The first malware that pretends to be Wasabi: https://t.co/08VrjnrVsr
Notice only the Windows download link points to their own website, the rest is to our GitHub? pic.twitter.com/t7jKViESZ2
— nopara73 (@nopara73) March 21, 2019
Join CCN for $9.99 per month and get an ad-free version of CCN including discounts for future events and services. Support our journalists today. Click here to sign up.
Nopara73 downloaded the off-brand version of the wallet and the anti-virus software he’s using found no problems with it. For him, that makes the issue all the more concerning:
Oh boy. This is going to be messy: pic.twitter.com/0RLUcrztxK
— nopara73 (@nopara73) March 21, 2019
An insecure or compromised Bitcoin wallet can cost someone thousands of dollars. Wasabi is not the first wallet to have a pretender emerge. Fake Electrum wallets have come out in the past, but the community is pretty quick to warn people.
Perhaps The Only Drawback of Open Source Software: Anyone Can Redistribute
The nature of open source software is that anyone can create a clone and change it anyway they want. This is actually the intended effect. The terms of the GNU Public License, however, make it illegal to release a product of the same name.
Therefore, if an open source developer is able to identify someone who does this, they have an enforceable licensing agreement to sue based upon. Unfortunately, open source license based lawsuits are rare.
Nevertheless, open code is viewed as more secure. Vulnerabilities are found quickest when the widest number of people are able to look for them.
Wasabi wallet has grown in popularity.The official website for it is wasabiwallet.io.Wasabi implements native “coin joining,” a strategy to Bitcoin wallets. It is one of the first wallets to do this natively in Bitcoin. The concept is not unlike the privacy features implemented by Evan Duffield into DarkCoin, which later became Dash. According to the Wasabi website, the platform works best when a lot of people are using it.
Wasabi Is Popular For Its Privacy
An in-depth explanation of how Wasabi implements privacy can be found here.
Despite the transparency of the Bitcoin network, it’s difficult to know the actual distribution of wallet usage. Many wallets use a backend like bitcoind or connect remotely to a node, as is the case with most mobile wallets. However, Wasabi is reportedly one of the most popular wallets in Iran, a country where using cryptocurrency is technically illegal although the country launched its own blockchain.
A fake version of a reliable Bitcoin wallet is a serious financial risk, especially if someone is switching wallets and inadvertently imports an existing private key. The effect can be devastating and quick. Fortunately, the news of this fake Wasabi site has spread pretty quickly. It’s unlikely to be the last. The Internet, for all its safeguards and policing, remains very much the wild west.
If it turns out that the false Windows version of the wallet isn’t stealing coins, it could be something much worse: an attempt to de-anonymize Wasabi users.
Open source software has a history of being infected with malware or adware and redistributed.
About The Author
P. H. Madore
P. H. Madore has written for CCN since 2014 and is currently Head of Crypto. Please send breaking news tips or requests for investigation to [email protected] His website is http://phm.link
Leave a Reply