July 9th-10th 2024: Wasabi Wallet Security Incident Disclosure

[turbolay]

Wasabi Wallet Security Incident

Wasabi Wallet is currently experiencing a series of sophisticated and intense attacks. In the last 24 hours, these attacks have targeted:

• Free coordinators
• Supply chain (GitHub)
• Users

Let's examine these from least to most complex.

Attacks on free coordinators

Several free coordinators, particularly the most liquid ones, have been repeatedly taken down by Layer 7 DDoS Attacks.

These coordinators have faced more attacks in a single month than zkSNACKs' coordinator did over six years. This doesn't imply zkSNACKs' coordinator was never attacked; it encountered numerous attacks, but they were typically generic volumetric attacks.

These attacks pose a unique challenge as they target the application layer, making malicious requests nearly indistinguishable from legitimate traffic, making them extremely difficult to mitigate.

We believe the primary motivation behind these attacks is to redirect liquidity towards other coordinators, either for financial gain or malicious purposes.

Supply chain (GitHub) compromise

Recently, we were alerted by the @BinaryWatch.org bot about a hash discrepancy in the Wasabi-2.0.8.1.msi release, specifically on the Windows installer. See: https://x.com/BinaryWatchBot/status/1810826829940326846.

It was discovered that the Windows installer had been replaced with a different file. Despite our recent efforts to reduce this attack surface by revoking access rights for zkSNACKs contributors, an account with Write access was compromised. Unfortunately, GitHub doesn't offer granular permissions to restrict who can modify binaries - all contributors with Write access have this capability. We've since revoked additional access rights.

The fraudulent Wasabi-2.0.8.1.msi file was promptly removed, and we are closely monitoring the releases. We extend our gratitude to @BinaryWatch.org for their service, as their prompt report significantly minimized the impact of this incident.

User-targeted attacks

A few days ago, we received a report about a vulnerability that could allow a malicious coordinator to charge higher coordination fees than specified by the user. Our team implemented a fix and introduced additional safeguards to prevent various hypothetical scenarios involving malicious coordinators.

Yesterday, we were informed that the "wasabicoordinator.io" coordinator was using suspicious parameters, including requiring only 2 inputs, creating rounds as quickly as possible, and charging the maximum allowable coordination fee. This also involved changing the fee after a round failure. We confirmed that the wasabicoordinator.io coordinator was indeed exploiting the vulnerability our team had been addressing.

Exploiting this vulnerability requires not just configuration or DevOps knowledge, but a deep understanding of the coinjoin protocol. We aim to release an update within hours to address this issue.

Thanks to community-developed monitoring systems, this exploit was detected relatively quickly. We communicated about it to minimize impact and advise users to pause coinjoining. Subsequently, we swiftly released version 2.1.0, which prevents similar attacks.

Aftermath

Several key lessons can be drawn from this incident:

Release process delays

We were aware of the vulnerability and this specific scenario, but our current release procedure is too cumbersome for our small team, resulting in a delay in patching this exploit. We had already been planning to streamline our release process to enable more frequent updates.

Code maintainability challenges

Since zkSNACKs' shutdown, numerous steps have been taken to protect users against malicious coordinators. However, a vulnerability was not properly addressed. The developer overlooked it at the time due to two main factors:

• Time constraints were significant
• The codebase is overly complex and interconnected

Simplifying and reducing the size of our codebase has been a priority, and we will continue to focus on this goal.

Coordinators are correctly trust-minimized

These attacks were meticulously planned over more than a month by sophisticated actors with substantial resources and in-depth technical knowledge of coinjoins. Despite this, its impact has been relatively limited. This demonstrates the robustness of the WabiSabi coinjoin protocol and Wasabi Wallet's implementation.

Conclusion

The incident highlights the importance of our ongoing efforts to minimize trust in coordinators and reinforces the effectiveness of our current approach. We will continue to enhance security measures and improve our response capabilities to protect users and maintain the integrity of the Wasabi Wallet ecosystem.

Moving forward, we are committed to:

1. Accelerating our release cycles to address vulnerabilities more rapidly
2. Further simplifying our codebase to enhance maintainability and reduce the risk of overlooked vulnerabilities
3. Strengthening our monitoring systems to detect and respond to suspicious activities more efficiently
4. Enhancing our communication channels to keep users informed and provide timely guidance during security incidents

We appreciate the support and vigilance of our community during this challenging time. Your continued trust and feedback are crucial as we work to make Wasabi Wallet more secure and resilient against future attacks.

[snemes]

In case you still have it, would it be possible to upload the malicious Wasabi-2.0.8.1.msi file (with SHA256 e10c4bc3ed4306cc6e499e64eca4fadb051f335710e3c6e40ce1354061e1768f) to VirusTotal so that the malware analysis community can analyze and reverse engineer it? Thanks a lot.

[turbolay]

Maybe @lontivero ? I thought I had it but nope, I downloaded the legit one

[lontivero]

I don't have it. I removed it as fast as it was possible for me.