A story released on Tuesday claims Chainalysis de-mixed Wasabi wallet transactions to identify the 2016 Genesis DAO hacker who stole 3.6 million Ethereum from the organization, worth approximately $10 billion today.
In the article released by Forbes, journalist and author of “Cryptopians” Laura Shin identifies the hacker as 36-year-old programmer, Toby Hoenisch. Hoenisch is known as the co-founder and CEO on Tenx and has vehemently denied Shin’s claims stemming from her research for the firm Chainalysis.
“We identify the apparent hacker — he denies it — by following a complicated trail of crypto transactions and using a previously undisclosed privacy-cracking forensics tool,” Shin claims in her report.
Shin claims that Chainalysis was able to de-mix after the attacker sent 50 Bitcoin to a Wasabi wallet using methods described in her report.
“In a final, crucial step, an employee at one of the exchanges confirmed to one of my sources that the funds were swapped for privacy coin Grin and withdrawn to a Grin node called grin.toby.ai. (Due to exchange privacy policies, normally this sort of customer information would not be disclosed),” Shin stated, ”The IP address for that node also hosted Bitcoin Lightning nodes: ln.toby.ai, lnd.ln.toby.ai, etc., and was consistent for over a year; it was not a VPN. It was hosted on Amazon Singapore. Lightning explorer 1ML showed a node at that IP called Tenx.”
Community skeptics of Wasabi’s CoinJoin rang the bell in 2019
Privacy advocates in the Bitcoin community Matt O’Dell, Keonne Rodriguez, and Wasabi competitor, Samourai Wallet, challenged Wasabi’s privacy tool CoinJoin back in 2019.
O’Dell in 2019 referenced and quoted a Telegram post from Samourai on issues they saw with Wasabi’s mixer.
Rodriguez also seemed to have the forethought and savvy to see some of the issues in Wasabi’s CoinJoin and was referenced by Samourai.
Mixing tools like CoinJoin aim to help users maintain privacy by mixing their funds with other users in order to obscure their history of transactions.
From today’s revelations there appear to be a couple avenues. Chainalysis has the ability track and trace all CoinJoined transactions or it comes back to user error.
“We helped trace funds despite the attacker’s attempts to cover his tracks [with] mixers,” said Chainalysis. “This is yet another example of evidence preserved on the blockchain forever.”
Analytic firm Elliptic confirms user error as root to trace
It is not possible for all CoinJoin transactions to be de-mixed according to co-founder and chief scientist of Elliptic, Tom Robinson.
“Yes, Elliptic can also demix Wasabi transactions in some circumstances. However, this does not mean that all Wasabi transactions can be demixed. This is typically possible in situations where the Wasabi user has made a mistake,” said Robinson.
The tracking of funds through Wasabi were possible due to the user not following best practices in regards to privacy, including addresses being used multiple times. All transactions can not be de-mixed but some can, and that goes for most mixers, according to Robinson.
“There are completely legitimate reasons to use mixers, and our aim is not to violate peoples’ financial privacy without cause,” said Robinson. “However, we do try to trace specific funds, known to have originated from illicit activity, through mixers.”
In conclusion the claim that chainalysis was able to ‘hack’ wasabi’s coinjoin technology is not correct. However, the fact that traces left by the user allowed to follow certain transactions and create clusters reveals that bitcoin privacy requires savvy users.