Just to keep fair criticism here, sybil attacks in coinjoins are easily detectable, in order for the attack to work efficiently in deanonymizing a certain input -- the coordinator needs to refuse connection confirmations from all other participants, so if your input has not been spent before and the coordinator rejects your connection it's safe to assume that it's preparing for a Sybil attack on an input it identified earlier in the current round.
If Wasabi going to sybil one input they put all other inputs in a different round. Very easy for them. And undetectable.
And no need to sybil every input. Every input is examined by BC analysis first. BC analysis say 'we don't care about this input, fully KYCed, user is tracked by other methods, whatever' then coinjoin as normal. BC analysis say 'gov want more info on this input' then they get sybilled.