Samourai Wallet: Potential vulnerability in Wasabi Wallet threatens users’ anonymity

The company behind the Bitcoin wallet Samourai Wallet, OXT Research reported two potential vulnerabilities in the competing Wasabi Wallet.

The firm discovered them in late July while studying the movements of Bitcoins stolen in a Twitter hack. These flaws in the code, according to OXT, threaten users’ privacy.

After thorough investigation, researchers classified the vulnerabilities as critical. According to OXT, the issue concerns CoinJoin mixing technology: when the outputs of a transaction are mixed again, the result of the first mix is cancelled, threatening users’ anonymity.

OXT approached zkSNACKs Ltd, the company behind Wasabi Wallet, asking for an official statement. In that statement, the Samourai Wallet developers asked for clarification of the risks for users and guidance on how to mitigate them.

According to OXT, zkSNACKs’ technical director David Molnar replied to their inquiry and pledged to investigate the matter. Later, the company’s co-founder Adam Fichor issued a response, calling OXT’s statement an attempt at blackmail. Communication with Wasabi Wallet representatives then broke off.

OXT now plans to publish a detailed report on the vulnerabilities within 48 hours. According to them, this step will allow wallet users to take steps to safeguard their privacy.

In April last year, Adam Fichor accused the Samourai Wallet leadership of running a smear campaign from fake social-media accounts.

In mid-July, Elliptic analysts reported that 22% of Bitcoins stolen in the Twitter hack were sent to Wasabi Wallet.

Subscribe to ForkLog’s news on Facebook!