Topic: 2023 List Bitcoin Mixers Bitcoin Tumblers Websites - page 6. (Read 39730 times)

It's better to keep the discussion in one place but it's split up already. I'd say your current post is fine

In brief, I think that the approach by whirlwind.money is not a reliable defence against cloudfare's MITM. I already wrote some more details in whirlwind.money's ANN thread, here.

Or do you mean, you are suggesting to repost this detailed opinion from the ANN thread to the thread where they are "collecting opinions"? I am new at this forum, I don't know what is common here.

Can you share your view on this post?

I have checked the webpages of the 4 recently added mixers, and all of them look cloudfare-related.

1. webmixer.io and whir.to show the standard cloudfare's anti-TOR page, the traffic is definitely MITMed by cloudfare.

2. whirlwind.money and puremixer.io don't show the cloudfare's anti-TOR page, but the IP addresses these domain names point to still belong to cloudfare, which raises the same suspects as in part 2 of my previous message.

Summarizing, there is only one mixer in the list left that does not show signs of the traffic being MITMed by a "ddos protection system", anonymixer.com, but now it looks dead, neiter the clearnet page nor the tor page works. All alive mixers show weaker or stronger sings of MITM.

By the way, the link to anonymixer.com's thread at this forum in the opening post does not really link anywhere. It's just plain text, not a real link.

Thanks for trying our bitcoin mixer Whir.to and for adding it to your list. Anyone who needs to anonymise bitcoins is more than welcome to use our service.

I give information, not advices. People have a brain and shall use it.

A lie doesn't mean a scam to me, (even if I see it as a not correct method to do business) otherwise there are a couple of services I could label as a scam. I could also say a service marketing itself as "the best mixer" is a lie, so a scam (because the best mixer is the one in my signature space, we all know that ).
It's not the first time I see a mixer using this pop up, I consider it as a marketing trick to make the service looking popular

Me, compensating the victims? So when a website is fully functionnal and months laters it scams people I shall pay too?
Let me spin your idea. What about people compensating me all the money that I've spend on different things? No, right?
(There is 1 mixer launched recently who offered me to cover the cost for something and I refused anyway)

I tested this website as I usually do, and it worked

https://blockstream.info/address/bc1qwszhjwd5nwz2gfyn38cl4jh8kxmw8zju06nqau
https://blockstream.info/address/3Bk9cw7TP5rb3XDrN5LnkyZ4X618tUXHPV

LeGaulois, adding the mixer to the list is your stamp of approval. Why would you add it to the list if you have evidence that it is a scam?

My main concern is that creating a mixer is an easy way to scam people. With all of these new recommendations, I wonder if any have really been vetted.

I think that a person who recommends a mixer should also provide some kind of guarantee, so that if the site turns out to be a scam, the person who recommended it must compensate the victims.


I certainly do not trust whir.to. The mixer is recommended by someone whose only post on this site is that recommendation.

I'm adding it to the list but to be honest, something doesn't look right to me

I'm talking about


I've been on the website for about 1 minute and I've see the box saying me 0.xx btc has been mixed at least 4 times.
And I know for a fact it's not true.
 

Just a suggestion here.

You can also make full use of the Service Announcements board and create an announcement for your Bitcoin tumbler. The thread can serve as a place where members can make suggestions, drop in their reviews and complaints. It can also be a place where you can make updates about the service.
Of course, it's your choice.

Another newcomer to the 2023 List Bitcoin Mixers Bitcoin Tumblers Websites is Whir.to - CoinJoin powered bitcoin mixer.

⭐Name: Whir.to
🔹Clearnet link: https://whir.to/
🔹Tor link: http://whirtorrgetftvz4g466sjqkegtyi35bjl4bvotfkfossunf5my4x6ad.onion/
🔹Bitcointalk thread link: here
🔹Fees: 1% fixed fee
🔹Minimum amount: 0,001 BTC
🔹Maximum amount: 10 BTC

A long time ago, there was a mixer on the forum that collected BTC adresses and sent a lot of dust transactions to forum users without them having anything to do with the service. It was around 2017-2018
Does anyone remember the name ?

Thanks.

---

I updated the list with a new service: PureMixer.io https://bitcointalksearch.org/topic/banned-mixer-bitcoin-mixer-50-btc-in-reserves-are-confirmed-5448710
I will probably remove 1 or 2 websites very soon

Up with two newcomers to the list

⭐Name: Whirlwind.money
🔹Clearnet link: http://whirlwind.money
🔹Tor link: whirlwct7ertqae6i7ivsm475kgia6v67zzxevgzkilykknrjke33cqd.onion
🔹Bitcointalk thread link: here
🔹Fees: from 0.25 to 4% + the network fees (0.0001 BTC)
🔹Minimum amount: 0.001 BTC

⭐Name: Webmixer.io
🔹Clearnet link: https://webmixer.io
🔹Tor link: webmix2nwd6qpq6tjkqshfivt3qqjoutl535xk2z32tgapqfn52z62yd.onion
🔹Bitcointalk thread link: here
🔹Fees: from 1 to 5% + the network fees (0,00035 or 0007 BTC)
🔹Minimum amount: 0,001 BTC

Mix your bitcoins!

Removed XXL Mixer and updated Mixtum's onion link

I will add a new mixer today or tomorrow.
Whirlwind.money https://bitcointalksearch.org/topic/m.61989613

Mixtum has an updated .onion link on their site now.
XXL Mixer can just as well be removed entirely, it doesn't have a clearnet link and it doesn't have a working Tor link either.

Because the websites concerned have never switched to v3, so I can't update with the new links. (If you noticed, the sites in question are white labels powered by the same group).

I left the links to v2 because it doesn't damage to let them and for reference if I needed later. When we went from v2 to v3, I updated as the mixers made the switch, but some never did. The question is why? My theory is that they just dropped it with Tor because no one was using them and they preferred to stay on the clearnet only.

Hi guys,

I'm trying to find a reliable bitcoin mixer, and my concern is the following. If the software of the mixing website is run at a hosting/vps-provider-owned server, not at a home/on-premises server owned by the mixer admins, then the hosting or vps provider has full access to the logs. In other words, we have to trust both mixer admins and the hosing provider that they don't send the pairs "input mixing transaction - output mixing transaction" to the governments. The same concern raises if the webiste is run at an on-premises server, but there is a vps/vpn/hosting provider who MITMs the traffic (officially this is usually called "ddos-protection").

I checked the websites in the straing post, and I see the following.

1. Most of the mixers show the standard cloudfare's anti-TOR page ("checking if the connection is secure...") when I open their clearnet versions through TOR. This is a 100% sign that cloudfare MITMs the traffic or runs the whole website software. And these mixers allow mixing through clearnet, effectively giving away the users' data to cloudfare. These are: https://coinomize.biz/, https://mixer1.money/, https://mixtum.io/, https://mixy.money/, https://sinbad.io/en, https://mixero.io/

2. At three more mixers, I didn't see the cloudfare's anti-TOR page, but when I DNS-resolved their IP addresses and navigated to this bare IP address, I saw one more standard coludfare's page "Direct IP access not allowed". So, cloudfare is still involved. Theoretically, this does not imply MITM so directly as in the previous case, but I'm not sure whether coludfare provides any service at all that redirects TLS traffic after SNI to an on-premises server, I think they are a pure hosing provider (if they redirected TCP/IP traffic to an on-premises server, we wouldn't see cloudfare's pages when accessing the bare IP, and I don't think they offer TCP/IP redirection either). If they indeed don't offer TLS traffic redirection after SNI (does anyone know this for sure here?), then cloudfare still has access to all data of the users of these mixers. (And yes, these mixers still accept bitcoins via clearnet.) These include: https://mixer.blindmixer.com/, https://mixtura.money/, https://unijoin.io/

3a. One more mixer, after a similar check (resolve DNS, navigate to the bare IP), shows some not so common page saying "DDOS-guard". Again, I'm not sure and I want to ask the people here: is there any "anti-ddos" software available that is intended for installation at an on-premise server? Or is such a page at a bare IP address again a sign that the website is run at a hosting provider's server? This mixer is https://cryptomixer.io/, IP address: 185.178.208.139, still allows mixing through clearnet.

3b. One more mixer behaves very similarly, except that instead of a page saying "DDOS-guard", it replies to a bare IP request with a page saying "bad gateway", which has a self-signed SSL sertificate issued by "ddos-guard". This is: https://yomix.io/, IP address: 185.149.120.23

4. There is 1 mixers in the list left that look a bit better than that: https://anonymixer.com/ (IP: 185.193.125.108, with a bare IP access: no response on port 80, port 443 replies with an SSL-certificate of anonymixer.com), so no direct signs of a provider-owned server (or maybe I just don't see one?)

By the way, who do some of the TOR links in the start post point to v2 TOR addresses? They are not supported by the TOR network anymore, unfortunately. Even if you prevented you local tor package from updating, the middle tor noe operators typically didn't do so, so v2 TOR addresses are more or less unreachable now.

edit: the site is back

---

Anonymixer.com stopped its service, I believe. Both links on the clearnet and .onion are down.
I removed it from the list for now. If the service comes back I will add it again of course because it could be just a maintenance (a too long one) but I'm not sure I'll ever see it online again

I don't know if it's because he has been 'afraid' after the case with Chipmixer or he decided to give up...
He's a guy with a good knowledge in the bitcoin mixer niche.


for my reference

The list of old Bitcoin mixers is shrinking so fast, most that are still operational are from around 2020. There was always something about Chipmixer. Even when other major mixers like Bitblender and bestmixer were halted. Chipmixer would just absorb the shock like it was nothing.

Let's hope the new kids on the block will manage to fill the void left behind.

Heartbroken, I removed ChipMixer from the list. I shed a tear this morning because CM was a legend to me. I'm weak, I admit.
But since I'm a man, I have a new flower in my heart 

The niche of the bitcoin mixers will become harder and harder with the time, and to me, it is an obstruction to the "freedom" of citizens.
It's like in politics, democracy doesn't really exist finally.


(Annoying americans, as usual,  LOL)

Right, except for the fact that ChipMixer knows who the depositor for each voucher is, and even if we assume that ChipMixer is acting in good faith which they probably are, there is still the risk that their servers are infiltrated and someone might be monitoring every transaction.

In our case and this is valid ONLY if you choose 'slow' mode, we cannot link a deposit to a withdrawal even if we wanted. Once you deposit and you have your Note, that only acts as proof that you are indeed owed coins from the pool, but when you withdraw noone knows which coins you withdrew.

Not sure I got this right, but if you're saying that all funds will stay together in one pool but noone knows who the funds in the pool belong to, then you are right.

Not specifically about "blinded bearer certificates", but it's essentially the same as what we want to do. I actually find it quite strange that noone did this until now.

https://www.reddit.com/r/Bitcoin/comments/5ksu3o/blinded_bearer_certificates/ The V1 will work in a very similar way to what is outlined here, just without being decentralized. We are the "bank" and the users get the certificates or Notes which they use to later withdraw. We will also run a multi-sig from the beginning with multiple signing servers out of which one is going to be in a secure offline location, this way the risk of someone seizing all servers at once gets reduced to a minimum.

Once we decide to decentralize the system we can do it in multiple steps. The first like I said in a previous message would be to find some reputable members on this forum, as theymos also suggested, and add them to the multi-sig. Immediately after this the single point of failure is eliminated since now not only do we not know who the assets in the pool belong to, but we can't even access the funds ourselves anymore.

This is great, but it's still not completely trustless and that is the end goal. What we could do afterwards, but obviously this is a very long shot and I'm sure it will be discussed a lot in the future, is create a separate blockchain specifically for this purpose. I'm sure it's possible though.