Wasabi Wallet users need to upgrade to the latest version if they want to continue using the CoinJoin feature to keep their Bitcoin transaction histories private.
Thats because those running older iterations of the wallet can no longer use this feature to mix their coins with users who have the newest version.
The Wasabi Wallet team hard-forked the wallet Thursday to address a vulnerability discovered by a team member at Trezor, a leading maker of hardware wallets. A hard fork is a code change that makes older versions of a software incompatible with newer ones.
The flaws discovery is another example of the open-source communitys camaraderie and cooperation. Developers are constantly tinkering to improve their peers software, and many vulnerabilities have been responsibly disclosed during these processes to patch flaws before they can be exploited by bad actors. (Sometimes, however, the disclosures by rival teams are less-than-cordial, as evidenced by the long-running tensions between Wasabi and rival Samourai Wallet.)
According to a Wasabi Wallet blog post, Trezor hardware wallet developer Ondej Vejpustek responsibly disclosed the potential denial-of-service (DoS) attack to the Wasabi team on May 10 (a DoS attack entails an attacker spamming a network or protocol with the hopes of stymying its operations, hence denial of service).
Vejpustek has been very cooperative since the beginning and left us total freedom on how to manage the disclosure, both in terms of time and communication. This demonstrates the importance of proper communication between security researchers and dev teams. This is how a responsible disclosure should be, Wasabi Wallet contributor and marketing strategist Riccardo Masutti told CoinDesk, adding that Vejpustek was paid a bitcoin bounty for his efforts.
This hypothetical DoS attack, which Wasabi Wallet assumes has never been carried out, would have interfered with the wallets implementation of CoinJoin, a privacy protocol that allows users to mix their bitcoin with others to obscure the coins transaction histories.
Wasabi WalletsCoinJoin implementation requires each participant to take out as much as they put in. If, for instance, 10 participants join a mix for 0.1 BTC, then each user must send exactly that amount (plus a miner fee) and must receive that exact amount for the mix to be successful and to retain CoinJoins privacy protections. Mixing coins makes it harder for blockchain snoops and nosy parkers to pin bitcoin transactions to known addresses and their owners identities.
The disclosed DoS vulnerability would have halted the mixing process. The attacker would register bitcoin for a mix without that bitcoin being signed (verified) by the mixs coordinator, while at the same time submitting a real, verified transaction to the mix.
The result would be an incongruity between the total value of inputs made to the CoinJoin and the value of expected outputs. As a result, the coordinator would unwittingly build a transaction that cant be valid, since the sum of all inputs is less than the sum of all outputs, according to Vejpusteks analysis.
If the attack were pulled off, it would foil the CoinJoin, though it would not have given the attacker the ability to steal any coins nor could they deanonymize any peers in the mix.
Wasabi Wallet patched the fix with the hard fork deployed Thursday. This upgrade was applied to v.1.1.12of the wallet, which was released on Aug. 5.
View post:
Wasabi Wallet Patches Flaw That Could Have Thwarted Bitcoin Privacy Feature - CoinDesk - Coindesk
- Google removes malware Android apps used to secretly mine bitcoin - April 26th, 2014 [April 26th, 2014]
- Bitcoin exchange MtGox liquidated - April 26th, 2014 [April 26th, 2014]
- Bitcoin Wannabe Litecoin Emerges as Low-Price Challenger - April 26th, 2014 [April 26th, 2014]
- The Worlds First Bitcoin Debit Card Is Almost Here - April 26th, 2014 [April 26th, 2014]
- How does Bitcoin work? - Bitcoin - Open source P2P money - April 26th, 2014 [April 26th, 2014]
- Bitcoin - Wikipedia, the free encyclopedia - April 26th, 2014 [April 26th, 2014]
- The Bitcoin Group #27 - China Bans Bitcoin Again - Politics - Dark Market - Bitcoin VC - Video - April 26th, 2014 [April 26th, 2014]
- Edan Yago - Free Market Bitcoin regulation and Honduras free trade zones.mp4 - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin vs. Political Power: The Cryptocurrency Revolution - Stefan Molyneux at TNW Conference - Video - April 26th, 2014 [April 26th, 2014]
- Video: Roundup of This Week's Bitcoin News 25th April 2014 - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin Fredagsbar med Torben Mark Pedersen - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin and the Internet of Money - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin for Dummies - Video - April 26th, 2014 [April 26th, 2014]
- Bitcoin runner-up Litecoin emerges as low-price challenger - April 27th, 2014 [April 27th, 2014]
- Bitcoin or Gold? Squawk Walk Taipei- Squawkonomics - Video - April 27th, 2014 [April 27th, 2014]
- Bitcoin Miner AntMiner S1 180 - 200 GH/s Nu in de Aanbieding! - Video - April 27th, 2014 [April 27th, 2014]
- New Bitcoin Documentary: Boom or Bust - Video - April 27th, 2014 [April 27th, 2014]
- Bitcoin May v0.9.1 GitHub Source Code Development Visualization - Video - April 27th, 2014 [April 27th, 2014]
- Atomic-Trade Bitcoin Exchange. AML, BSA, FinCEN compliant - Video - April 27th, 2014 [April 27th, 2014]
- China Bans Bitcoin Again -- Bitcoin the Movie -- Startup for Startups Raises 2,000 BTC - Video - April 27th, 2014 [April 27th, 2014]
- 4/24/14 - Xapo Debit Card, Russia's 1st Bitcoin Conference, Silk Road 2.0 - Video - April 27th, 2014 [April 27th, 2014]
- What is Bitcoin? - Video - April 27th, 2014 [April 27th, 2014]
- David Andolfatto, How Does Bitcoin Work? - Video - April 27th, 2014 [April 27th, 2014]
- Australian Bitcoin traders hit by crash - April 28th, 2014 [April 28th, 2014]
- Bitcoin traders hit by Mt.Gox crash - April 28th, 2014 [April 28th, 2014]
- Market Extra: Bitcoin venture capital money hasnt kept up with buzz - April 28th, 2014 [April 28th, 2014]
- Bitcoin price slips as China steps up regulation - April 28th, 2014 [April 28th, 2014]
- Bitcoin price slips on China regulation - April 28th, 2014 [April 28th, 2014]
- Win .33 Bitcoin ($150 or so, Depending on BTC value) - Meme game for May 1st - Take My Bitcoins - Video - April 28th, 2014 [April 28th, 2014]
- Ron Paul on Bitcoin - Video - April 28th, 2014 [April 28th, 2014]
- btc.sx Bitcoin derivatives platform George Samman clip - Video - April 28th, 2014 [April 28th, 2014]
- 'The Rise And Rise Of Bitcoin' Filmmaker: 'There Is No Answer Yet' - April 29th, 2014 [April 29th, 2014]
- Bitcoin the movie: It just had to happen - April 29th, 2014 [April 29th, 2014]
- Bitcoin Vies with New Cryptocurrencies as Coin of the Cyber Realm - April 29th, 2014 [April 29th, 2014]
- The Bitcoin Meetup - BitcoinMKE Hosts Jeffrey Tucker - Video - April 29th, 2014 [April 29th, 2014]
- MIT Bitcoin Expo 2014 - Video - April 29th, 2014 [April 29th, 2014]
- Bitcoin Expo 2014: Fireside Chat with Dr Gavin Wood - Video - April 29th, 2014 [April 29th, 2014]
- Rise Bitcoin Singapore - Video - April 29th, 2014 [April 29th, 2014]
- Preview: Bitcoin Authenticator - 2FA for wallets - Video - April 29th, 2014 [April 29th, 2014]
- The Bitcoin Group #27 (Live) - China Bans Bitcoin Again - Politics - Dark Market - Bitcoin VC - Video - April 29th, 2014 [April 29th, 2014]
- 4/25/14 - More China uncertainty, Missourian bitcoin warning, BadLepricon malware - Video - April 29th, 2014 [April 29th, 2014]
- Money & Tech at The Rise And Rise Of Bitcoin Afterparty - Video - April 29th, 2014 [April 29th, 2014]
- New Bitcoin student club at MIT will promote the virtual currency - April 30th, 2014 [April 30th, 2014]
- 4/29/14 - MIT Bitcoin Project, Mt Gox revival plan, Mastercard lobbyists & Team Rubicon - Video - April 30th, 2014 [April 30th, 2014]
- BitCoin Dentist GoCoin Fox News Interview - Video - April 30th, 2014 [April 30th, 2014]
- Bitcoin Foundation Election Hiccups -- Pathetic Ohio Bans Bitcoins -- Dogecon SF 2014 - Video - April 30th, 2014 [April 30th, 2014]
- Bitcoin Slips to $420 as BTC China Halts Transactions - Video - April 30th, 2014 [April 30th, 2014]
- MultiSig Plus BitCoin Multi Coin Wallet looks like HUGE INVESTMENT potential! - Video - April 30th, 2014 [April 30th, 2014]
- Bitcoin: what happens when the miners pack up their gear? - May 1st, 2014 [May 1st, 2014]
- Dark Wallet Is About to Make Bitcoin Money Laundering Easier Than Ever - May 1st, 2014 [May 1st, 2014]
- Bitcoin Talk Show #7 -- Skype BitcoinTalkShow to Call in Live! 🙂 - Video - May 1st, 2014 [May 1st, 2014]
- Basic Bitcoin Bitches - Video - May 1st, 2014 [May 1st, 2014]
- Gold standard vs Fiat vs Bitcoin - Truthloader - Video - May 1st, 2014 [May 1st, 2014]
- How to Defund the System: Bitcoin vs. the Central Banksters - Video - May 1st, 2014 [May 1st, 2014]
- Bitcoin, Anarchy and Freedom with Roger Ver - Video - May 1st, 2014 [May 1st, 2014]
- MIT Goes Bitcoin-Wild - May 1st, 2014 [May 1st, 2014]
- Bitcoin Weekly 2014 April 30: Bloomberg adds Bitcoin to their market index, MIT to produce campus-wide bitcoin ... - May 1st, 2014 [May 1st, 2014]
- 'Dark Wallet' wants to make Bitcoin even harder to trace - May 1st, 2014 [May 1st, 2014]
- Bitcoin made simple (video animation) - Video - May 1st, 2014 [May 1st, 2014]
- Jon Matonis: Bitcoin - The future of commerce? - Video - May 1st, 2014 [May 1st, 2014]
- $100 in Bitcoin Going to Every MIT Undergrad - Video - May 1st, 2014 [May 1st, 2014]
- The Rise of Digital Currency - Video - May 1st, 2014 [May 1st, 2014]
- Money Goes Virtual: The Bitcoin Bourse - Video - May 2nd, 2014 [May 2nd, 2014]
- Bitcoin Lights with LIFX - Video - May 2nd, 2014 [May 2nd, 2014]
- Bitcoin: How We Got Here and Where We Are Going - May 3rd, 2014 [May 3rd, 2014]
- 5/1/14 - Larry Summers warns critics, Paym system & Bitcoin Center NYC roundtable - Video - May 3rd, 2014 [May 3rd, 2014]
- On est Connect S2 #07 1/2 : BitCoin et Musique sur Internet - Video - May 3rd, 2014 [May 3rd, 2014]
- MIT Undergrads To Receive $100 Worth Of Bitcoin This Fall - Video - May 3rd, 2014 [May 3rd, 2014]
- Why it only took ME less than 2 minutes to believe in Bitcoin - Video - May 3rd, 2014 [May 3rd, 2014]
- Bitcoin Basics and Regulation Thoughts from NH Liberty Forum - Bruce Fenton - Video - May 3rd, 2014 [May 3rd, 2014]
- PRIMER CAJERO DE BITCOIN EN BIT CENTER DE TIJUANA - Video - May 3rd, 2014 [May 3rd, 2014]
- Yelp adds Bitcoin acceptance to business listings - Video - May 3rd, 2014 [May 3rd, 2014]
- Bitcoin A Terrorist Threat? Counterterrorism Program Names Virtual Currencies As Area Of Interest - May 4th, 2014 [May 4th, 2014]
- How Does Bitcoin Works - Video - May 4th, 2014 [May 4th, 2014]
- 10 Things You Didn't Know About BitCoin - Video - May 4th, 2014 [May 4th, 2014]
- BITCOIN The Future of Money - Video - May 4th, 2014 [May 4th, 2014]
- Bitcoin Miner Review - Video - May 4th, 2014 [May 4th, 2014]
- The Bitcoin Group #28 (Live) - Yelp Lists Bitcoin - MIT Bitcoin $100 - Dark Wallet - Ohio Bans BTC - Video - May 4th, 2014 [May 4th, 2014]
- Bitcoin: Gary North is Mentally Deranged And Bitcoin Will Change Everything - Video - May 4th, 2014 [May 4th, 2014]
- Who is the Bitcoin Warlord? - Video - May 4th, 2014 [May 4th, 2014]