pull down to refresh

Major Vulnerability In WabiSabi Coinjoin Protocolwww.therage.co/vulnerability-wabisabi-coinjoin/
816 sats \ 26 comments \ @k00b 9 Dec 2024 privacy
write
preview
related posts
45 sats \ 16 replies \ @Rsync25 9 Dec 2024
Wasabi fanboys will say is “FUD”
reply
203 sats \ 5 replies \ @DarthCoin 9 Dec 2024
Why FUD? I see it as a good thing that they found this now and fix it.
Vulnerabilities are always to be found in any software code. Just because an app doesn't have vulnerabilities found it doesn't mean in the future somebody will not find some. When a vulnerability is fixed, it makes that app stronger.
reply
0 sats \ 4 replies \ @Rsync25 9 Dec 2024
Now you’re defending CoinJoin. Oh, what surprises. Everyone knows any software has vulnerabilities.
reply
97 sats \ 3 replies \ @DarthCoin 9 Dec 2024
I am not against coinjoins. In the past I used also coinjoins, but in the pre-LN era. After that I do not see its usefulness for me, that's all. That doesn't mean is not useful for others.
reply
21 sats \ 2 replies \ @Rsync25 9 Dec 2024
You always said that CoinJoin is useless nowadays, due LN. I haven't forgotten that.
reply
105 sats \ 1 reply \ @DarthCoin 9 Dec 2024
good. That doesn't mean we will shit on wasabi devs now. They are the good guys, not like the Lightspark you are shilling every fucking day.
view all 1 replies
11 sats \ 9 replies \ @k00b OP 9 Dec 2024
I've never understood the beef really. Bitcoiners just seem to love a good infight.
reply
286 sats \ 1 reply \ @petertodd 10 Dec 2024
There was never a fight between Wasabi and Joinmarket, because both projects are decent coinjoin implementations with advantages and disadvantages relative to each other.
Samourai both made a lot of money, and had known, unfixed, flaws so serious it might have been a fed op. The fight there had both a monetary incentive, and possibly, a fed incentive.
reply
29 sats \ 0 replies \ @Rsync25 10 Dec 2024
There was never a fight between Wasabi and Joinmarket, because both projects are decent coinjoin implementations with advantages and disadvantages relative to each other. Samourai both made a lot of money, and had known, unfixed, flaws so serious it might have been a fed op. The fight there had both a monetary incentive, and possibly, a fed incentiv
True
reply
21 sats \ 1 reply \ @DesertDave 9 Dec 2024
I don't get it. Why would anyone fight about it?Personally, I won't have sushi without it but I can respect others distaste.
Sorry, two time dad here.
reply
110 sats \ 0 replies \ @k00b OP 9 Dec 2024
reply
20 sats \ 0 replies \ @anon 9 Dec 2024
It was all marketing and weaponizing plebs to drive their bottom line. Follow the incentives.
reply
28 sats \ 3 replies \ @Rsync25 9 Dec 2024
I also never had this internal fight. Bitcoiners are wasting their time fighting themselves.
reply
15 sats \ 2 replies \ @kepford 9 Dec 2024
Amen. Some people just like fighting.
reply
0 sats \ 1 reply \ @Rsync25 9 Dec 2024
😁😁
reply
0 sats \ 0 replies \ @kepford 9 Dec 2024
Coupled with the dumb take "toxic is good". I mean I don't think toxic responses are never warranted but for some reason people think being a jerk is some sort of virtue. Its easy to be a jerk actually.
reply on another page
54 sats \ 0 replies \ @Imyourfed 9 Dec 2024
From the article
Yuval Kogman, one of the lead architects of the WabiSabi protocol, points out that he had previously raised concerns about WabiSabi’s tagging attack mitigation, stating that the issue was known among developers. Kogman describes the implemented fixes as partial.
reply
20 sats \ 4 replies \ @denlillaapan 9 Dec 2024
We need serious Samourai-type people clasping the niche market the DOJ took away from us... ...oh, wait there is one! #698748
reply
14 sats \ 2 replies \ @OT 9 Dec 2024
It doesn't do coinjoins.
reply
0 sats \ 1 reply \ @denlillaapan 9 Dec 2024
...yet.
As far as I understand, anyway
reply
71 sats \ 0 replies \ @OT 9 Dec 2024
So for now its Wasabi and Joinmarket.
reply
0 sats \ 0 replies \ @lontivero 13 Dec 2024
Let me translate the vulnerability report here: wasabi coinjoin client implementation had a bug that made it trust on the coordinator as samourai whirlpool does. The difference is that in Wasabi is was because a bug while in whirlpool it is by design.
reply
57 sats \ 1 reply \ @WhatIsBitcoin 9 Dec 2024
@kruw You heard about this?
reply
573 sats \ 0 replies \ @kruw 9 Dec 2024
Yep, the writing of the article is a bit sloppy, a few corrections:
  • There's no vulnerability in the protocol itself, rather, it's a bug in the clients implementing the protocol.
  • I wouldn't categorize this as a "Major" vulnerability since clients can detect a malicious coordinator performing this sort of attack.
Overall, it's good that there's multiple teams implementing the protocol in open source projects, allowing these sorts of issues to be caught.
reply
11 sats \ 0 replies \ @DesertDave 9 Dec 2024
Good to know. Thank you.
reply