By Bentley Kapoor (India)
If Wasabi Wallet users want to continue using the CoinJoin feature that can maintain the privacy of their Bitcoin transaction histories, then they need to upgrade to the latest version. This is due to the fact that this feature is no longer available to users running older iterations of the wallet and they cannot mix their coins with people who are using the new version. The wallet was hard-forked by the Wasabi Wallet Team on Thursday for addressing a vulnerability that was discovered by a team leader at a leading maker of hardware wallets, Trezor. A hard fork refers to a code change that causes older versions of software to be incompatible with new ones.
The discovery of this flaw is another example of the cooperation and camaraderie of the open-source community. Developers are constantly trying to help their peers in improving their software and they have responsibly disclosed a number of vulnerabilities during these processes for patching flaws before any bad actors can exploit them. However, there are times when such disclosures are less than cordial, something made evident by the long-running tensions between Wasabi and Samourai Wallet, it’s rival.
According to a blog post by Wasabi Wallet, Ondřej Vejpustek, a hardware wallet developer at Trezor, had disclosed the potential denial-of-service (DoS) responsibly to their team on May 10. Wasabi Wallet’s marketing strategist and contributor, Riccardo Masutti said that Vejpustek had been cooperating from the very beginning and had given them complete freedom over managing the disclosure, both in terms of communication and time. He said that this was a great display of the importance of communication between developer teams and security researchers and how it should be done. Wasabi Wallet has assumed that the DoS attack has never been carried out and is hypothetical.
Had it happened, it would have interfered with CoinJoin’s implementation. This is a privacy feature that enables Wasabi Wallet users to mix their Bitcoin with others for obscuring their transaction histories. As per this implementation, every Wasabi Wallet can only take out as much as they contribute. Mixing can make it difficult for nosy parkers and blockchain snoops to trace bitcoin transactions to known addresses and the identities of their owners. This mixing process would have been halted by the disclosed DoS vulnerability. The attacker would have been able to register bitcoin for a mix without it being verified by the mix’s coordinator.
Simultaneously, they would have submitted a verified, real transaction to the mix. The result would be a difference between the total value of inputs and outputs made to the CoinJoin. Hence, an invalid transaction would be built as a result. The CoinJoin would be foiled if the attack was carried out, though it wouldn’t have allowed the attackers to make away with any coins or reveal the identity of any people in the mix. The fix was patched by Wasabi Wallet with the hard fork they made on Thursday. This patch was applied to the version of the wallet that was released on August 5th.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.