Laura Shin published on Tuesday a story in which she claims that Laura Shin identified the Genesis DAO hacker of 2016 who received 3.6million ethereum through the decentralized autonomous organisation. While the story surprised the crypto community, one of the biggest eye-openers was the blockchain analysis methods leveraged, and the claim that Chainalysis allegedly “de-mixed” Wasabi transactions.
Community Shocked by Chainalysis ‘De-Mixing’ Wasabi Transactions, Samourai Wallet Criticizes Wasabi’s Coinjoin Scheme
The journalist Laura Shin revealed what she called a “shocker” about Coinjoin transactions in an article. Specifically, Shin’s report highlighted how she used a “powerful and previously secret forensics tool from crypto tracing firm Chainalysis.” According to the report, Chainalysis discovered the attacker sent 50 bitcoin to a Wasabi wallet, and the blockchain intelligence firm was reportedly able to “de-mix” the transactions. Many crypto enthusiasts were surprised to learn this piece of information. Nic Carter, a bitcoin advocate was also published after the article had been published. wrote:
There was a lot of interesting stuff in this DAO hacker article, but Chainalysis’s ability to mix Wasabi with it stood out. [transactions].
The Samourai team also created the wallet. criticized Wasabi’s mixing scheme on Tuesday as well. Wasabi, who has come under criticism in the past for privacy concerns, has faced fire from the team and has been debating the Samourai developer over this issue for years.
If you are using wasabi, you need to read this thread: https://t.co/FL7f30nWeC
Wasabi allows you to mix 10 BTC and I am able trivially to track it as it gets broken down into smaller units. “The determinstic link is created by the left-over change in the mixture tx. pic.twitter.com/yTqJCp0YLp
— ODELL (@ODELL) July 18, 2019
Wasabi will be open on the 16th of July 2019. tweetedThe transaction ID was left in the tweet and it also donated funds to Tor Project. Crypto developer Keonne Rodriguez replied to Wasabi’s tweet and claimed to deanonymize the transfer.
“Input:1 comes from [the previous transaction] to Wirex in the amount of 4BTC in which 38 inputs from wasabi mixes were merged,” Rodriguez saidIt was at that time. “Since Wirex uses 1 static address and doesn’t refresh them we know that the total amount sent to this Wirex account is 6 BTC (nice job).” The software engineer continued:
Output:0 comes a prev blend with 31% [transactions]Taken together, this is actually quite a low number for Wasabi. Nice job. There are also a few obvious links that can be attributed to determinism. OXT has clustered about 30 outputs. I think I could cluster more outputs with a faster PC.
Samourai Sends Wasabi an ‘Immediate Private Disclosure’ in 2019, Wasabi Wallet Founder Stressed Samourai’s Claims Were ‘Inflated’
On August 19, 2020, the Samourai wallet team published a blog post that claimed to find two potential privacy vulnerabilities with Wasabi’s mixing scheme. Samourai explained that it found this information during a search for the famous Twitter hack. According to the wallet developers, they made an “immediate private disclosure” to the Wasabi team concerning the issues.
“The intention of this statement is to provide enough time for Wasabi Wallet users to seriously consider pausing usage of the Coinjoin aspect of the Wasabi software, if users wish to continue making use of this feature they should consider their reported anonset is *at best* equal to the anon-set of the last mix that generated the UTXO,” Samourai wrote at the time. However, Adam Ficsor, the founder of Wasabi wallet, claimed at the time that Samourai’s claims were “inflated.”
“They claimed Wasabi is broken because of the lack of randomness in coin selection for Coinjoins,” Ficsor said in an interview published the day after Samourai’s vulnerability report. “More specifically, they tried to show that if an adversary knows all the UTXOs in a wallet, then it can tell which coin will be mixed next time. The user is the only person who has access to the UTXOs stored in a wallet. Then they moved on to building more and more on this false premise, repeating their conclusion over and over again, and that’s the rest of the technical part of the letter.” Ficsor added:
They know their lies and are trying to gain more trust by sending us blackmail letters. This letter contains all of the social engineering techniques used to manipulate people. It includes setting deadlines, repeating false conclusions, presenting options and explaining what happens if we don’t play along.
Amir Taaki Calls Coinjoin Schemes ‘Absolute Garbage,’ Gavin Andresen Wouldn’t Be Surprised if ‘85% of Tornado Cash Usage Was Not Private’
Wasabi was not the only criticism of Coinjoin’s mixing scheme. It also revealed details about mixing participants. Coinjoin, which is an anonymization scheme that allows users to merge multiple payments in one transaction to obscure the transaction process, was first suggested by Gregory Maxwell. It’s true that Coinjoin offers a deeper anonymity set, but if a user mixes a bunch of coins and eventually consolidates them into one address, it can still leave behind some traces to the original owner.
The issue is well-known and has been explained by many developers. In July 2020, the crypto developer and activist Amir Taaki told the public that UTXO mixing concepts like Coinjoin were “absolute garbage.” Taaki is well known for developing the privacy wallet Dark Wallet, an unfinished Coinjoin wallet protocol he developed with Defense Distributed’s Cody Wilson. Taaki said that concepts like Mimblewimble and privacy-centric coin monero XMR were not very good.
Gavin Andresen, a former Bitcoin Core developer has also raised concerns about Coinjoin programs in the past. Andresen wrote a blog in January 2020 about the Tornado Cash ethereum mixing tool. Interestingly, Andresen wrote that he wouldn’t be surprised if a paper came out in 2023 that shows “85% of tornado usage was not private.” Andresen’s blog post adds:
Not because the cryptography is broken, but because it is really hard for mere mortals to use something like Tornado (or Coinjoin or other similar technologies) in a way that doesn’t leak information about their wallet.
Meanwhile, speaking with theblockcrypto.com’s Yogita Khatri and Tim Copeland, Chainalysis told the reporters that “Laura’s report about our role in her investigation is accurate.” The reporters also spoke with the Chainalysis competitor Elliptic and co-founder Tom Robinson stated that “Elliptic can also demix Wasabi transactions in some circumstances.”
What do you think about the claims showing Chainalysis de-mixed Wasabi transactions and the claims against Wasabi’s mixing scheme in the past? Please comment below to let us know your thoughts on this topic.
Credits for the imageShutterstock. Pixabay. Wiki Commons
DisclaimerThis article serves informational purposes. It does not constitute an offer, solicitation, or recommendation of any company, products or services. Bitcoin.com is not a provider of investment, tax, legal or accounting advice. This article does not contain any information, products, or advice that can be used to cause or alleged result in any kind of damage.