From Dread.
Nopara73, the lead developer at failed bitcoin wallet Wasabi, has decided to leave the project. In his wake he leaves behind over 132 arrests of users who were scammed into believing that Wasabi provided any kind of transactional privacy whatsoever.
Both Wasabi 1.0 and its later 2.0 incarnation were demonstrably broken.
In early 2022 Wasabi admitted to working with chain analysis companies in order to identify and filter bitcoins entering their system. These are the same chain analysis companies that are providing information and "evidence" to be used for the government prosecution of privacy developers like Roman Sterlingov and Alexey Pertsev. In effect, Wasabi has been operating as a law enforcement honeypot.
See earlier posts from this Dread with regards to Wasabi misdeeds.
https://www.nobsbitcoin.com/wasabi-wallets-cto-leaves-to-focus-on-next-gen-bitcoin-privacy/ Questions keep arising concerning Wasabi Wallet mixing. Wasabi bugs, user arrests, user accounts flagged and so forth are becoming too numerous to keep track of.
I will try to keep this list up-to-date as new elements become available and are documented.
UPDATE: As Wasabi Wallet flaws continue to be ignored this list is also kept up-to-date at
http://scam7kwuwdjksshy6ocig5k34zuxigvhjbdy2hkvqbqsylt6eey2fmyd.onion/ Wasabi user account is flagged at BitFinex and this is pointed out by anonymous tweets thus causing Wasabi Lead Dev Nopara73 to dox competitor who he suspects is spreading the (true) facts about Wasabi's poor implementation.
https://web.archive.org/web/20200128233910/https://old.reddit.com/r/WasabiWallet/comments/beqj8r/bitfinex_lock_account/ https://twitter.com/sthenc/status/1251655851443515393 There have been 5 documented cases of coinjoins being flagged by exchanges and brokers. All have concerned Wasabi. Rather than fix recurring issues with their implementation, Wasabi claimed that the problem was due to an anti-coinjoin campaign by KYC actors despite the fact that only Wasabi coinjoins have ever been targeted
https://6102bitcoin.com/coinjoin-flagging/ (Update: now 6 documented cases. See below.)
6 arrests each from PlusToken and WoToken scams. See OXT Research links below.
Bitcoin address bc1q3zr88h3czss85xxp4lyyhes2xcgu7cg8vhcnzy is tagged as being BitClub. 700 btc into Wasabi via transaction 9a9cb20635db66de837685d01e7d00de9cc13c9bc80f7bcd1fe4f4173a4c503c. 3 arrests soon followed.
Wasabi hires known scammer Cedric Dahl as paid shill. Dahl peddles bogus DNM stats and falsely claims to have subjected Wasabi to a battery of tests.
https://www.whatbitcoindid.com/podcast/dark-markets-and-bitcoin-adoption-with-cedric-dahl Wasabi staff member doxes Wasabi corporate account via his own use of Wasabi wallet
https://twitter.com/keonne/status/1151437292730560512 Respected developer confirms that Wasabi ZeroLink is incorrectly implemented
https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2019-December/017542.html PlusToken uses Wasabi, mixes unwound
https://research.oxt.me/special-situation-report China & North Korea entities use Wasabi, mixes unwound
https://research.oxt.me/china-and-north-korea Nopara73, Wasabi lead developer, "donated" a Wasabi mixed output (almost 0.1 BTC) to a scammer who was stealing funds from Wasabi users in the Wasabi Telegram chat. The "donation" took place in transaction 683aba09e87f02611842c698bad49f48734247358c673b48941f8075416a3d49 and the amount was thereafter sent to an address controlled by Huobi. This can be confirmed in the Wasabi Telegram chat logs.
Wasabi lead developer publishing misleading usage statistics
https://twitter.com/6102bitcoin/status/1263464894323658757 Wasabi staff member admits providing liquidity to Wasabi via multiple wallets (Wasabi is self-sybilling)
https://twitter.com/6102bitcoin/status/1267449330975244290 Serious red flag about Europol report and Wasabi collaborating with law enforcement
https://twitter.com/6102bitcoin/status/1269243083314659328 Explanation of how Lasarus Group mixes were unwound
https://stephanlivera.com/episode/179/ More about the purported Europol report: closer examination of the PDF file reveals many major differences with other Europol EC3 reports available to the public via their website. As opposed to being a PDF-exported report with selectable text like all the others, the Wasabi report is a document made up of scanned images. In addition, the page template used for the Wasabi report is not used in any other EC3 report available which all use identical page layout and style templates.
Wasabi Wallet caught using fraudulent data against a competitor
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/bb22f5e261bbeb24e157 114 new arrests of individuals associated with the PlusToken scam
https://twitter.com/molllliy/status/1288771023437852677 3 arrests following use of Wasabi wallet mixing by the #TwitterHack scammers
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/325349fd8c53d0a7320f OXT Research identifies vulnerabilities in Wasabi Wallet mixing
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/dadd01b95a8f0586109f/ 6th instance of user account blocked due to proximity to Wasabi Wallet
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/c6220de5b865e09d4c8c Upon Wasabi's refusal to acknowledge reported vulnerabilities, OXT Research publishes report which confirms that a modified Wasabi client can be used to observe the anonymity set without taking part in any actual mixes. Chain analysis companies and law enforcement have probably been doing the same thing for quite some time which would certainly explain the 132 arrests and the 6 blocked/flagged accounts
https://twitter.com/anwfr/status/1297068327165026304 Wasabi Wallet linked to demise of Empire Market. Addresses "peeled back"
https://twitter.com/nixops/status/1299013819210096643 Wasabi Wallet developer "NothingMuch" warns users to not use Wasabi Wallet for DNM puchases
http://dreadytofatroptsdj6io7l3xptbet6onoyno2yv7jicoxknyazubrad.onion/post/2e822260eb74f8b85496 It should be noted that "NothingMuch" is the same developer who teamed up with a business associate of Wasabi Lead Dev in order to provide a list of faked data in an attempt to make a security disclosure against a competitor.
Security researcher 6102Bitcoin releases data on Wasabi symmetric address reuse. Symmetric address reuse occurs when a same address is used as both an input and an output in a same mix transaction. This is a huge flaw that degrades the anonymity set.
https://twitter.com/6102bitcoin/status/1318583039006511104 After contacting Wasabi Lead Dev in order to disclose findings, he is banned from Wasabi chat rooms
https://twitter.com/6102bitcoin/status/1313447816379981827 After repeated reports on Dread submitted by many different users, Wasabi’s coinjoin implementation is classified as a scam by Hades Onion Directory
http://hades3nre5yvwmoy5h4tgitvqu56e5j4euaatvyp62regy3ivwhwjwad.onion/ KuCoin hackers use Wasabi, mixes unwound
https://research.oxt.me/china-and-north-korea User ‘DominicG’ in Wasabi Telegram group reports (
https://t.me/WasabiWallet/54236 ) that Voyager exchange (
https://www.investvoyager.com/ ) is telling users not to deposit outputs from Wasabi or to use Wasabi after withdrawal.
