Bitcoin Privacy At Risk As Battle Between Wallets Intensifies with Samourai and Wasabi
Samourai, a Bitcoin privacy wallet, came out last Thursday and announced that Wasabi Wallet, it’s the biggest competitor, is the target of an ongoing network attack. The announcement by Samourai becomes the latest in a string of allegations the wallet provider has put out against their competitor.
According to Samourai Wallet, the attach resembles a Sybil attack. A Sybil attack is when a few users create new false identities to create the illusion that there are large numbers on the network. This would mean that the anonymity set in which Bitcoin transactions can be hidden is not as large as the wallet provider suggests. If one person in a particular set has their identity uncovered, the privacy of all the others is put at risk because most of the accounts in that pool belong to one person.
Samourai says that the attacks on Wasabi’s network go back as far as January 2019. Wasabi has hit back refuting the claims made by Samourai with their allegations against the rival wallet. This back and forth between the two Bitcoin wallets has led to users questioning the ability of either to maintain the privacy of their users.
Two Sides of The Same Coin
The two wallets were the same application before, and their similar core design shows the relationship between the two wallets. The lead designers for Samourai (TDevD) and Wasabi (nopara73) worked together on the building of Zerolink, a long-standing Bitcoin privacy tech.
One of the differences between the two wallets lies in the implementation of Zerolink. Samourai calls it Whirlpool, and it has a different pricing mechanism than Wasabi. According to the co-founder of Samourai Wallet, Whirlpool raises the expense for malicious actors who might want to break the anonymity of users through a Sybil attack.
Wasabi claims that using Whirlpool to protect anonymity is not the best method as it can always be broken because Samourai uses a centralized, backend server to process users’ extended public keys. Adam Ficsor of Wasabi says that the creator of Coinjoin, George Maxwell, approached the Samourai team and raised concerns about the use of a backend server but he was harassed and accused of making false claims.
There’s No Separating the Two
While the two privacy wallet providers are having a go at each other, experts say that nothing is separating the two. Hillebrand says that the issues presented by both are based on different assumptions.
Hillebrand also says that while the basics of Zerolink’s implementation in the two wallets are the same, users are required to take matters of privacy into their own hands by making sure that they stick to the best practices of the respective wallet’s protocol.
Kevin Loaec, Managing Director of blockchain consultancy firm Chairsmiths, said that any implementation of CoinJoin’s Zerolink would be vulnerable to the same kind of attacks. Any mistake from any of the mixing participants remains recorded on the immutable blockchain, and it amplifies the risks of future exposure. Loaec adds that by using wallets like Wasabi and Samourai your spending habits, consolidations you use and all your activity can be used to profile you and reduce your anonymity.