Oddbean new post about | logout
 Everything actionable you need to know about what this indictment means for you as a Samourai Wallet (SW) or Whirlpool user 👇

As a Samourai Wallet user (no Dojo)

Unfortunately, the architecture of SW meant that your xpub (a master public key, allowing anyone holding it to derive all your past/present/future Bitcoin addresses) was at some point in time held by Samourai, and could now possible in the hands of the DOJ.

Though it's a worst-case scenario, you should assume that your xpub was compromised, and thus all previous mixes you have done have been unwound and are now traceable. You should also assume that the gov can now derive all past/present/future addresses of yours and track movement of funds if so desired.

In addition, Samourai's coordinator and backend sync server was seized, and so SW will no longer sync, show received funds, or allow sending funds out. As such, you have to migrate funds to another wallet like @SparrowWallet following the docs here:

https://docs.samourai.io/wallet/restore-recovery#export-to-external-wallet

In addition, I would recommend migrating funds to a new seed phrase to prevent anyone holding the xpub from seeing all future received/spent funds.

You should also disable automatic updates in the Play Store (if used) to ensure no malicious updates are pushed.

As a Samourai Wallet user (using your own Dojo)

Thankfully, you avoided having your xpub potentially compromised. The worst case scenario for you is that your previous mixes may not have the full anon set you expected if non-Dojo users xpubs were compromised.

You will still be able to sync/send/receive from your Samourai Wallet app, but should also migrate funds eventually as no further updates will come out for Samourai Wallet. If you want to migrate, use the docs below:

https://docs.samourai.io/wallet/restore-recovery#export-to-external-wallet

You should, however, disable automatic updates in the Play Store (if used) to ensure no malicious updates are pushed.

As a Sparrow Wallet user

Thankfully, you avoided having your xpub potentially compromised as well. The worst case scenario for you is that your previous mixes may not have the full anon set you expected if non-Dojo/Sparrow users xpubs were compromised.

There is no real need to rotate to a new wallet etc, and Sparrow is still an excellent option. Unfortunately you will no longer be able to mix in Sparrow as the Samourai coordinator was seized.

Next steps for privacy

If you (like me) relied on Samourai Wallet for privacy on Bitcoin, it's time to look elsewhere sadly. As of today I have two recommendations:

Use Monero for spending, keep using Bitcoin for savings

Yes, this isn't Bitcoin, but its by far the most used and most practical privacy coin out there with strong (and growing) ways to swap in/out of it without a centralized, KYC exchange. My recommendation is buying enough to cover your normal spending of Bitcoin for a month at least, and spend out of that lump sum as needed.

Learn more: 

getmonero.org

Where to get Monero:

bisq.network
Trocador.app
In Cake Wallet's exchange feature

Wallets:

Feather Wallet
Cake Wallet
Monerujo Wallet

Merchants that accept Monero:

monerica.com

cryptwerk.com/pay-with/xmr/

Use JoinMarket

JoinMarket is a decentralized Coinjoin protocol that brings together peers to mix funds together, gaining strong privacy without relying on a central coordinator, without giving fees to a central entity, etc.

The best way to get started today is using the new UI built around JoinMarket, @jamapporg:

jamapp.org

Have any more questions? Drop them below and I'll do my best to answer them. 
 Appreciate the explaination!

Can you explain the Sparrow wallet worst case scenario a little more? Im not fully grasping why Sparrow users would be less affecfed? 
 Your mixes with Sparrow rely on the other participants true spend not being known.

If LE are able to recover xpubs and know a large % of true spends, your anon set is likely much smaller than you think. 
 Appreciate the response 🤟 
 Thank you Seth. Do you foresee any legal consequences for those who've used the service even a few years ago and are identified?  
 No, normally customers/users aren't affected, especially when it's not a sanctions issue. 
 👍 
 Thanks for getting all this info out there so quickly. 
 Just use monero ;) 
 can't really be surprised about the samourai wallet news after watching it happen to the tornado cash dev.
https://image.nostr.build/c29634f8359ae8a2e14896d4e8e779648ccc6dff65eacc9d26f169dc756ae2f9.jpg 
 why would i want to keep my savings in a currency that has proven time and time again that it isn't able to function as digital cash? i'd rather keep it in precious metals. 
 You go do that 
 Thanks for the PSA (except the monero bit) 
 (cry about it) 
 So.. docs.samourai.io is still up but they took down code.samourai.io ? Under what pretext? Is code contraband now? What happened to free speech? 
 They seized all servers, and Samurai self-hosted Gitlab so code went down with them. 
 Yes, and it went down permanently, effectively censorship. 
 Also they didn't seize the server that serves docs, obviously. Which is my point, they censored the code. 
 Such a rough day. I remember they were working on a decentralized coordinator, could we finish it to revive whirlpool or is it effectively dead? 
 AFAIK no other coordinators ever launched. 
 They never made it easy to run it. 
 Seth, you are a real force for good  
 Wasn't the Whirlpool coordinator being decentralised? Sparrow 1.8.5 mentioned Whirlpool over Soroban 
 Best not to combine the utxos, right? 
 doesn't matter with npub exposure  
 s/npub/xpub lol 
 Shouldn't Sparrow wallet be next? Other recommended wallet for desktop? 
 Do they have the xpub if the user never used whirlpool and just used samourai as a wallet? 
 There are no Whirlpool coordinators anymore.

Whirlpool is dead. 
 If the code is around somebody could take up the task of completing the decentralization 
 Btw. Why is that since there are plenty of wabisabi ones? 
 Full blog post version:

note16vjz9czztqwgwz876pvmtggltuu9yrazqdm4skwvncdfk57c0fxq8kdw4x 
 Zap me some Monero!