Reiterating centralized coinjoin (Wasabi & Samourai) deanonymization attacks

The discourse highlights concerns about potential privacy weaknesses within certain cryptocurrency systems, specifically focusing on Wasabi and Samourai wallets. The complexity of these potential attacks seems to deter exploitation; however, evidence of any such activity should be traceable in Wasabi's debug logs. Despite these vulnerabilities being well-documented for years, there has not been a significant demand for resolving them. Presently, two main client implementations are identified: Wasabi Wallet and the BTCPay CoinJoin plugin. Following the discontinuation of the ZkSnacks coordinator, Trezor removed its CoinJoin feature, as detailed in an important update.

The analysis extends to how blockchain data interpretation, specifically through services like LiquiSabi.com, offers plausible insights but not definitive proof of these privacy issues. This inference aligns with known behaviors of client and backend implementations. The open availability of source codes for these clients throughout their operational period is noted, although verifying the authenticity of the software running on coordinator servers poses challenges, especially with Samourai's situation following the takedown of their self-hosted GitLab.

The commentary suggests that if there were a demand for more transparent coordination services, establishing one would face no significant barriers. It encourages operators to either switch to more transparent coordinators or start their own, emphasizing the importance of honesty and clear communication regarding trust assumptions. It mentions the possibility for coordinators to operate for profit or support specific causes, provided they do not mislead about their services.

Furthermore, the conversation touches upon architectural aspects and potential improvements within wabisabi's framework, noting that some suggested mitigations, like using multiple Tor circuits for added security, have yet to see implementation progress. The ongoing dispute over the existence of these issues by current maintainers, who dismiss concerns based on the argument that it's a lightweight client, is also criticized. The author urges those qualified to audit or review the system to verify or refute the claims made, offering assistance to new contributors interested in addressing these unattended critiques.