Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
JoinMarket release 0.2.0 ameliorates this snooping attack.

Edit 14/09/2016

JoinMarket release 0.2.0 ameliorates this snooping attack. It is a protocol-breaking change so everyone must update which we anticipate may take some time.


Looks like enough people have updated and there's plenty of liquidity now.

Waxwing has another blog post discussing this issue too:

JoinMarket's privacy is degraded (for a while)



JoinMarket is a young project, there are some possible vunerabilities which could be exploited to spy on every user.

Recently people have noticed that one such attack seems to actually be happening. The attack has the possibility of degrading the privacy of all JoinMarket coinjoins.

All JoinMarket users must be aware of this, and may want to not use JoinMarket until the issue is resolved.

This vulnerability can probably be fixed with a protocol update to JoinMarket, but it doesn't exist yet and needs to be written.

What is happening?

The vulnerability (known henceforth as issue #156) was first written about in July 2015. It's named after the issue number of github.

Read through this issue to gain an understanding of what the attack is and how it works. JoinMarket-Org/joinmarket#156

It means that an attacker for free can learn what UTXOs belong to which maker, and can eliminate them when analysing coinjoins on the blockchain. It's not trivial to actually obtain all the UTXOs from a maker, but even learning a proportion of them is enough to spy on a large amount of coinjoins.

JoinMarket is still private to everyone who isn't this #156 spy. Different people use JoinMarket and bitcoin for many different reasons, if their privacy requirements are lower then they can still use JoinMarket. Without JoinMarket, bitcoin transactions can be analyzed in more detail forever in the future because they are recorded on the permanant public blockchain.

What will happen now?

We have a pretty good idea how to fix this. See the github issue for details. Also see waxwing's blog post. It generally involves limiting spy takers ability to get maker's UTXOs for free.

Alternate privacy methods

JoinMarket's sendpayment script probably can't be replaced. There's no other way I know of which immediately creates a bitcoin transcation like sendpayment.

JoinMarket's tumbler script (which aims to break the link between addresses) probably can be substituted by something else. The best way is probably to piggyback off the hot wallets of various bitcoin websites.

Worked example for tumbler replacement

We'll pick some bitcoin websites that don't require an identity to deposit and withdraw coins, and send the bitcoin through them. We must remember to split up the amounts and use different deposit addresses to stop amount correlation. Between each transaction make sure to wait a while to help stop timing analysis.

Say we want to break the link between 1btc we have and send it to our cold storage wallet. Each arrow -> is a new bitcoin withdrawal transaction.

       cold storage wallet
1btc  ->  1addrA  1btc      ->  1addrB 0.1btc     ->  1addrE 0.1btc  ->  1addrG 0.4btc  ->  1addrH 0.25btc
                            ->  1addrC 0.2btc     ->  1addrF 0.9btc  ->  1addrF 0.6btc  ->  1addrI 0.25btc
                            ->  1addrD 0.7btc                                           ->  1addrJ 0.25btc
                                                                                        ->  1addrK 0.25btc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment