Is Chainalysis telling the truth? Do they have a super-secret decoding tool that can break Wasabi CoinJoins? The jury is out on that one. This article contains all the evidence available, though. Yesterday, journalist and Unchained Podcast host Laura Shin broke the Internet by allegedly identifying the Ethereum DAO hacker. In the article detailing the case, she claims her team used a “powerful and previously secret forensics tool from crypto tracing firm Chainalysis.”
Wasabi Wallet's flaws aren't merely 'user error'. They look more systematic to me. https://t.co/fYisj079qb
— Stephan Livera (@stephanlivera) February 23, 2022
The thing is, Wasabi CoinJoins have known vulnerabilities in the current version of the wallet. So, it’s easy to think that Chainalysis just exploited those. Why would they lie, though? To make themselves look big. And to scare away everyday users from privacy tools. On the other hand, the surveillance firm might have a super-secret forensics tool that breaks Wasabi CoinJoins. They might.
Related Reading | Running With The Big Dogs: Chainalysis To Cover Dogecoin In Its Reports
What Does The Article Say About Chainalysis’ Mystery Tool?
In “Exclusive: Austrian Programmer And Ex Crypto CEO Likely Stole $11 Billion Of Ether,” Laura Shin doesn’t reveal much about the tool itself. The first time she mentions it, Shin can’t help herself and praises Chainalysis and the advances in “technology for tracking transactions.”
“Last year, as I was working on my book, my sources and I, utilizing (among other things), a powerful and previously secret forensics tool from crypto tracing firm Chainalysis, came to believe we had figured out who did it. Indeed, the story of The DAO and the six-year quest to identify the hacker, shows a lot about just how far the crypto world and the technology for tracking transactions have both come since the first crypto craze.”
The second time, she goes on the offensive and attacks Wasabi Wallet, deems the technology “so-called CoinJoin,” and reveals something extremely interesting:
“Jumping off from the Coinfirm analysis, blockchain analytics company Chainalysis saw the presumed attacker had sent 50 BTC to a Wasabi Wallet, a private desktop Bitcoin wallet that aims to anonymize transactions by mixing several together in a so-called CoinJoin. Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.”
Besides the super-secret decoding tool, she’s saying the alleged hacker mixed the coins and immediately sent them to four exchanges. This was six years ago. Was any of those exchanges centralized? Did any of the exchanges have KYC information from the alleged hacker?
ETH price chart for 02/23/2022 on Poloniex | Source: ETH/USD on TradingView.com
What Does The Twitterati Think About Chainalysis Mystery Tool?
On the one hand, podcast host Stephan Livera went hard on Wasabi. “Wasabi Wallet’s flaws aren’t merely ‘user error’. They look more systematic to me,” he said. Also in this camp, Bitcoin influencer Lili leaked documents and explained the situation. “This is a leaked internal doc from Chainalysis, a report on demixing Wasabi. Wasabi coinjoin features: link-able mixes and address reuse.”
This is a leaked internal doc from Chainalysis, a report on demixing Wasabi. Wasabi coinjoin features: link-able mixes and address reuse.
No mentions of Whirlpool coinjoin, because it actually works? https://t.co/bL0Q6v2kar
— Lili (@Marketsbylili) September 21, 2021
On the other hand, Italian Bitcoin advocate Giacomo Zucco had another target in mind. “A new secret chainanalysis technique reveals that people taking Laura Shin seriously are gullible and clueless,” he claimed.
I do. Probably because of some post-mix mistake of the specific target, possibly not even CJ-related, not because of "new hidden technique able to specifically deanonymize CJ users in general" as the article (full of mistakes in other regards) seems to want the reader to think.
— Giacomo Terrorist Zucco ?⚡?☠️? (@giacomozucco) February 23, 2022
In a posterior tweet, he explained that the exploit was “probably because of some post-mix mistake of the specific target, possibly not even CJ-related, not because of “new hidden technique able to specifically deanonymize CJ users in general” as the article (full of mistakes in other regards) seems to want the reader to think.”
.@chainalysis Do you claim to be able to deanonymize properly coinjoined Wasabi Wallet 1.0 UTXOs?
— Wasabi Wallet (@wasabiwallet) February 22, 2022
To close this off, Tal Be’ery, a security expert, offered great insight. “If true, this is probably not the case anymore, as I don’t believe Chainalysis would burn this capability for PR.” Speaking about PR, Wasabi Wallet point blank asked the surveillance firm, “Do you claim to be able to deanonymize properly coinjoined Wasabi Wallet 1.0 UTXOs?” Sadly for this article, Chainalysis didn’t answer.
Related Reading | Chainalysis New Service: Snitching For The Lightning Network. Can They Deliver?
Samourai Wallet Enters The Scene Chopping Heads
The bitter rivalry between Wasabi Wallet and Samourai Wallet is already legendary. In a video titled “How Wasabi was “demixed” by Chainalysis,” Samourai destroy its competition by breaking down the case even further:
Luckily, Samourai’s LaurentMT broke the video down for us vía Twitter. Apparently, in Wasabi’s CoinJoin system, “when a large amount enters the mixer, it’s “peeled” through several transactions and it’s often possible to follow this peelchain.” With that info, they identify addresses that Wasabi Wallet used twice. “Such random occurrences of addresses reused by the mixer are a known issue of the wallet,” he said.
The specificity of this output is that it's associated to address [bc1qxp8k4] that was used twice by Wasabi Wallet (i.e. it was used in 2 mixes).
Note: Such random occurrences of addresses reused by the mixer are a known issue of the wallet. https://t.co/Zw62e4Fp4X pic.twitter.com/q9vYPWS19d
— LaurentMT (@LaurentMT) February 22, 2022
After that, they kept unpeeling the onion until they got to a Poloniex account.
To summarize:
– In this case, no error was made by the user. Only mixed outputs were consolidated in small numbers (good practice),
– Chainalysis has exploited a known issue of the mixer,
– No "advanced tool" was needed to find these results.— LaurentMT (@LaurentMT) February 22, 2022
To the untrained eye, it might seem like Samourai’s investigation validates Chainalysis’ mystery tool. Nothing could be further from the truth, LaurentMT’s summary leaves it clear. 1.- The user made “no error.” 2.- Chainalysis “exploited a known issue of the mixer,” and 3.- To obtain the data, Chainalysis didn’t need any mystery tool. Enough said.
Featured Image by milivigerova on Pixabay | Charts by TradingView
