In Part 1 I presented my investigation on Samourai’s sockpuppetry practices. In this part I gathered together some accounts on what happens to those who dare to speak up on technical flaws in Samourai Wallet.
Bitcoin Core Developer, Co-Founder of Blockstream
Context. Maxwell raised concerns about Samourai a few times in the past, most notably about that they advertise themselves as a privacy wallet, while they send back all their users’ addresses to their backend server (formerly to Blockchain.info’s servers.)
Founder of Fedora Linux, Project Manager at Blockstream
Context. Warren Togami compiled together publicly available information on “Historical false promises and harassment by Samourai.”
Bitcoin Core Developer, Creator of Bitcoin Knots
Context. Samourai’s “Trusted Node” feature requires users to expose their Bitcoin Core unencypted RPC traffic to the Internet, with that, anyone could watch the traffic, get the password and empty the user’s wallet.
Later it turned out that Luke mistakenly thought that Samourai’s “Trusted Node” feature is a trusted node feature, but it is only used for transaction broadcasting, it wasn’t actually a trusted node feature. This raises the question why not just broadcast the transaction through Bitcoin’s P2P traffic, which is already exposed to the Internet, because it is the standard way of broadcasting transactions, instead of creating a glaring security hole in the user’s Bitcoin Core wallet?
Recently the Samourai team made sure their users won’t be able to use Luke’s Bitcoin Knots full node with their new Dojo backend.
Bitcoin Core Developer, Creator of NBitcoin
Context. Nicolas raised his concerns about the same issue as Maxwell did.
I compiled a few experiences in this post. There is one thing common: they all report a “mysterious astroturfing campaign” as response to their raised concerns. However these accounts are by no means exceptions. I have witnessed Samourai habitually harassing Bitcoin developers too many times to count or keep track of them.