Topic: 2023 List Bitcoin Mixers Bitcoin Tumblers Websites - page 6. (Read 39256 times)

Just a suggestion here.

You can also make full use of the Service Announcements board and create an announcement for your Bitcoin tumbler. The thread can serve as a place where members can make suggestions, drop in their reviews and complaints. It can also be a place where you can make updates about the service.
Of course, it's your choice.

Another newcomer to the 2023 List Bitcoin Mixers Bitcoin Tumblers Websites is Whir.to - CoinJoin powered bitcoin mixer.

⭐Name: Whir.to
🔹Clearnet link: https://whir.to/
🔹Tor link: http://whirtorrgetftvz4g466sjqkegtyi35bjl4bvotfkfossunf5my4x6ad.onion/
🔹Bitcointalk thread link: here
🔹Fees: 1% fixed fee
🔹Minimum amount: 0,001 BTC
🔹Maximum amount: 10 BTC

A long time ago, there was a mixer on the forum that collected BTC adresses and sent a lot of dust transactions to forum users without them having anything to do with the service. It was around 2017-2018
Does anyone remember the name ?

Thanks.

---

I updated the list with a new service: PureMixer.io https://bitcointalksearch.org/topic/banned-mixer-bitcoin-mixer-50-btc-in-reserves-are-confirmed-5448710
I will probably remove 1 or 2 websites very soon

Up with two newcomers to the list

⭐Name: Whirlwind.money
🔹Clearnet link: http://whirlwind.money
🔹Tor link: whirlwct7ertqae6i7ivsm475kgia6v67zzxevgzkilykknrjke33cqd.onion
🔹Bitcointalk thread link: here
🔹Fees: from 0.25 to 4% + the network fees (0.0001 BTC)
🔹Minimum amount: 0.001 BTC

⭐Name: Webmixer.io
🔹Clearnet link: https://webmixer.io
🔹Tor link: webmix2nwd6qpq6tjkqshfivt3qqjoutl535xk2z32tgapqfn52z62yd.onion
🔹Bitcointalk thread link: here
🔹Fees: from 1 to 5% + the network fees (0,00035 or 0007 BTC)
🔹Minimum amount: 0,001 BTC

Mix your bitcoins!

Removed XXL Mixer and updated Mixtum's onion link

I will add a new mixer today or tomorrow.
Whirlwind.money https://bitcointalksearch.org/topic/m.61989613

Mixtum has an updated .onion link on their site now.
XXL Mixer can just as well be removed entirely, it doesn't have a clearnet link and it doesn't have a working Tor link either.

Because the websites concerned have never switched to v3, so I can't update with the new links. (If you noticed, the sites in question are white labels powered by the same group).

I left the links to v2 because it doesn't damage to let them and for reference if I needed later. When we went from v2 to v3, I updated as the mixers made the switch, but some never did. The question is why? My theory is that they just dropped it with Tor because no one was using them and they preferred to stay on the clearnet only.

Hi guys,

I'm trying to find a reliable bitcoin mixer, and my concern is the following. If the software of the mixing website is run at a hosting/vps-provider-owned server, not at a home/on-premises server owned by the mixer admins, then the hosting or vps provider has full access to the logs. In other words, we have to trust both mixer admins and the hosing provider that they don't send the pairs "input mixing transaction - output mixing transaction" to the governments. The same concern raises if the webiste is run at an on-premises server, but there is a vps/vpn/hosting provider who MITMs the traffic (officially this is usually called "ddos-protection").

I checked the websites in the straing post, and I see the following.

1. Most of the mixers show the standard cloudfare's anti-TOR page ("checking if the connection is secure...") when I open their clearnet versions through TOR. This is a 100% sign that cloudfare MITMs the traffic or runs the whole website software. And these mixers allow mixing through clearnet, effectively giving away the users' data to cloudfare. These are: https://coinomize.biz/, https://mixer1.money/, https://mixtum.io/, https://mixy.money/, https://sinbad.io/en, https://mixero.io/

2. At three more mixers, I didn't see the cloudfare's anti-TOR page, but when I DNS-resolved their IP addresses and navigated to this bare IP address, I saw one more standard coludfare's page "Direct IP access not allowed". So, cloudfare is still involved. Theoretically, this does not imply MITM so directly as in the previous case, but I'm not sure whether coludfare provides any service at all that redirects TLS traffic after SNI to an on-premises server, I think they are a pure hosing provider (if they redirected TCP/IP traffic to an on-premises server, we wouldn't see cloudfare's pages when accessing the bare IP, and I don't think they offer TCP/IP redirection either). If they indeed don't offer TLS traffic redirection after SNI (does anyone know this for sure here?), then cloudfare still has access to all data of the users of these mixers. (And yes, these mixers still accept bitcoins via clearnet.) These include: https://mixer.blindmixer.com/, https://mixtura.money/, https://unijoin.io/

3a. One more mixer, after a similar check (resolve DNS, navigate to the bare IP), shows some not so common page saying "DDOS-guard". Again, I'm not sure and I want to ask the people here: is there any "anti-ddos" software available that is intended for installation at an on-premise server? Or is such a page at a bare IP address again a sign that the website is run at a hosting provider's server? This mixer is https://cryptomixer.io/, IP address: 185.178.208.139, still allows mixing through clearnet.

3b. One more mixer behaves very similarly, except that instead of a page saying "DDOS-guard", it replies to a bare IP request with a page saying "bad gateway", which has a self-signed SSL sertificate issued by "ddos-guard". This is: https://yomix.io/, IP address: 185.149.120.23

4. There is 1 mixers in the list left that look a bit better than that: https://anonymixer.com/ (IP: 185.193.125.108, with a bare IP access: no response on port 80, port 443 replies with an SSL-certificate of anonymixer.com), so no direct signs of a provider-owned server (or maybe I just don't see one?)

By the way, who do some of the TOR links in the start post point to v2 TOR addresses? They are not supported by the TOR network anymore, unfortunately. Even if you prevented you local tor package from updating, the middle tor noe operators typically didn't do so, so v2 TOR addresses are more or less unreachable now.

edit: the site is back

---

Anonymixer.com stopped its service, I believe. Both links on the clearnet and .onion are down.
I removed it from the list for now. If the service comes back I will add it again of course because it could be just a maintenance (a too long one) but I'm not sure I'll ever see it online again

I don't know if it's because he has been 'afraid' after the case with Chipmixer or he decided to give up...
He's a guy with a good knowledge in the bitcoin mixer niche.


for my reference

The list of old Bitcoin mixers is shrinking so fast, most that are still operational are from around 2020. There was always something about Chipmixer. Even when other major mixers like Bitblender and bestmixer were halted. Chipmixer would just absorb the shock like it was nothing.

Let's hope the new kids on the block will manage to fill the void left behind.

Heartbroken, I removed ChipMixer from the list. I shed a tear this morning because CM was a legend to me. I'm weak, I admit.
But since I'm a man, I have a new flower in my heart 

The niche of the bitcoin mixers will become harder and harder with the time, and to me, it is an obstruction to the "freedom" of citizens.
It's like in politics, democracy doesn't really exist finally.


(Annoying americans, as usual,  LOL)

Right, except for the fact that ChipMixer knows who the depositor for each voucher is, and even if we assume that ChipMixer is acting in good faith which they probably are, there is still the risk that their servers are infiltrated and someone might be monitoring every transaction.

In our case and this is valid ONLY if you choose 'slow' mode, we cannot link a deposit to a withdrawal even if we wanted. Once you deposit and you have your Note, that only acts as proof that you are indeed owed coins from the pool, but when you withdraw noone knows which coins you withdrew.

Not sure I got this right, but if you're saying that all funds will stay together in one pool but noone knows who the funds in the pool belong to, then you are right.

Not specifically about "blinded bearer certificates", but it's essentially the same as what we want to do. I actually find it quite strange that noone did this until now.

https://www.reddit.com/r/Bitcoin/comments/5ksu3o/blinded_bearer_certificates/ The V1 will work in a very similar way to what is outlined here, just without being decentralized. We are the "bank" and the users get the certificates or Notes which they use to later withdraw. We will also run a multi-sig from the beginning with multiple signing servers out of which one is going to be in a secure offline location, this way the risk of someone seizing all servers at once gets reduced to a minimum.

Once we decide to decentralize the system we can do it in multiple steps. The first like I said in a previous message would be to find some reputable members on this forum, as theymos also suggested, and add them to the multi-sig. Immediately after this the single point of failure is eliminated since now not only do we not know who the assets in the pool belong to, but we can't even access the funds ourselves anymore.

This is great, but it's still not completely trustless and that is the end goal. What we could do afterwards, but obviously this is a very long shot and I'm sure it will be discussed a lot in the future, is create a separate blockchain specifically for this purpose. I'm sure it's possible though.

I'd like to read more about how this would work, but it belongs in a new topic.

That's one way to use ChipMixer. Your idea of "Notes" is similar to ChipMixer's vouchers (which they've offered since 2017). This is how you obtain maximum privacy:
Also, chips aren't necessarily funded shortly before your deposit. This transaction received chips that were funded weeks and months earlier.

Do you mean "the money" will be centralized but the "who owns what" will be decentralized?

Have you heard about blinded bearer certificates? Admin theymos wrote about it a few times:
Unfortunately, nobody has implemented it yet.

From a security standpoint using our notes compared to chipmixer is very similar since if you don't move the funds from their addresses they still have the private keys, a huge advantage they have over us though is reputation. For those that don't want to take the risk of using the notes and waiting longer can just use the 'fast' mode and have their coins sent in the next block. It is entirely up to the user to choose what is best suited for him when he uses the platform.

Assuming everything works flawlessly the Note system will be the 'best' mixing type from a technical point of view so I don't see why we wouldn't offer that regardless of the skepticism

I can also see a lot of heated discussions happening and perhaps even accusations towards us because of the model we are choosing to run and there is nothing I can do or say to reassure anyone other than always being upfront regarding everything. With time trust will be built and we could look into longer-term solutions like decentralizing the service altogether or at the very least finding some highly reputable users on this forum that would be willing to be added to the multi-sig and sign transactions alongside us so the risk of any single party running away with the funds is eliminated altogether.

The announcement post should be live sometimes next week

I think I completely get it - and I'm sure I'm oversimplifying your concept as a whole, but it's roughly like using an exchange to 'mix' your coins, depositing and withdrawing sometime in the future. The withdrawal comes from a relatively centralized pool, and it's very difficult to track a deposit to a withdrawal on an exchange from the outside. The risk comes from whatever info you've given to an exchange on the inside, but of course there'd be nothing to give to a mixer. You'd just have to trust that the mixer isn't taking any identifying info like your IP and all that. It seems like trust is going to be the absolute make or break it, haha I can already see that you're unfortunately going to get a lot of criticism in that space when people won't like leaving their coins on the platform. My thoughts are that this sort of mixer should be offered, and it's entirely up to the user to determine his own tradeoff on trust vs. privacy. Users can pretty much maximize privacy on a mixer that operates like that model, but they have to give up a very significant amount of trust as well that their notes will always be redeemable. Offer it up, and regardless of what happens, it's going to be very intriguing to follow all the conversation that comes up once you make your announcement post.

Thank you for your response - no matter how trusted a mixer is there are too many factors at stake that make it impossible and foolish at the same time to fully trust a service, even if the operator has the best intentions at heart there are still many things that can go wrong. I strongly believe there is nothing illegal, but there will always be risks and everyone has to understand and acknowledge this

Our model may sound relatively similar to Chipmixer, but it's really not. I believe that all mixers at this point in time have a very strong weakness, and that is the fact that in the case of Chipmixer even though you can spend your chips whenever you want like you said, they are funded a very short amount of time before your actual deposit, so an in-depth analysis by a firm with some resources could narrow down the possible deposits to a small enough range that it may become possible to identify where the funds came from. The fact that you know they are funded before kind of defeats the purpose

This is the case with others too, let's take Sinbad as another example. You can choose when to receive your funds between 0-168 hours after your deposit. Someone that knows where to look will be able to narrow down the possible deposits to a small list again.

And another example the type of mixer that has multiple clusters and sends you bitcoins from a cluster that has "nothing to do with your address". In reality that doesen't change anything since the clusters are known anyways so it may actually be worse to do it this way because then you are sure that the deposit was not in the cluster where the BTC came from, so again this is all information that could help track your funds.

I am not trying to disregard any of the services I gave as examples and I'm sorry if it comes out that way, they still achieve the desired goal for most users and the points I raised may be irrelevant for most, but it makes for an interesting discussion nonetheless

As much as people don't want to hear it "mixing" can't really break the link between your deposits/withdrawals 100%, the best it can do is obfuscate everything so much that it becomes impossible to prove someone's withdrawal originated from a specific address, and this is certainly achievable with a good system and patience.

Our way of achieving this is with the notes, but more specifically when you deposit your BTC goes into our main address together with all other funds and stays there until you decide to withdraw it. So for example you could deposit 1 BTC today, withdraw 0.2 BTC in a week, another 0.5 BTC in 3 weeks and the rest in another month. Or you could wait 3 weeks, deposit another note with 0.75 BTC , merge it with the one you already had into a 1.75 BTC Note and withdraw to 3 addresses 1.2BTC, 0.3BTC and 0.25BTC. The actual transactions out of the main address happen when you withdraw, so the longer you wait the harder it is for anyone to track. The longer our service will run, the better the anonimity set will be. We have an initial reserve that will be available so users can mix their coins from the start, but after a while technically speaking EACH withdraw could originate from ANY deposit that was made from the beginning until that point thanks to the option to withdraw whenever you want. (instead of a ~200 hour range before or after the deposit transaction)

About the decentralized solution I don't think funding is the biggest issue since it could charge the same fees as a centralized solution and split them between the validators and that should probably make it worth it given the high volume that this service would presumably facilitate, so if it works it's all good. But at the moment I'm not too sure there is a big enough market to make it worth the time it would take to do it, but I will have more insight after a while of running the centralized solution.

Without a doubt there's huge demand for a non-custodial mixer - trusting the centralized party is and always will be the largest weakness of any mixer. The catch is that it's unfortunately often difficult to build a decentralized product and keep it properly funded. Your model sounds relatively similar to Chipmixer, which in my opinion, has an edge over most other mixers in the strength of their privacy since you can spend the chips whenever you want, like the Notes in your model. As far as I know, there's no decentralized 'version' of Chipmixer though.

While the true innovation is in a decentralized model, I also have to say that I really like your idea of starting with a centralized model first. I've been working in the crypto space for a few years on various projects, and there was a huge push for decentralized products (like DEXes) back in 2019 or so. My thinking and arguments were always that we needed to continue building our centralized product and getting it stable first, before focusing on the decentralized product. It's just business reality that you need to get your funds and structure stabilized in order to have the runway and foundation to build the decentralized product. I butted heads quite a lot on that back then, although I think history has shown that the centralized companies have had more success. It gets a lot of hate, but that's just the reality. I'll be following along, it sounds like you've done a crypto venture or two before, and I'm looking forward to seeing and hopefully helping to alpha or beta test it when you launch it.

This is an open question to the community, do you see any value in having a fully decentralized non-custodial BTC mixer? I am currently building a centralized solution with some unique features, but I got some ideas for how to make a decentralized one work and am trying to decide if it's worth the hassle to work on it.

In V1 (centralized) that will be launched in the following days users will have the option to choose from 2 mixing methods. The 'fast' one, which is similar to the other solutions available (you deposit and select how many withdrawal addresses/amounts/elapsed time you prefer and done you will receive your funds according to the schedule you set), or the 'slow' one, which works in a similar way to Tornado Cash if any of you are familiar with that. How it works is a user would go on the platform and generate a "Note", afterwards he deposits funds into the specified address and they get credited to his "Note". Then he can withdraw any amount from it at any point in time. So for example you could withdraw 20% of the balance after 2 days, another 30% after 1 week and the rest after 1 month, thus making it close to impossible to track movement of funds. And with more time passing and more BTC/deposits/withdrawals are performed the anonimity gets stronger and stronger. PERFECT privacy for Bitcoin doesen't exist, but I believe this model is as close as you can get to it. If you use it the correct way there is no possible way to prove your funds are coming from a specific address unlike some other solutions where it may be harder to do but nonetheless feasible.

In the possible V2 I am envisioning the process would stay pretty much the same except for the fact that anyone will be able to become a "validator" and so the protocol will become fully decentralized, meaning that it cannot be changed or tampered with by anyone - not even the original developers.

yeah, and I remember how you wasted my time before. At the time, I've read each page of each ANN topic related to a mixer.
That was a lot of reading...

Here is what you do on Bitcointalk with your friends. You make few posts in different topics, then wait a few days to edit your comments to include a phishing link, or a crappy blog full of phishing links..
So many posts I reported

From a philosophical POV, it shouldn't matter if the other coordinator is involved in illegal things, especially if the default is that the others with whom you coinjoin with are preset. Even if not preset - what, are we supposed to ask the entire personal history of the others involved? That defeats the point. Even if you asked, your chances of getting a straight answer are near 0%. I think it's an issue of "guilty by association," which fortunately does not fly much anymore in today's time.