In Whirlpool, the coinjoin is consisted of three remixers and two premixers, meaning that for every new coinjoin, two new entrances are required to begin, which will be joined with three already mixed coins. This means that if an attacker wants to de-anonymize a coinjoin, they need to have at least three remixed coins and another premixed coin (in the same round!), so that they can see where the premixer victim's coin ends up.
Exactly. The extra small round sizes in Whirlpool makes it far easier to attack than coinjoins that include hundreds of coins into one round.
There can be only 1 user remixing btw -
https://mempool.space/tx/3cef999a3c006be772f7f63fc87b718cd01146ab593644e0eeb3d61e753f02b8But, to be a premixer you need to pay the entrance fee in each coinjoin, which is quite high to discourage that particular attack.
This fee does nothing when the attacker is also the coordinator.
And the more the remixes the honest user does, the more expensive this attack becomes, because the more entrances the attacker has to pay.
I don't see how this is vulnerable.
Did you read about JoinMarket's fidelity bonds? It explains how to defend against a Sybil attacker who gets to remix for free (or in JM's case, for profit):