GingerWallet developers have disclosed a vulnerability in their wallet that allows malicious actors to deanonymize users of their wallet.
In a world where financial privacy is increasingly valuable, Bitcoin users rely on advanced tools to protect their transactions. The Wasabi 2.0 protocol, included in GingerWallet One of the most respected and used wallets in the community, it promised an unprecedented level of anonymity. However, a recent revelation has shaken the foundations of this trust: a critical vulnerability in the Wabisabi protocol, the heart of Wasabi 2.0, has been discovered.
This flaw allows a malicious attacker to completely deanonymize user transactions, negating the long-awaited privacy benefits. How did this come to be and what implications does it have for the millions of users who rely on Wasabi 2.0? Find out the story behind this vulnerability and how it affects the future of privacy in Bitcoin in this article.
What is Wasabi 2.0? The heart of GingerWallet
Wasabi 2.0 is the latest version (and a fork) of the popular Bitcoin wallet GingerWallet, known for its focus on privacy and transaction security. This wallet uses a protocol called Wabisabi, which is an evolution of the Zerolink protocol used in previous versions. The main improvement of Wabisabi is that it allows coinjoins (mixing transactions) with dynamic amounts, which increases the flexibility and efficiency of the mixing process.
GingerWallet's main goal is to provide Bitcoin users with a high level of anonymity and privacy in their transactions, leaving Wasabi Wallet's known flaws behind. However, the recent disclosure of a vulnerability in the Wabisabi protocol has put the security and privacy that this wallet promised in jeopardy.
The vulnerability discovered
Recently, an anonymous developer under the name of drkgry has reported a critical vulnerability in the Wabisabi protocol, affecting GingerWallet’s Wasabi 2.0. This vulnerability allows a malicious coordinator to completely deanonymize user inputs and outputs in a coinjoin round. In other words, an attacker controlling the coordination server can identify and link user transactions, negating any privacy benefits the coinjoin might have provided.
The problem lies in the way the Wabisabi protocol handles maximum credential values (maxAmountCredentialValue) during the check-in and check-out process. When a user starts participating in a coinjoin round, they request information from the coordination server. The server responds with a set of parameters, including the maxAmountCredentialValue, which is the maximum credential value the server will issue. However, because there are no methods in place for clients to cross-check this information, a malicious coordinator can assign a unique maxAmountCredentialValue to each user.
Impact on privacy
This vulnerability is particularly severe because it allows an attacker to “tag” each user with a unique identifier. During the process of recording outputs, the coordinator can identify which user each output belongs to based on the credential value. This means that instead of shuffling transactions and hiding ownership, the coordinator can clearly see which outputs belong to which users, completely eliminating the privacy benefits of coinjoin.
The severity of this vulnerability cannot be underestimated. GingerWallet users who believed they were protected by the Wabisabi protocol now find themselves in a situation where their transactions can be tracked and linked, compromising their anonymity and financial security. This situation is especially worrying for those who use GingerWallet to make high-value transactions or to protect their privacy in hostile environments.
The historical context
The vulnerability is not a recent discovery. In 2021, Yuval Kogman, also known as nothingmuch, one of the original developers of Wabisabi, had already identified this problem during the protocol design phase. Kogman proposed measures to protect clients from tagging attacks, including the use of proofs of ownership tied to UTXOs (Unspent Transaction Outputs) and cross-checking server parameters. However, these suggestions were not implemented in the final version of GingerWallet.
The failure to implement these critical security measures is due, in part, to the pressure to release version 2.0 as quickly as possible. The development team, in an effort to speed up the process, chose to cut corners in the implementation of certain security features. This decision has had serious consequences, as the vulnerability now exposes users to significant risk.
The community response
The disclosure of this vulnerability has sent shockwaves through the Bitcoin community. Many users and developers are expressing their concerns and criticizing the GingerWallet team for failing to adequately address known security issues. Trust in the wallet and the Wabisabi protocol has been severely shaken, and many users are reconsidering their use of GingerWallet.
For its part, the GingerWallet development team has acknowledged the seriousness of the situation and announced that it will work to fix the vulnerability as quickly as possible. However, restoring user trust will be a significant challenge, especially after it has been shown that privacy and security were not top priorities during development.
In any case, the vulnerability discovered in GingerWallet’s Wabisabi protocol is a powerful reminder of the importance of security and privacy in the Bitcoin ecosystem. Trust in tools and protocols that promise to protect users’ privacy must be based on a solid foundation of security and rigorous implementation of protective measures. The Bitcoin community hopes that the GingerWallet team will take decisive action to fix this vulnerability and restore trust in their wallet.
