How Wasabi Wallet Withstood Massive DDOS Attacks

This article was originally published by Nopara73 on Medium.

“In the New Testament, Armageddon is the final battle between good and evil before the Day of Judgment.” Below are the stories of four cyberattacks in it. Wasabi Wallet 2.0 on sale. Illustration by DALL-E (AI) and Wiesław Šoltés (human).We also covered the topic Talk at Mallorca Blockchain days.

Bitcoin is the most important revolution currently underway.that is money revolutionFor the first time in human history, money has made it possible to abstract the fruits of labor in its purest form. worthWe can then store it and even exchange it for other goods and services. Therefore, building ever-improving money technology is critical to human progress. Cryptocurrencies bring digital scarcity to a world lacking digital scarcity. The idea that Bitcoin is the most valuable cryptocurrency in existence means that the free market predicts that Bitcoin will become the world’s next reserve currency.

Bitcoin meets the characteristics of good money, except for stability, acceptability, portability, and fungibility. Consider stability and acceptability as meta-properties. These properties will satisfy as the currency’s market capitalization increases. Portability also encourages care. The challenge of making bitcoin cheap and fast is not trivial, but the brains ⚡ to achieve these goals are extraordinary. Substitutability As the main property to focus. The most important choice to tackle is Bitcoin fungibility.

Substitutability contributes to the quality of money. It shows how individual units of money are interchangeable and indistinguishable. In his 2019 paper, As economist Alastair Berg puts it: (Brunner and Meltzer, 1971; see also Banerjee and Maskin, 1996, p.958; Menger, 1892)”.

Year -2, Month -5, Day -15. Wasabi Wallet has been running for 2 years now. The system has finally reached a point where it can be said to be stable. Wasabi allowed me to keep my privacy in Bitcoin. However, enabling private use of Bitcoin does not mean that Bitcoin will suddenly become anonymous or fungible. For that to happen, users have to adopt it, and that means creating a frictionless user experience where privacy is the default. we, Wasabi Study GroupI reviewed the research literature on Bitcoin privacy. We always invited authors and sometimes they even came. After half a year, I moved to my own research called wabi-sabi. Over the next two years he implemented it with a complete UI and UX redesign.

0/15/0. Look, Wasabi Wallet 2.0 will be released two weeks from now on June 15, 2022. This is a state-of-the-art Bitcoin fungibility solution. While other projects working on Bitcoin privacy are building new privacy features, Wasabi Wallet 2.0 abstracts a comprehensive set of privacy tools into the background to help users understand other things happening in their lives. It is an attempt to be able to deal with the important things of This makes Wasabi Wallet 2.0 the missing piece of Bitcoin. Wasabi Wallet 2.0 solves substitutability as far as hot English-speaking desktop wallet users are concerned.

Wasabi Art 7

CoinJoins is the heart of Wasabi Wallet and the most important component of the software. His one week CoinJoin testing period on the mainnet and his six months CoinJoin testing period on the testnet have just ended. Never before has there been such a well-tested release. Everything had to go perfectly.

Year 0, month 0, day 0. day of release. Wasabi Wallet 2.0 was released without any major issues. “Smoothest release ever,” he repeated. Others kept saying “calm before the storm”, but I’m not superstitious so of course I ignored it. For his first three days, everything went according to plan. We have been patiently waiting for enough users to upgrade and start with his CoinJoin liquidity in place.

Wasabi Art 6

0 years, 0 months, 3 days. At dawn on the 3rd day, we hit our goal, but had a problem with CoinJoins failing. I was worried this might happen, so while I waited, I started a contingency plan to phase down the number of inputs required.

In the meantime, we’ve researched the situation and put our heads together to theorize why this is happening? I wonder if it wasn’t when I was in the middle of the day. The most plausible explanation was that our tests were not representative of Wasabi users. Different developers running multiple instances with mostly good internet connections when we want to coordinate hundreds of users over an unreliable anonymous network. did not. I had to reduce the number of inputs required until CoinJoins could run properly. As we continue to improve our software, over time we will be able to adjust for larger rounds.As we continue to reduce the number of inputs required, his first CoinJoin occurred at 72 inputs .

0/4/0. Under attack. CoinJoins were still barely happening. This made no sense. Why were larger CoinJoins working on the testnet at the time? I was. Then I tested it on a testnet and to my surprise he didn’t see any CoinJoins there either. The only difference was the network. Is there something wrong with the Tor network? Yes. A note came: Tor network is under DDoS attack.

Wasabi Art 5

The next day, we fine-tuned the coordinator configuration, implemented some low-risk improvements, and deployed the coordinator. This got CoinJoins working, but it wasn’t enough. In parallel, work has begun on a client-side reliability fix. We were on the road to bootstrapping things again, but then…

0/07/07 New attack! On the seventh day we received two new attacks. We have had a DDoS attack against our website and a spam attack against 4 of us personal emails. Luckily the former was so quickly circumvented that it wasn’t even worth mentioning in and of itself, the latter only causing us a minor inconvenience.Monday.

0/10/0. Second release date. We have improved the vulnerability to the point that CoinJoins can be adjusted even under Tor DDoS attacks. With three hours to go before release, I finally had some time to relax and decided to clean up my email spam folder. The attacker claimed his DDoS over the weekend was just a warm-up to give us time to think. The real attack will come on Monday, when CoinJoins will be shut down and all hell breaks loose. What should I do right now? To release or not to release? Luckily, the attackers also told us where they were planning to attack so we could review our defenses and make sure everything was in place, but you never know this kind of thing. Anything can happen in a stable situation. We pushed the release forward and prepared for the final clash with hackers.

0/11/0 Judgment Day

As he kept watch all night, he saw something terrifying in the distance. The first shot was fired, then another. I had no idea where the cyberattack was coming from. Black hat he had hackers everywhere he was doing DDoS attacks. There was smoke and blood everywhere. Two servers are down and one maintainer is shivering on the floor from a caffeine overdose… just kidding. Sorry for the disappointment, but this was pretty adversarial. After monitoring overnight, we observed some anomalous activity, but we weren’t able to detect the attack with absolute certainty.


A few days after the release, shortly after I started writing this article, I returned the required number of inputs to 150, as originally planned.

Wasabi Art 4

Transparency is an accountability tool and is best suited when groups of individuals accumulate power over other individuals, such as governments, corporations, and other types of organizations. The open source ethos emphasizes accountability through transparency, and that’s the mindset I grew up with. Everything about zkSNACKs and the Wasabi wallet was exposed, not just the source code, but also security-related configuration options. The fact that we take transparency very seriously is evident in the fact that we started by live-streaming all of our meetings.

Accountability should be applied for security, not at the expense of security. Locations where zero-day vulnerabilities can be mined should be kept away from prying eyes. We’ve been aware of this learning for quite some time, but we’ve aggressively removed sensitive security configuration-related public conversations as it has become a much bigger target than before.

Wasabi Art 3

Two and a half years ago, when I started developing WW2, I adopted a rigorous training routine and haven’t missed a single session since. I did it in the cold winter. I did it when I got sick in the humid tropical weather. However, he skipped workouts during those two weeks. These were the most intense few weeks of my life. We were debugging day and night and were racing against time. Such pressure, stress, and high-stakes situations are nothing new to experienced software developers. Everyone runs into these at one time or another. For future me, I’ll leave you with three rules of how to act in this situation.

1. Sleep Management: You don’t want to impair your judgment. Get plenty of sleep!

2. Question > Hypothesis: I want to make a relevant judgment. Don’t jump into theory. Asking questions allows us to recognize relevance, and hypotheses must be relevant. Skip the question at your own risk as you will find yourself wasting valuable time on unimportant things.

3. Recovery vs Understanding: Common and important decisions you must make. If anything goes wrong, recovering your system is your priority, but before you put on your operator hat and hit restart, put on your debugger hat for a second, and while the bugs are fine and alive Please do your research. You may miss your chance to find one.

Wasabi art 2

I am proud that the team has grasped the situation. Special mention of Adam and Roland’s debut. Because this was the first time they encountered a debugging scenario with us. They have grown a lot in a short period of time.

Wasabi art 1

Wasabi Wallet 2.0 was born in the heat of the cyber war. As it spread, WW2 CoinJoins is now thriving. Over the past two weeks, I’ve learned to appreciate the tremendous stability work done at WW1 CoinJoins, and realized I need to do the same with WW2 CoinJoins. The future is bright. we have a lot to do. How Wasabi Wallet Withstood Massive DDOS Attacks

Back to top button