As announced yesterday, the team of the famous Wasabi wallet has carried out an update, v1.1.12, which fixes a vulnerability that prevents the use of CoinJoin.
The v4 Hard Fork fixes a vulnerability that prevents the completion of #CoinJoin via a DoS (Denial of Service) attack.
The attacker could neither steal users' funds nor deanonymize anyone.
We advise you to update to Wasabi v1.1.12 as soon as you can.https://t.co/VYvzuuoFJe
— Wasabi Wallet (@wasabiwallet) September 3, 2020
From what can be read from the post, the flaw was discovered last May by Trezor‘s team – specifically by Ondřej Vejpustek – and in all this time they worked to fix and put a stop to this problem, which could be serious particularly on the user side.
In detail, the problem existed on the previous version, the v4 Hard Fork: a criminal could carry out a DoS (Denial of Service) attack and this prevented users from proceeding with the CoinJoin.
CoinJoin is a process by which a transaction is combined with others by mixing them, so that it is impossible to trace which address actually carried it out.
Fortunately, despite the bug, no user experienced this problem, so the attack did not result in any data loss or deanonymization, so users are all protected both on the crypto and privacy side, as the team explained:
“It is important to specify that the attacker could neither steal users’ funds nor deanonymize anyone. What they could have done was to prevent the completion of the CoinJoin process.”
At this point, the Wasabi team invited all users to update the wallet to the latest version, which was released last month to be protected from this potential problem that was plaguing the system.
Having the software up to date allows users to be shielded from the most recent attacks or leaks that are discovered over time, given that it is always possible to exploit problems and bugs that are not yet known, as in this case.
Wasabi subject to monitoring by Europol
At the beginning of June, Wasabi had been placed under observation by the Europol Cybercrime Center (EC3), which had noticed an increasing number of investigations involving this wallet.
Unfortunately, although this tool was created to protect users’ privacy, it is often used by criminals who want to take advantage of the anonymity provided by Wasabi to commit their illegal acts.
In fact, in their EC3 report, they highlighted how the wallet is used to anonymize bitcoin transactions using the CoinJoin function, which used in conjunction with TOR, manages to evade the AMLD5 regulations.