Recover access to your Samourai Wallet

AnuBitux AnuBitux

On April 24, 2024, U.S. D.O.J. arrested the founder and the CEO of Samourai wallet and charged them with money laundering and unlicensed money transmitting offenses.

Samourai wallet was a mobile wallet that could be used to perform CoinJoin transactions through the Whirlpool algorithm (a zerolink coinjoin implementation created by the Samourai Wallet developer team). 

What is Whirlpool?

At a very high level, a Whirlpool mix is a collaborative transaction between five participants. The outputs of each Whirlpool mix are always identical resulting in every mix having a lot of possible interpretations. Anyone trying to analyze the blockchain and looking at a Whirlpool transaction cannot say for sure which output corresponds to which input. 

Each of the five Whirlpool participants submits 1 input into the transaction. For a mix to start, a minimum of two of these participants must be new entrants to the pool. These new entrants are known as ‘premixers’ and they are required at every Whirlpool mix. Requiring two premixers to trigger a mix ensures that new liquidity forms part of every cycle and prevents the same pool UTXO’s continually mixing with each other.

How does a Whirlpool transaction look like?

As stated above, a whirlpool transaction requires 5 participants sending 5 identical outputs. Here you can see an example of a Whirlpool transaction.

As you can see, two addresses are providing bigger inputs, they are the new entrants, providing a little extra-amount to cover transaction fees.

Where are the mixed funds?

It is very important to point out that Whirlpool works in a totally non custodial way. Funds are never sent to third parties, there's only a coordinator server orchestrating the process without knowing which funds belong to each of the involved addresses.

Among the mixing process, funds are sent to addresses based on the same seed  used to create the BIP39 software wallet you are using. Whirlpool just uses different standards with an offset on the index.

Remember that a derivation path is something like m/44’/60’/0’/0/0. it is tellig your hierarchical deterministic wallet to:

- start at the master key (m);
- use the BIP44 standard (44);
- derive keys for Ethereum (60, use 0 for bitcoin);
- do not derive a change address (first zero, use 1 for change addresses);
- the index of the address (last zero).

In detail, Whirlpool is using the following derivation paths:

  • Deposit: m/44'|49'|84'|47'/0'/0'
  • Bad Bank: m/84'/0'/2147483644'
  • Pre Mix: m/84'/0'/2147483645'
  • Post Mix: m/84'/0'/2147483646'
  • Ricochet: m/44'|49'|84'/0'/2147483647'

That means that we can always recover all our funds so long as you have the seed.

Recover access to the funds

Since the Samourai app may not be available anymore, to access funds held through this client it may be possible to use other clients supporting Whirlpool mixes, like Sparrow wallet (backup link). If also Sparrow wallet does not work with Whirlpool anymore, it is enough to use it or other fully feathured clients, like Electrum, manually specifying the desired derivation path in the wallet setup wizard.

To see the funds used through Whirlpool with Sparrow wallet, when importing a new keystore based on the BIP39 mnemonic used with Samourai, it is necessary to click on the "Add Account..." button and click on the Whirlpool option (the last one). This will add the buttons on the left and will allow us to see the funds and the transactions related to our ordinary wallet (Deposit) and also the funds and the transactions related to Whirlpool (Premix, Postmix and Badbank).

Final thoughts

In this case we can notice how it is important to know how the tools we are using work. So, if some of them stops working, we will always be in control of our funds. It is very important to avoid to rely on centralized solutions or using tools before trying to understand how they work.

This article was updated on 15 May 2024

You should also read: