Topic: [ANN] Bitcoin Blender, anonymous bitcoin mixer - page 7. (Read 127008 times)

1. Nutildah isn’t anyones staff. He’s just promoting BitBlender on his signature, the same way I am with ChipMixer (P.S: I’m also not their staff).

2. The negative trust is deserved.

Hello bitblender.

Today one of your staff,  the user nutildah left a negative feedback in my account,  I think he is trying to scam me and he will ask for money to remove the negative feedback,  can you please tell your staff nutildah to remove the negative feedback from my account,  thank you.

Just research, He look like have not sent any fund to address above. If he was got scammed through phishing website. The transaction hash ID must in Blockchain Explorer.


Might you share your ID transaction?

I only discovered this forum once I had the problem. Thanks for the advice guys now at least I know where I went wrong.

That's £30 down the drain.

Thanks for the speedy responses! I'll use the real blender this time 😅

Yep :/

The only real Tor URL is http://bitblendervrfkzr.onion/ (as mentioned in the main thread).

Unfortunately, there is nothing you can do to recover your coins. Sorry for your lost.

Alright so I think I got scammed by a blender onion lookalike,

can I confirm: http://bitblenduun5mnwp.onion/

is fake? if so theres the problem. moneys gone

Check the link above. The address you posted never received a single coin. That's 100% right.

Post here the transaction ID to see where the coins went (if they were ever sent somewhere). Because they are not on the address above.

Hi there, I'm 100% sure.
 
I used tradeblock.com and saw my exact amount go out. It reached 50 confs, localbitcoins.com said once it reaches 6 it will be in my wallet.

I'm not sure if I've done anything wrong but I've confirmed the exact bc figure and time sent it had 5 green figures and the rest were red.

The bc has left my wallet and it's not in my blender account so I'm not sure where they are or what I can do.

Ive not received a response on the onion support url either. Did I do something wrong?

Any advice woukd be helpful,

Thanks

Are you sure? Just checked the address and it is empty with a clean transaction history.

https://www.blockchain.com/btc/address/3D8UcNRVtXJoCBFrAn5NECMuEB1tYoaJRu

Hi there,

I have sent to wallet 3D8UcNRVtXJoCBFrAn5NECMuEB1tYoaJRu

my account name is mattboyslim,

my bitcoins have left my wallet and my bitcoin provider has confirmed they have been received.

I have left a message to support via the onion but have had no response,

please could you tell me where my bitcoins are and how I may receive them back or have them placed onto my blender account.

Thank you.

i've sent you a personal message.

You can now withdraw bitcoin using Lightning by entering a lightning invoice on the withdraw page.

I check the support messages on the site a few times per day.

I know I don't sign in on Bitcointalk often but I do check this thread for activity regularly.


Thank you

Don't know to be fair, once I contacted them and got response in six hour but maybe I was just lucky. Still are you left without response? If yes, then I have no idea, their bitcointalk account is rarely active too (their last activity was two months ago). Better to contact Luptin as he is managing campaign for owner and has contact with him, here is his profile: https://bitcointalksearch.org/user/lutpin-520313

I haven't used them and never contacted the support through their site but if you are thinking of the support here in the forum. Their account has been inactive since Nov. 2018 so I don't think they'll respond to you at any moment.

But if their support is looking at this thread, just include and post your concern so they will reply to it. Just like the other concerns, they received a reply from blender itself.

Damn fuck. Just got scammed today too. . Thats  expensive lesson.




WARNING THIS ADRESS IS A SCAMM:

http://bitblendnlwdwxiy.onion


FUCK YOU SCAMMERS .can not imagine i get catched on this shit... daang!

I created an account on the link below thinking it was Bitcoin Blender, it looks exactly like the other link in this message.

http://bitblendnlwdwxiy.onion


I sent coins to the deposit address in link above but never got them, I see 50 confirmations showing the deposit was good. Through this forum I found the correct link http://bitblendervrfkzr.onion which I will use going forward. My $100 lesson on figuring this out.

If someone where to try and follow your coins, they see you move 100 BTC and suspect you put it in a mixer. They would then not be able to follow those coins to find out where you withdrew it, they would need to go check all bitcoin transactions and see if they find a transaction of 97-99 BTC in a block after the transaction. 97-99 is within the 1-3% service fee i take. Every hour there are approximately 10-15 000 transactions, some of them are between 97-99 BTC, after a day there should have been enough transactions on the bitcoin blockchain within that range that they cant know which one is yours or if you even withdrew yet or not. To make it harder for them to guess which transaction would be your withdraw its a good idea to withdraw to maybe 2 addresses and with randomized amounts and long randomized delays.

No

No I wont tell you, but it depends on the amount of coins in the mixer wallets and the volume users make. Higher volume (deposits/withdraws) and a lower amount of coins in the mixer wallets would make the coins move faster, stay shorter time.

No. The minimum amount is 0.001 BTC right now, the information about minimum amount is on the quickmix page and the withdraw page if you use registered account.

Can you point me to where it says that quick mix happens "four times a day"?
Quickmix creates your withdraw directly after your deposit is added to your balance, there is no delay except if you specify one when creating the quickmix.

As I explained in my previous post about this, the system does a taint analysis on all deposited coins to see if they have previously been on Bitcoin Blender to take care of this problem.

Correct, I have been thinking about making the taint analysis tool available on the site, as a way for users to verify that the new coins they received has no taint to the original coins but it would be better if it was provided by a third party instead of me. https://bitcointalksearch.org/topic/m.46285715

Mixing 100000 BTC? It's going to take a long time. I suggest reading the Best-Practice Guide that is on the front page of the mixer, "Delay your withdraws" and "Withdraw to Multiple Addresses".

The clearnet site uses a different hosting provider, registered anonymously. There is nothing linking the clearnet site to the hosting provider used for the mixer.

TheClarifier would like some clarification on this point.

• Does this mean that if I were to deposit 10 BTC today, and let them sit there for one year and then withdrawal them after a year, they will be more 'mixed'?
• Can you tell us a little bit about what sort of cryptographic solution you use to track every sincle coin and fraction of a coin that a user has originally owned so they will never receive it again?
• Can you tell us some statistics about what the maximum length of time a single coin, or fraction of a coin, has remained on the tumbler before finally being tumbled out?
• Do you mean to say that if User A deposits 1 BTC into Deposit Address A, that User B who withdrawals 0.5 BTC will receive half of the 1 BTC from Deposit Address A? Is this the minimum amount of tumbling?

This raises an additional question:

• Can you tell us anything about your reserves or volume of BTC, approximate or exact that you use for tumbling? Greater coin count means great obfuscation. Bitmixer.io historically had their coin count total freely listed.
• If you can't tell us, citing a security reason, can you tell us what the security issue would be? I've never consider how showing total volume is a concern.

I don't feel like my question was thoroughly answered, and forgive me if I'm mistaken.

• I asked about how often the 'QUICK MIX' withdrawals are made and at what times of day. You stated on your website that they happen 'four times a day'. Does this mean it's the same four times a day; i.e. 0636, 0911, 1758, 2325? And each day is the same time, or each day is a different time of day?

This references a question I asked above.

• Does this mean that the oldest coin, or fraction there of, in your tumbler is never more than a week old?
• Do you believe that depositing 10 BTC and waiting a very long time to initiate a withdrawal will improve the obfuscation?

My concern here is not how the coins are tracked while in the tumbler, but how they are tracked if returning to the tumbler.

• What about a coin that later returns to the tumbler, because another user has brought it back? Perhaps a bot who can register and manage hundreds of users and intentionally redeposits old funds to destroy the ability to successfully obfuscate funds, thus partially deanonymising your users funds.
• What would a database solution look like for tracking the entire life of a coin? This doesn't seem feasible. Is there a compromise somewhere to tracking it at least for a year?

Now below, you reference something that caters to my above two questions. However, it leaves me concerned. Are you saying that your tool is effective and your tumbler uses this tool? Would you be willing to open source this tool?

I suppose the limits you've discussed are the practical limits of the system and we're left with these limits.

I want to propose a final hypothetical to you: let's propose that I've fancied hacking myself an exchange or two and I've come across 100.000 BTC at the current market value. The BTCs are split between four wallets, unevenly. All four wallets are known to my adversaries. What method would you suggest to pass through 100.000 BTC through your tumbler, or other tumbler also?

Finally, can you tell us anything about how your service is hosted? I'm confused as to how you have a clearnet detached from the onion. Does this mean your clearnet has absolutely no link to your onion? Different hosting providers, different countries, and different server architectures to prevent fingerprinting and surely different TTPs to administrate them both?

Thank you for showing interest! Will try and answer as much as I can



I need backups to be sure I don't lose users coins, their current balance etc. The message you quote is old and things have changed since then. I take backups every minute now, and they are copied using rsync over Tor to a backup server that is kept as a copy of the original server. In case the original server hardware fails I can quickly change over to the backup server as its always ready. Both are bare metal and are installed by me (Not Windows) and uses full disk encryption. Old backups are of course also removed.

Old log files are removed. In the database old withdraws, deposits, deposit addresses, support messages, quickmixes, login attempts are removed. Nothing is saved. Each row in the DB is timestamped when added and then later removed. I like to keep the database as small and fast as possible.


When you open the withdraw page the mixer checks the coins currently in the withdraw wallet and if there is enough in there for you to withdraw your whole balance or not.
You either get a message that it is ready, or a message that it is not ready. Usually you never get the other message where it explains you have deposited too much because you would need to deposit around 800-900 BTC at once (i don't like keeping too much on hot wallets). That message explains that you can either wait for the mixer to catch up so you can withdraw or wait for me to move in coins from cold storage, and recommends the user to contact me through support.

I will change the message as it is misleading, of course you can withdraw less than your whole balance.

Deposited coins are sent and mixed in different ways on the way to the withdraw wallet and thats where withdraws are sent from. The system keeps track of the coins original owner and will never send coins originaly deposited by the same user.



Quickmix and automatic withdraw is not the same thing. Automatic withdraw is a feature registered users can choose to activate, the withdraws created by automatic withdraw have a forced randomized delay between 1-18 hours, it has a high randomized delay to prevent that. The problem with the automatic withdraw feature is that users set their addresses there once and then don't seem to change them often, so it encourages address re-use which is bad for anonymity.



Correct, the quickmix id is used instead of a username to keep track of your coins. So if you come back later and you enter the same quickmix id it wont send you any of your old coins on withdraw. If you don't mix more often than maybe once a week your old coins would have been sent out from the mixer by then anyways.



As long as a part of your coins are still in the mixer wallet I keep track of them, each UTXO is marked as belonging to a specific user or several users. Usually coins are only in the mixer for a few days so its not a big issue to keep track of them. That will prevent your example above from happening, if I understood you correct?

But there are other interesting things that can happen. Hope I can explain this so it makes sense with this example..
User A deposits 100 BTC to Address 1A. Some part of the coins deposited on 1A is eventually sent out of the mixer to another bitcoin service by some random Blender user.
User B also have an account on the same bitcoin service and decides to withdraw his coins to Bitcoin Blender and receives parts of the same coins the other user deposited on that service. Now there are coins in the mixer which has taint to Address 1A but is deposited by User B... The coins once deposited on Address 1A could of course be sent between several different bitcoin services before ending up on Bitcoin Blender again, but there could still be some small taint % to Address 1A there.

Thats why I have built my own taint analysis tool into the mixer, it is similar to the one blockchain.info used to have.

So on withdraw the mixer checks that the UTXO it is about to spend does not belong to you, and it also checks the taint on that UTXO. It checks that any of your deposit addresses is not in the taint report of that UTXO. Once you remove a deposit address it is kept for 7 days before the link to the user is completely removed, after that this taint check wont work for that address.