How it works
Samourai shipped as an Android-first Bitcoin wallet. The app was non-custodial: key material lived on the device, the seed never left it. Above that base it stacked a set of privacy primitives that distinguished it from every mainstream wallet of its era. Whirlpool was a fixed-denomination Chaumian CoinJoin with five-participant pools and surge cycles. Ricochet forced an outgoing payment through additional hops before reaching the recipient. Stonewall and Stonewall x2 produced decoy-output transactions that imitated CoinJoin patterns from a single wallet. PayNyms were BIP47 reusable payment codes that generated fresh receive addresses per sender. Power users could pair the app with a self-hosted Dojo, a personal full-node backend that removed any need to query Samourai's own infrastructure.
KYC & privacy
There was no signup. No email, no phone, no account. The wallet generated a seed locally; the user wrote it down. Whirlpool, however, depended on a coordinator server operated by the Samourai team, and that server is what the indictment turned on: prosecutors alleged Whirlpool was an unlicensed money transmitter and that its operators knowingly facilitated laundering of dark-market proceeds. Samourai's stated policy was zero logs at the wallet layer and minimal logs at the coordinator. The architecture meant operators could not see balances or seeds, but they could see mix participation patterns from coordinator metadata — a distinction the DOJ treated as immaterial.
Strengths and limits
For nine years Samourai was, in privacy terms, what it claimed to be: the most aggressive consumer-facing CoinJoin product on Bitcoin. The codebase is open source under the Unlicense, hosted on GitHub at Samourai-Wallet, and survives there for anyone who wants to audit or fork it. The limits ended the project. Whirlpool's coordinator was a single legal point of failure, and once Iceland-hosted servers and the primary domain were seized in April 2024, in-flight mixes left UTXOs that needed third-party tools — a forked Ashigaru build, Sparrow's CoinJoin upgrade — to be recovered. Founders Keonne Rodriguez and William Lonergan Hill pleaded guilty in 2025; in November of that year a New York court sentenced Rodriguez to five years and Hill to four. In March 2026 the seized domain reappeared under unknown ownership running a near-pixel-perfect phishing clone designed to harvest seed phrases — a hazard that now outranks every functional concern about the original product.
Verdict
Samourai itself never lost user funds and never collected user identities; the architecture worked as advertised until the coordinator was switched off by the state. What survives is an open repo, a cautionary tale about coordinator-anchored privacy, and a domain that is actively dangerous in 2026. Anyone still typing samouraiwallet.com into a browser is being targeted. Grade: C (6.8/10). Trust: RISKY.
Samourai itself never lost user funds and never collected user identities; the architecture worked as advertised until the coordinator was seized. What survives is an open repo, a cautionary tale about coordinator-anchored privacy, and a domain that is actively dangerous in 2026. Grade: C (6.8/10). Trust: RISKY.
