A Wasabi developer said the move was necessary to prevent hackers and scammers from using the service and to keep the company out of unspecified “trouble” (presumably the legal kind). The move underscores the challenges faced by centralized companies that provide services built to facilitate interaction with a decentralized ecosystem. It also serves as a reminder that fungibility – the quality that makes any unit of a currency interchangeable with another – is hard to maintain with bitcoin’s auditability.
Wasabi is known for its mechanism that helps to coordinate CoinJoins between different users. CoinJoins are a method of mixing coins to protect users’ privacy on a public ledger. Users send their coins (input transactions) into a sort of pool where they are mixed with other users’ coins. Then they receive an equal value of bitcoins (output transactions) at the other end. The connection between the input and output transactions is thus obfuscated and hard for blockchain detectives to trace.
It is important to note that CoinJoining is not unique to Wasabi. It is a type of send transaction that is used by the Bitcoin protocol itself. CoinJoins are, by nature, decentralized and peer-to-peer. But it can be tricky to use ConJoin and even harder to find pools of other people who are willing to participate. The coordinator service that operates Wasabi Wallet, called zkSNACKS, provides an easy way for Bitcoin CoinJoin users to find each other and “coordinate” their transactions.
What it means
Wasabi’s zkSNACKS coordinator does just that: Its code coordinates transactions. It doesn’t actually hold user keys, nor can it actually see what is happening with the transactions once they are in the coordinator pool or trace the origins of the outputs on the other end.
What it can do, however, is see where inputs are coming from. Because zkSNACKS is a centralized service, it can prevent input transactions sent by certain addresses from entering the pool and CoinJoining with other inputs.
Does this mean CoinJoining is ‘broken’?
Wasabi Wallet will continue to operate using the zkSNACKS coordinator, albeit with a certain level of restrictions now in effect. Although it now excludes blacklisted addresses, zkSNACKs will remain operational for all other users who want to maintain their bitcoin privacy.
The wallet’s new screening measures have prompted other CoinJoin-enabling platforms to assess their own practices.
Samourai Wallet, for example, also uses a coordinator, Whirlpool, to facilitate CoinJoining among its users. It noted in a Twitter thread that coordinators simply “pass data packets from one connected client to another”:
Furthermore, because CoinJoin is an open-source protocol, restrictions imposed by one centralized coordinator do not spell the end for CoinJoins and the bitcoin privacy they protect. As privacy advocate Matt Odell pointed out in a Twitter thread, “Anyone can run a competing coordinator that does not do this blacklisting and users can switch to it.”
JoinMarket, for example, recently released a more user-friendly interface for its CoinJoin-enabling platform, though its new UI is still a work in progress. According to data site Bitcoin KPI, volume on JoinMarket appears to be significantly higher than on Wasabi and Samourai’s Whirlpool combined.