Wasabi on Tails: Setting Up CoinJoin Without a Trace

Wasabi Wallet on Tails OS is the most consistent combination for CoinJoin with maximum privacy: the amnesic operating system writes nothing to disk by default, all traffic runs through Tor, and after shutdown no trace remains in RAM. The coordinator only sees a Tor exit IP — no real name, no home address, no device fingerprint.

This guide walks through the complete setup process: one-time installation in Persistent Storage, the startup script, coordinator configuration, and the mix workflow for a solid anonymity set.

1 — Why Tails?

Tails is a live operating system that boots from a USB stick and leaves no permanent traces. For CoinJoin this creates a clear security profile:

• RAM-only: The system runs entirely in memory. No writes to disk — after shutdown all session data is gone.
• Tor for all traffic: Tails routes all network traffic through the Tor network by default. The CoinJoin coordinator only sees a Tor exit IP.
• Persistent Storage (encrypted): An optional LUKS-encrypted area on the USB stick for permanent files. This is where the Wasabi binary and wallet data live — so you don't need to re-download the software after every reboot.
• No admin password required: Installing and running Wasabi does not require root access.

2 — Installation (one-time)

The installation is done once in Persistent Storage. On every subsequent boot Wasabi is immediately available — no re-download needed.

Download and GPG Verification

First switch to the Persistent directory, download the current version, and verify the GPG signature. Verification is mandatory — it is the only way to confirm the binary has not been tampered with.

cd ~/Persistent
VER="2.7.2"
curl -L "https://github.com/WalletWasabi/WalletWasabi/releases/download/v${VER}/Wasabi-${VER}-linux-x64.tar.gz" \
     -o "Wasabi-${VER}-linux-x64.tar.gz"
curl -L "https://github.com/WalletWasabi/WalletWasabi/releases/download/v${VER}/Wasabi-${VER}-linux-x64.tar.gz.asc" \
     -o "Wasabi-${VER}-linux-x64.tar.gz.asc"
curl -L "https://raw.githubusercontent.com/WalletWasabi/WalletWasabi/master/PGP.txt" \
     -o PGP.txt
gpg --import PGP.txt
gpg --verify "Wasabi-${VER}-linux-x64.tar.gz.asc" "Wasabi-${VER}-linux-x64.tar.gz"

Expected fingerprint (zkSNACKs Ltd.):

6FB3 872B 5D42 292F 5992 0797 8563 4832 8949 861E

Output like Good signature from "zkSNACKs Ltd." is sufficient — the warning "This key is not certified with a trusted signature" is normal on Tails because the zkSNACKs key is not anchored in the local web of trust. What matters is that the fingerprint matches exactly.

Extracting and cleaning up

The archive contains a CI path structure (home/runner/work/...) that needs to be cleaned up. The startup binary is called wassabee — not WalletWasabi.Desktop.

tar -pxzf "Wasabi-${VER}-linux-x64.tar.gz"
mv ~/Persistent/home/runner/work/WalletWasabi/WalletWasabi/build/linux-x64 ~/Persistent/Wasabi
rm -rf ~/Persistent/home

Symlink for wallet data

Wasabi stores wallet data at ~/.walletwasabi by default — a volatile path in RAM. To keep the wallet across reboots, a symlink pointing to Persistent Storage is created:

mkdir -p ~/Persistent/.walletwasabi
ln -s ~/Persistent/.walletwasabi ~/.walletwasabi

This places wallet files, settings, and the blockchain sync cache permanently on the USB stick — protected by the LUKS encryption of Persistent Storage.

3 — Startup Script and Desktop Launcher

Startup script

The startup script ensures the symlink is correctly set on every boot and launches Wasabi with the right flags:

#!/bin/bash
# ~/Persistent/start-wasabi.sh

if [ ! -L ~/.walletwasabi ]; then
    ln -s ~/Persistent/.walletwasabi ~/.walletwasabi
fi

COORDINATOR="https://coinjoin.kruw.io"
~/Persistent/Wasabi/wassabee \
    --UseTor=EnabledOnlyRunning \
    --CoordinatorUri="$COORDINATOR"

chmod +x ~/Persistent/start-wasabi.sh

Desktop launcher (optional)

To make Wasabi appear in the Tails Activities overview, a .desktop entry is created via the Dotfiles feature. Dotfiles must be enabled in Persistent Storage.

mkdir -p /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications
cat > /live/persistence/TailsData_unlocked/dotfiles/.local/share/applications/wasabi.desktop << 'EOF'
[Desktop Entry]
Type=Application
Name=Wasabi (CoinJoin)
Exec=/home/amnesia/Persistent/start-wasabi.sh
Terminal=false
Categories=Network;Finance;
EOF

The launcher appears in the Activities overview after the next reboot. Alternatively, the script can be run directly from the terminal at any time.

4 — Coordinator: Kruw

The default CoinJoin coordinator run by zkSNACKs was shut down in May 2024 — Wasabi without an external coordinator simply will not connect. Third-party coordinators are non-custodial: they coordinate rounds but hold no coins.

The startup script uses Kruw (coinjoin.kruw.io): 0% coordinator fees, active rounds with high participant counts, well established in the community.

Alternative: OpenCoordinator (api.opencoordinator.org) — both are freely interchangeable by adjusting the COORDINATOR variable in the startup script.

ps aux | grep coordinator | grep -v grep

Before mixing, check wabisator.com: it shows active rounds, participant counts, and wait times for the coordinator. Low participant counts mean a weak anonymity set — if activity is low, wait it out or mix during peak hours.

5 — Creating a Wallet

On first launch: Add Wallet → Create New Wallet. Wasabi generates a 12-word seed (BIP39).

After creation the wallet registers with the coordinator. The initial filter download (BIP158) takes a few minutes — Wasabi does not sync the full blockchain, only compact filters.

6 — Mix Workflow

Step-by-step process

1 Generate a receive address in Wasabi under Receive.

2 Send the amount to be mixed from your hardware wallet to that address. Note the minimum amount (currently ~0.01 BTC, depending on the coordinator's round configuration).

3 Wait for at least 1 confirmation before the UTXO appears in Wasabi.

4 Under Privacy, select the UTXO and press Play. Auto-Mix is disabled by default — start it manually.

5 Wait for Privacy Progress 100% — Wasabi shows "Hurray! All your funds are private!" once all coins have reached the configured target. Depending on coordinator activity this takes anywhere from a few minutes to several hours.

6 Under Send, send the mixed output to a fresh address on your hardware wallet. No direct forwarding to an exchange or any other identity-linked service.

7 Shut down Tails. Persistent Storage is encrypted — wallet data stays safe on the USB stick.

7 — Troubleshooting

The most common issues and how to fix them:

• Coordinator not connecting: Append a trailing slash (/) to the coordinator URL: https://coinjoin.kruw.io/. Some coordinators require the trailing slash.
• Error on startup, no output: Launch Wasabi from the terminal instead of the desktop launcher — error messages are visible there:

  bash ~/Persistent/start-wasabi.sh

• Coordinator field in settings is blank: This is normal and not a bug. The value is passed via the startup flag and is active even when the GUI shows nothing. Verify with ps aux | grep coordinator | grep -v grep.
• Sync takes very long: On first start the BIP158 filters need to be downloaded. Depending on Tor connection speed this can take 10–30 minutes. Be patient — Tor on Tails can be slow.
• Wallet gone after reboot: Check that the symlink is correctly set. The startup script recreates it on every launch — if Wasabi was started without the script, the symlink may be missing. Solution: always launch via start-wasabi.sh.

Privacy is not a luxury — it is the prerequisite for true ownership.