Re: WasabiWallet.io | Open-source, non-custodial Bitcoin Wallet for desktop
⭐ Merited by PrivacyG (5) ,pooya87 (4) ,n0nce (1) ,dkbit98 (1) ,DireWolfM14 (1) ,Hueristic (1) ,ETFbitcoin (1) ,DdmrDdmr (1)
It seems Wasabi software doesn't prevent users from merging the outputs that came from the same CoinJoin round, which essentially destroys all privacy gained as a result of a complex transaction.
Let's analyze a bit the first CoinJoin transaction: https://kycp.org/#/d31c2b4d71eb143b23bb87919dda7fdfecee337ffa1468d1c431ece37698f918
In the picture above, we clearly see that some of the outputs have been spent together in four separate transactions:
https://kycp.org/#/3c67a57d35176bb13a7f098295a51ceb7a9abccc9b655cf2582126f0d1a05b0f
https://kycp.org/#/50cbcba0b4d752c658069842202e200c3086d3c7bd2258363103ccf40614866d
https://kycp.org/#/cb5816fa97cf8826548524f9e02290a7764ad2a9857c1abde2fd44c55516ece0
https://kycp.org/#/b0f590341a587fe6140a932d81c238a7a0451ccfde4efec7084f1c5dda8e0561
The second transaction (b0f590341a) is (surprisingly) also the second wasabi 2.0 coinjoin, which was announced here https://twitter.com/HillebrandMax/status/1538181219610918913?s=20&t=qOdxv6VZZyiopkWGbZKwoQ
This particular transaction indicates that some of the outputs of the first coinjoin were used as inputs in the second coinjoin, which is totally fine from the privacy perspective because they may belong to different users.
The third (cb5816fa97c) and the fourth (b0f590341a5) transactions are either consolidations or payments (although without creating any change outputs).
The most interesting transaction (in my opinion) is the first one (3c67a57d351):
The output of this transaction (according to KYCP) belongs to OKEX exchange, which means that all these inputs were sent directly to someone's exchange account and, therefore, can be linked to a particular identity. Wasabi Wallet doesn't utilize any post-mix spending tools, and if part of the users practices bad spending behavior (like spending directly to a centralized exchange), then the other part of the users (more advanced) can potentially be deanonymized in a process of elimination.
Let's analyze a bit the first CoinJoin transaction: https://kycp.org/#/d31c2b4d71eb143b23bb87919dda7fdfecee337ffa1468d1c431ece37698f918
In the picture above, we clearly see that some of the outputs have been spent together in four separate transactions:
https://kycp.org/#/3c67a57d35176bb13a7f098295a51ceb7a9abccc9b655cf2582126f0d1a05b0f
https://kycp.org/#/50cbcba0b4d752c658069842202e200c3086d3c7bd2258363103ccf40614866d
https://kycp.org/#/cb5816fa97cf8826548524f9e02290a7764ad2a9857c1abde2fd44c55516ece0
https://kycp.org/#/b0f590341a587fe6140a932d81c238a7a0451ccfde4efec7084f1c5dda8e0561
The second transaction (b0f590341a) is (surprisingly) also the second wasabi 2.0 coinjoin, which was announced here https://twitter.com/HillebrandMax/status/1538181219610918913?s=20&t=qOdxv6VZZyiopkWGbZKwoQ
This particular transaction indicates that some of the outputs of the first coinjoin were used as inputs in the second coinjoin, which is totally fine from the privacy perspective because they may belong to different users.
The third (cb5816fa97c) and the fourth (b0f590341a5) transactions are either consolidations or payments (although without creating any change outputs).
The most interesting transaction (in my opinion) is the first one (3c67a57d351):
The output of this transaction (according to KYCP) belongs to OKEX exchange, which means that all these inputs were sent directly to someone's exchange account and, therefore, can be linked to a particular identity. Wasabi Wallet doesn't utilize any post-mix spending tools, and if part of the users practices bad spending behavior (like spending directly to a centralized exchange), then the other part of the users (more advanced) can potentially be deanonymized in a process of elimination.