they are acting malicious towards Bitcoin privacy projects on purpose.


It doesn't matter if they "couldn't have known" that Chipmixer would scam everyone, it matters that they "could've guessed" it would. After the Chipmixer scam, its promoters immediately switched to promoting the next scamming site. And after that mixing site scam predictably took everyone's money, guess what? These same promoters would move on to post ANOTHER mixing site scam in their signature.

These scammers understand a mixing site is just someone else's Bitcoin wallet. This allows forum users participating in these signature promotions to scam over and over and over again by just blaming their boss for taking all the money (while they get paid their cut of the scam up front for helping spread the scam's deposit link across the forum).


It depends on your standard of "average user". JoinMarket/Jam provides privacy for Bitcoin but it costs more block space and requires more technical knowledge. Lightning has different privacy guarantees depending on your setup, but it provides basic protection for small amounts while also being much cheaper than Wasabi/BTCPay or JoinMarket/Jam.


The warning posted on X was phrased to induce more panic than necessary in order to incentivize users to upgrade. Here's a full explanation:

- Existing versions of Wasabi 2.0 have always had a 1% safety cap on the amount a client will pay in coordinator fees for a coinjoin round. zkSNACKs, the previous default coordinator, only ever charged 0.3% in coordinator fees and gave free remixes.
- Version 2.0.8.0 introduced a GUI option in the client to switch coordinators.
- Version 2.0.8.1 released shortly after which introduced an option for users to specify a maximum fee limit between 0% and 1%.
- I inquired with the Wasabi devs about the way fee limits were implemented for blame rounds. This led to the discovery of a bug which allowed a coordinator to bypass the user-specified fee limit added in 2.0.8.1 in the blame round and charge the 1% safety cap maximum: https://github.com/WalletWasabi/WalletWasabi/pull/13191
- This was not a protocol issue and did not affect Trezor coinjoin users or BTCPay Server coinjoin users.
- "Wasabicoordinator[.]io"s gains from triggering this fee bypass were limited to ~triple the regular rate users would have normally paid for coinjoining with zkSNACKs, allowing them to "siphon" the funds of participants who think they are only paying the 0.003% fee rate the coordinator advertised.
- Version 2.1.0.0 was released to fix this and enforce the user specified fee limit for blame rounds.

Hey folks, I've been observing what's going on here for months. Now I've reached the point where I want to speak up. What I see, as an outsider:

Wasabi Wallet has become more open and transparent than ever before, driven by necessity! Am I wrong? The coordinator fee has been abolished, and anyone can become a coordinator. "Let a hundred flowers bloom." The mixers have fallen in the struggle. Every reputable mixer. Sparrow has removed Whirlpool. Trezor has discontinued CoinJoin based on the Wasabi coordinator.

What has happened in recent years? Wasabi tried to find some delicate balance between the authorities and privacy. Why? So that their service could operate smoothly. It seemed like a reasonable deal: making a minimal gesture to the authorities in exchange for a greater "public good." Excluding marked coins from CoinJoin never meant they were blocked. You could still mix them with another coordinator. It just wasn't advertised. Wasabi obviously wanted to profit. That lasted until now. The unfortunate case with Samourai has shown that this is not possible!

What if none of the people here are scammers? Neither the mixers supporters nor the members of the Wasabi team. Those participating in the signature campaigns couldn’t have known that one day all mixer services, even the oldest ChipMixer, would shut down. Wasabi couldn’t have known that its own approach was a dead end. But at least they tried. And NOW they’ve switched to a nonprofit mode.

Due to the full-court press by authorities against mixers, we are in a new era. Currently, with Wasabi and a freely chosen (free) coordinator, it’s the ONLY way for an average user who wants to use CoinJoin to ensure privacy. Everyone else is out of the game. Or am I wrong? Suggest alternatives if I’m missing something. (I know about XMR, but right now I’m talking about BTC.)

Why is there this pettiness? You, the "old-timers" here, labeled Kruw a scammer for months, accusing him of collaborating with the government. Then, when the mixer services collapsed, suddenly he was in an advantageous position, and now he's calling you scammers. I emphasize: what if no one is at fault? Why can't we draw a line and look to the future?

Questions for Wasabi: what exactly was this security incident on July 10th? What's going on? A warning was posted on X, then a more detailed explanation on GitHub, but nothing since. "We have been informed that a coordinator named WasabiCoordinator is trying to slowly siphon funds from its users using a sophisticated attack" - you wrote. This sounds pretty bad. Is there any information on how much money the scammer managed to siphon off? Can it be stated that this won't happen again? Was this a flaw in the wallet client, or is there a bug in the protocol? A simple user would be curious about these things. Thank you.

And for God's sake, guys, some calmness, please. I'd like to believe we're all in the same boat. And apologies for the tl;dr.

I find it really peculiar how this much Money has been Coin Joined through the Coordinator functioned by one of the most dishonest persons I saw around here.

Over $1 billion worth of total coinjoin volume has been calculated so far by Wasabist's explorer!

Personally, I believe it's OK if Mixtum could also accept that their findings could also be refutable, and it's quite more efficient to build everything in-house.

Although, trust would be a major issue.


No, both o_e_l_e_o and BlackHatCoiner were aware that they partnered with a chain analysis company: https://bitcointalksearch.org/topic/m.62802323