Wasabi Wallet: Inside the July 2024 Hack

TL;DR

Wasabi Wallet suffered a sophisticated hack involving DDoS attacks, a compromised GitHub supply chain, and user-targeted vulnerabilities. The breach exposed delays in the release process and code maintainability issues. The incident led to swift action, including enhanced security measures and streamlined processes, highlighting the need for robust cybersecurity in crypto platforms.

Make Sure This Hack Doesn’t Happen To You 🫵

Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐

For a limited period only, you can get a 7 day FREE trial!

All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today 👇

In the dead of night between July 9th and 10th, 2024, Wasabi Wallet faced a cyber onslaught that left the cryptocurrency community staggered. This isn't just a hack; it’s a masterclass in cyber warfare.

The attack, a multi-layered blitzkrieg, targeted free coordinators, GitHub supply chains, and users themselves.

Let’s peel back the layers of this digital nightmare and see what lessons can be learned.

Free Coordinators Under Siege

First up, free coordinators. These are the unsung heroes of Wasabi Wallet, ensuring liquidity flows smoothly. But recently, these coordinators have been bombarded by Layer 7 DDoS attacks.

To put it simply, these attacks were so sophisticated that malicious requests were nearly identical to legitimate traffic. This wasn’t your run-of-the-mill volumetric attack; it was a surgical strike aimed at crippling the coordinators' operations.

Subscribe to Newsletter Bitcoin

Receive weekly Bitcoin summaries with news, insights and analysis on all things Bitcoin, all for free.

In just one month, these coordinators faced more attacks than zkSNACKs’ coordinator did in over six years. Why? The attackers likely aimed to divert liquidity towards other coordinators for financial gain or more nefarious reasons.

The GitHub Supply Chain Compromise

Next, the hackers took aim at the supply chain, specifically Wasabi Wallet’s GitHub repository. An alert from @BinaryWatch.org bot revealed a disturbing hash discrepancy in the Wasabi-2.0.8.1.msi release, specifically on the window installer.

The Windows installer had been replaced with a rogue file. Despite recent security measures to reduce this attack surface by revoking access rights for zkSNACKs contributors, an account with Write access was compromised, demonstrating a significant flaw in GitHub’s permission system.

The fraudulent file was removed quickly, thanks to @BinaryWatch.org, but the breach underscored a critical vulnerability. GitHub’s lack of granular permissions meant that all contributors with Write access could alter binaries, leaving the door wide open for such attacks.

User-Targeted Attacks: The Most Sinister of All

The most chilling aspect of this hack was the attack on users. A report surfaced about a vulnerability allowing malicious coordinators to charge higher fees than specified by users. Wasabi Wallet’s team sprang into action and implemented a fix.

However, the damage was already done. The “wasabicoordinator.io” coordinator exploited this flaw, using suspicious parameters and charging maximum coordination fees. This also involved changing the fee after a round failure.

This wasn’t just a simple configuration issue; it required deep knowledge of the coinjoin protocol. The community’s vigilance paid off, as monitoring systems detected the exploit swiftly. Users were advised to halt coinjoining, and an update was released ( version 2.1.0 ) to prevent similar attacks.

Aftermath and Lessons Learned

The aftermath of these attacks left the Wasabi Wallet team and its users grappling with the implications. Several critical lessons emerged from this incident:

Release Process Delays

One of the most glaring issues highlighted by this incident was the delay in patching the known vulnerability. The Wasabi Wallet team was aware of the vulnerability and even anticipated the specific scenario in which it could be exploited.

However, the existing release procedure proved to be a bottleneck. For a small team managing a complex project, the process of developing, testing, and deploying updates is a significant challenge.

The current release procedure involves several steps, each requiring meticulous attention to detail to ensure the integrity and security of the updates.

Code Maintainability Challenges

Another significant lesson from this incident was the challenge of maintaining a complex and interconnected codebase. Since the shutdown of zkSNACKs, the Wasabi Wallet team has taken numerous steps to protect users against malicious coordinators. However, the complexity of the codebase meant that certain vulnerabilities were not properly addressed.

The two main factors contributing to this issue were:

1. Time Constraints: With a small team, time is a precious commodity. Balancing the need to develop new features, fix bugs, and address security vulnerabilities is a constant struggle. Time constraints often lead to prioritization decisions, where some issues may be deferred in favor of more immediate concerns.

2. Code Complexity: An overly complex and tightly coupled codebase makes it difficult to identify and isolate vulnerabilities. Interdependencies between different components can obscure potential flaws, making them harder to detect and fix.

Simplifying and reducing the size of the codebase is crucial to enhance maintainability and reduce the risk of future vulnerabilities.

Trust Minimization in Coordinators

Despite the sophisticated nature of the attacks, their impact was relatively limited. This demonstrates the robustness of the WabiSabi coinjoin protocol and Wasabi Wallet's implementation.

The attacks were meticulously planned over more than a month by actors with substantial resources and deep technical knowledge of coinjoins. However, the trust-minimized approach of the coordinators proved effective in containing the damage.

The trust-minimized design ensures that even if a coordinator behaves maliciously, its ability to harm users is limited. This approach, combined with the vigilance of the community and the rapid response from the Wasabi Wallet team, helped mitigate the overall impact of the attacks.

Subscribe to WAGMI

Get Ahead In Crypto. Join 15,000+ subscribers and get our free 5-min daily newsletter

Moving Forward

In response to this incident, Wasabi Wallet is committed to enhancing security measures and improving response capabilities. Key steps include:

1. Accelerating Release Cycles

The team will accelerate release cycles to address vulnerabilities more rapidly, ensuring swift deployment of patches and updates.

2. Simplifying the Codebase

Efforts to simplify the codebase will continue, making it easier to maintain and reducing the risk of overlooked vulnerabilities.

3. Strengthening Monitoring Systems

Enhanced monitoring systems will detect and respond to suspicious activities more efficiently, bolstering the wallet’s defense mechanisms.

4. Enhancing Communication Channels

Improved communication channels will keep users informed and provide timely guidance during security incidents, maintaining transparency and user trust.

Make Sure This Hack Doesn’t Happen To You 🫵

The Wasabi Wallet hack serves as a stark reminder of the ever-evolving sophistication of cyber-attacks. As attackers become more resourceful, robust security measures are crucial. The Wasabi Wallet team’s transparent response and commitment to improvement provide a blueprint for navigating such challenges.

The support and vigilance of the community have been instrumental in mitigating the attack’s impact. As Wasabi Wallet strengthens its security and resilience, user trust and feedback will be vital. Together, we can build a secure ecosystem, empowering users to navigate the world of cryptocurrency with confidence.

Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐

For a limited period only, you can get a 7 day FREE trial!

All for just $50/month after the trial.
Don't miss out! Grab your FREE trial today 👇