The Wasabi Wallet by zkSNACKs is an open-sourced Bitcoin digital wallet. The users get the freedom to store and manage the BTC with the help of the wallet’s available Windows version. Wasabi Wallet supports the BTC and offers facilities for trading. The Wasabi wallet uses a new type of validation that will enable communication with a central server over the Tor & Bitcoin P2P network. The bad news is that two potential vulnerabilities have been discovered in the Wasabi Wallet, which is related to privacy. In the past, too many flaws were found in Wasabi Wallet Coinjoin, but the industry experts ignored those as mere inferior design choices.
On the 3rd of August, the team of Research analysts from OXT Research completed an internal analysis. It verified that there were at least two vulnerabilities in the wallet, which were probably there right from its inception. The vulnerabilities were classified as CRITICAL and were conveyed to the technical team of Wasabi wallet. Now, these vulnerabilities are serious issues because there is a high chance that they were present in the Wasabi Wallet code for a long time. There is also a chance that an unethical or immoral person has been exploiting for a long time without the knowledge of the technical team of Wasabi Wallet. On their part, the research team has decided to issue a disclosure so that all users are alerted about this. It will help the users make an informed decision, and one may choose not to use the CoinJoin until a solution comes up to take care of the vulnerabilities. The team had requested Adam Ficsor, the founder of zkSNACKs, to work on this together, but Adam and his team showed no interest in pursuing the matter. The OXT Research team would have liked the zkSNACKs team to handle the issue differently, but the response was not encouraging.
The analyst team wants Wasabi Wallet to consider the possibility of stopping the usage of CoinJoin, and for this reason, they have gone ahead with the full disclosure. As per their declaration, the team is still interested in reverting the 15-day public disclosure if the team of Wasabi Wallet agrees to investigate the exposed vulnerabilities.