On Tuesday, journalist Laura Shin published a story that claims to identify the 2016 Genesis DAO hacker who siphoned 3.6 million ethereum from the decentralized autonomous organization. While the story surprised the crypto community, one of the biggest eye-openers was the blockchain analysis methods leveraged, and the claim that Chainalysis allegedly “de-mixed” Wasabi transactions.
Community Shocked by Chainalysis ‘De-Mixing’ Wasabi Transactions, Samourai Wallet Criticizes Wasabi’s Coinjoin Scheme
An article published by the journalist Laura Shin has revealed a so-called shocker about the use of Coinjoin transactions. Specifically, Shin’s report highlighted how she used a “powerful and previously secret forensics tool from crypto tracing firm Chainalysis.” According to the report, Chainalysis discovered the attacker sent 50 bitcoin to a Wasabi wallet, and the blockchain intelligence firm was reportedly able to “de-mix” the transactions. This piece of information was unexpected to a great number of crypto supporters. After the article was published, bitcoin advocate Nic Carter wrote:
Lots of crazy stuff in the DAO hacker piece this am, but the part that stood out to me was Chainalysis being able to demix Wasabi [transactions].
Furthermore, the team behind the Samourai wallet criticized Wasabi’s mixing scheme on Tuesday as well. Wasabi has been under fire in the past over privacy concerns and the team has been debating Samourai developers over the issue for years.
If you are using wasabi, you need to read this thread: https://t.co/FL7f30nWeC
“With Wasabi if you are mixing 10 BTC, I can trivially track that 10 BTC as it is peeled down into smaller utxos. The left over change is part of the mix tx, and thus creates a determinstic link” pic.twitter.com/yTqJCp0YLp
— ODELL (@ODELL) July 18, 2019
On July 16, 2019, Wasabi tweeted that it donated funds to the Tor project and left the transaction ID in the tweet. Crypto developer Keonne Rodriguez replied to Wasabi’s tweet and claimed to deanonymize the transfer.
“Input:1 comes from [the previous transaction] to Wirex in the amount of 4BTC in which 38 inputs from wasabi mixes were merged,” Rodriguez said at the time. “Since Wirex uses 1 static address and doesn’t refresh them we know that the total amount sent to this Wirex account is 6 BTC (nice job).” The software engineer continued:
Input:0 comes from a prev mix with 31% of [transactions] seen together (this is actually a fairly low number for Wasabi, nice job), and a few obvious deterministic links. About 30 of the outputs have been clustered by OXT, and I suppose I can go and cluster more with a more powerful PC.
Samourai Sends Wasabi an ‘Immediate Private Disclosure’ in 2019, Wasabi Wallet Founder Stressed Samourai’s Claims Were ‘Inflated’
On August 19, 2020, the Samourai wallet team published a blog post that claimed to find two potential privacy vulnerabilities with Wasabi’s mixing scheme. Samourai detailed it discovered this information while researching the infamous Twitter hack that took place that summer. According to the wallet developers, they made an “immediate private disclosure” to the Wasabi team concerning the issues.
“The intention of this statement is to provide enough time for Wasabi Wallet users to seriously consider pausing usage of the Coinjoin aspect of the Wasabi software, if users wish to continue making use of this feature they should consider their reported anonset is *at best* equal to the anon-set of the last mix that generated the UTXO,” Samourai wrote at the time. However, Adam Ficsor, the founder of Wasabi wallet, claimed at the time that Samourai’s claims were “inflated.”
“They claimed Wasabi is broken because of the lack of randomness in coin selection for Coinjoins,” Ficsor said in an interview published the day after Samourai’s vulnerability report. “More specifically, they tried to show that if an adversary knows all the UTXOs in a wallet, then it can tell which coin will be mixed next time. This is pointless as the only entity who knows the UTXOs in a wallet is the user itself. Then they moved on to building more and more on this false premise, repeating their conclusion over and over again, and that’s the rest of the technical part of the letter.” Ficsor added:
The community knows their claims are inflated and in their latest attempt they seek more credibility by trying to get us to play along with their nonsense by writing us a blackmail letter that has all the social engineering tricks in it, like setting deadlines to create a sense of urgency, repeating their false conclusions over and over again, and presenting the possible options that we have and explaining the consequences of us not playing along to create a sense of fear.
Amir Taaki Calls Coinjoin Schemes ‘Absolute Garbage,’ Gavin Andresen Wouldn’t Be Surprised if ‘85% of Tornado Cash Usage Was Not Private’
In addition to Wasabi, the Coinjoin mixing scheme itself has been criticized for leaking specifics about the mixing participants. Essentially, Coinjoin is an anonymization scheme first proposed by the developer Gregory Maxwell and it allows participants to combine multiple payments into a single transaction in order to obfuscate the transaction process. It’s true that Coinjoin offers a deeper anonymity set, but if a user mixes a bunch of coins and eventually consolidates them into one address, it can still leave behind some traces to the original owner.
This issue has been known for quite some time and many developers have explained the downfalls of the deanonymization procedure. In July 2020, the crypto developer and activist Amir Taaki told the public that UTXO mixing concepts like Coinjoin were “absolute garbage.” Taaki is well known for developing the privacy wallet Dark Wallet, an unfinished Coinjoin wallet protocol he developed with Defense Distributed’s Cody Wilson. Taaki also claimed that the privacy-centric coin monero (XMR) and concepts like Mimblewimble were not that great.
Furthermore, the former Bitcoin Core developer Gavin Andresen has called out issues with Coinjoin schemes in the past as well. In a blog post published in January 2020, Andresen discussed the ethereum (ETH) mixing tool called Tornado Cash. Interestingly, Andresen wrote that he wouldn’t be surprised if a paper came out in 2023 that shows “85% of tornado usage was not private.” Andresen’s blog post adds:
Not because the cryptography is broken, but because it is really hard for mere mortals to use something like Tornado (or Coinjoin or other similar technologies) in a way that doesn’t leak information about their wallet.
Meanwhile, speaking with theblockcrypto.com’s Yogita Khatri and Tim Copeland, Chainalysis told the reporters that “Laura’s report about our role in her investigation is accurate.” The reporters also spoke with the Chainalysis competitor Elliptic and co-founder Tom Robinson stated that “Elliptic can also demix Wasabi transactions in some circumstances.”