on the crypto
Wasabi Wallet users will need to upgrade to the latest version if they wish to continue using the CoinJoin feature which keeps Bitcoin transaction histories private.
Hard fork of the Wasabi wallet
The Wasabi Wallet team hard forked the wallet on Thursday to address a vulnerability discovered by a team member at Trezor, a leading hardware wallet maker.
A hard fork is a code change that makes older versions of software incompatible with newer ones. The discovery of the flaw in the code is another example of cooperation in the open source community.
Developers are constantly trying to improve their peers' software, and many vulnerabilities have been responsibly revealed to fix them before they could be exploited by malicious people. (At times, however, communications between rival teams are far from cordial, as evidenced by the longstanding tensions between the Wasabi and Samourai Wallet teams.)
Communicate responsibly
According to an official Wasabi Wallet post, Trezor hardware wallet developer Ondřej Vejpustek responsibly warned the Wasabi team about the potential of a Denial-of-Service (DoS) attack on May 10 (a DoS attack involves an attacker sending spam to a network or protocol by trying to obstruct its operations, hence “Denial of Service”).
“Vejpustek has been very collaborative from the start and left us complete freedom in how to manage the discovery, both in terms of time and communication. This demonstrates the importance of proper communication between security workers and development teams.
This is how responsible disclosure should be done, ”said Riccardo Masutti, Wasabi Wallet collaborator and marketing expert, adding that Vejpustek has received a bitcoin reward for his efforts.
Problem solved
A hypothetical DoS attack, which Wasabi Wallet assumes never happened, would have interfered with the implementation of the CoinJoin wallet, a privacy protocol that allows users to combine their bitcoins with others in a single wallet, in order to obscure the history of coin transactions.
Mixing coins into a single wallet makes it more difficult for attackers to trace the addresses associated with bitcoin transactions, and the identity of their owners. The DoS vulnerability revealed would have interfered with the mixing process.
If the attack had happened, it would have destroyed CoinJoin, although it would not have given the hacker the ability to steal coins nor could it have affected the anonymity of users in the mix. Wasabi Wallet fixed the bug with Thursday's hard fork. This update was applied to the wallet v.1.1.12, which was released on August 5th.
