{"id":19375,"date":"2024-12-10T12:29:25","date_gmt":"2024-12-10T10:29:25","guid":{"rendered":"https:\/\/forklog.com\/en\/vulnerability-found-in-wabisabi-coinjoin-protocol\/"},"modified":"2024-12-10T12:29:25","modified_gmt":"2024-12-10T10:29:25","slug":"vulnerability-found-in-wabisabi-coinjoin-protocol","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/vulnerability-found-in-wabisabi-coinjoin-protocol\/","title":{"rendered":"Vulnerability Found in WabiSabi CoinJoin Protocol"},"content":{"rendered":"

The team behind Ginger Wallet, a privacy-focused fork of Wasabi Wallet, has addressed<\/a> a vulnerability in the WabiSabi CoinJoin protocol that allowed for the deanonymization of users.<\/p>\n

The bug, discovered by a programmer known as drkgry, affects Wasabi Wallet version 2.2.1.0, Ginger Wallet 2.0.13, the BTCPay Server plugin 1.0.101.0, and earlier releases.<\/p>\n

CoinJoin technology enables multiple users to combine their inputs and outputs into a single transaction. This mixing of coins prevents the identification of its participants.<\/p>\n

The WabiSabi protocol coordinates this process, allowing clients to contribute varying amounts in a single round. All information is concealed during the registration of outputs through the use of anonymous accounts.<\/p>\n

WabiSabi users generate private accounts, among other things, using key parameters and a maximum amount. The vulnerability allowed a malicious coordinator to assign their own unique values to these criteria.<\/p>\n

This opened the possibility for tracking users throughout the coin mixing process, enabling the correlation of inputs and outputs, wallet clustering, and data deanonymization.<\/p>\n

In May, zkSNACKs, the developer of Wasabi Wallet, decided to cease<\/a> the CoinJoin service to comply with US regulatory requirements.<\/p>\n","protected":false},"excerpt":{"rendered":"

The team behind Ginger Wallet, a privacy-focused fork of Wasabi Wallet, has addressed a vulnerability in the WabiSabi CoinJoin protocol that allowed for the deanonymization of users. The bug, discovered by a programmer known as drkgry, affects Wasabi Wallet version 2.2.1.0, Ginger Wallet 2.0.13, the BTCPay Server plugin 1.0.101.0, and earlier releases. CoinJoin technology enables […]<\/p>\n","protected":false},"author":1,"featured_media":19374,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1256,57,933],"class_list":["post-19375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-privacy-and-personal-data","tag-wallets","tag-wasabi-wallet"],"aioseo_notices":[],"amp_enabled":true,"views":"66","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/19375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=19375"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/19375\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/19374"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=19375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=19375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=19375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}