Avatar
Frank 1y ago

#bitcoin

Copied form sethforprivacy:

Everything actionable you need to know about what this indictment means for you as a @SamouraiWallet (SW) or Whirlpool user đŸ‘‡

As a Samourai Wallet user (no Dojo)

Unfortunately, the architecture of SW meant that your xpub (a master public key, allowing anyone holding it to derive all your past/present/future Bitcoin addresses) was at some point in time held by Samourai, and could now possible in the hands of the DOJ.

Though it's a worst-case scenario, you should assume that your xpub was compromised, and thus all previous mixes you have done have been unwound and are now traceable. You should also assume that the gov can now derive all past/present/future addresses of yours and track movement of funds if so desired.

In addition, Samourai's coordinator and backend sync server was seized, and so SW will no longer sync, show received funds, or allow sending funds out. As such, you have to migrate funds to another wallet like @SparrowWallet following the docs here:

docs.samourai.io/wallet/restore…

In addition, I would recommend migrating funds to a new seed phrase to prevent anyone holding the xpub from seeing all future received/spent funds.

You should also disable automatic updates in the Play Store (if used) to ensure no malicious updates are pushed.

As a Samourai Wallet user (using your own Dojo)

Thankfully, you avoided having your xpub potentially compromised. The worst case scenario for you is that your previous mixes may not have the full anon set you expected if non-Dojo users xpubs were compromised.

You will still be able to sync/send/receive from your Samourai Wallet app, but should also migrate funds eventually as no further updates will come out for Samourai Wallet. If you want to migrate, use the docs below:

docs.samourai.io/wallet/restore…

You should, however, disable automatic updates in the Play Store (if used) to ensure no malicious updates are pushed.

As a Sparrow Wallet user

Thankfully, you avoided having your xpub potentially compromised as well. The worst case scenario for you is that your previous mixes may not have the full anon set you expected if non-Dojo/Sparrow users xpubs were compromised.

There is no real need to rotate to a new wallet etc, and Sparrow is still an excellent option. Unfortunately you will no longer be able to mix in Sparrow as the Samourai coordinator was seized.

Reply to this note

Please Login to reply.

Discussion

Avatar
. 1y ago

THE WHIRLPOOL COORDINATOR WAS A CHAUMIAN BLIND SIGNTURE TO XPUBS

THIS POST IS CONFUSING THE SAMOURAI FULL NODE AND USING WHIRLPOOL COORDINATOR

YES, XPUBS THAT CONNECTED TO THE SAMOURAI NODE ARE POTENTIALLY KNOWN BUT THAT DOESN'T IMPLY ANYTHING ABOUT WHIRLPOOL AFAIK

2b
Deleted Account 1y ago

I thought the coordinator was in Iceland.

Avatar
. 1y ago

Maybe and it was a blind chaumian sig that doesn't see any xpubs or ip with tor

2b
Deleted Account 1y ago

I see the Icelandic Police helped with confiscation. My statement was about how difficult it should have been to take the server.

Avatar
Bass 1y ago

If the government can't regulate bitcoin, they will regulate anything they can including your on and off ramps. Buy noKYC with robosats, throw it into a liquid wallet to avoid high fees and consolidation fees. Then push one massive chunk from liquid to cold storage in one massive utxo. Mixing is being targeted, liquid network allows you to stack no kyc without the need for consolidating later.

nostr:nevent1qqsrngl5qdpxuzsmrzu35ksh5ec33zqsvg5kghj0dsmu0t6j0hxm7wgpr3mhxue69uhkummnw3ezucnfw33k76twv4ezuum0vd5kzmqzyq6xvktqxjkv9etl2rpn9e4sjh62aj29leltnc7x0327e0nt5arzsqcyqqqqqqgsyqu35

Avatar
cryptowolf 1y ago

I am assuming Sentinel users are affected just the same if they were not using their own DOJO correct?

2b
Deleted Account 1y ago

Yes.

Avatar
cryptowolf 1y ago

and its no longer possible to run your own dojo?

2b
Deleted Account 1y ago

You could but I don't know how much value you'll get from it.

Avatar
cryptowolf 1y ago

Well then which other mobile app that can read xpubs from a hardware wallet can you connect to your own node?

Avatar
cryptowolf 1y ago

is transfering the funds to a new seed phrase really necessary?

a new xpub would generated if you created a new derivation path under the same seed phrase, having exactly the same result without having to migrate seed phrases, wouldnt it?

Avatar
Frank 1y ago

Everything actionable you need to know about what this indictment means for you as a @SamouraiWallet (SW) or Whirlpool user đŸ‘‡

As a Samourai Wallet user (no Dojo)

Unfortunately, the architecture of SW meant that your xpub (a master public key, allowing anyone holding it to derive all your past/present/future Bitcoin addresses) was at some point in time held by Samourai, and could now possible in the hands of the DOJ.

Though it's a worst-case scenario, you should assume that your xpub was compromised, and thus all previous mixes you have done have been unwound and are now traceable. You should also assume that the gov can now derive all past/present/future addresses of yours and track movement of funds if so desired.

In addition, Samourai's coordinator and backend sync server was seized, and so SW will no longer sync, show received funds, or allow sending funds out. As such, you have to migrate funds to another wallet like @SparrowWallet following the docs here:

docs.samourai.io/wallet/restore…

In addition, I would recommend migrating funds to a new seed phrase to prevent anyone holding the xpub from seeing all future received/spent funds.

You should also disable automatic updates in the Play Store (if used) to ensure no malicious updates are pushed.

As a Samourai Wallet user (using your own Dojo)

Thankfully, you avoided having your xpub potentially compromised. The worst case scenario for you is that your previous mixes may not have the full anon set you expected if non-Dojo users xpubs were compromised.

You will still be able to sync/send/receive from your Samourai Wallet app, but should also migrate funds eventually as no further updates will come out for Samourai Wallet

Avatar
cryptowolf 1y ago

technically this could happen to any wallet couldn't it unless it was released as a DAO?

If someone was using Sparrow Wallet and didnt connect to their own node and Sparrow founders were arested and servers seized, they would also have a copy of your xpubs.

Or trezor, or ledger, or any wallet that gives you the option to connect to THEIR servers and thats what you did.

correct?