Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 42. (Read 92822 times)

Hello again.
At the beginning I thought there is just small problem with my vouchers but now I think that your server has been hacked when I was using your service as well. It is strange, because there was a SSL on the site and your system recognized my two deposits. I had no problems with changing addresses as well. The delay between deposits was about 8-9 hours. I did not send them at the same time.
At the beginning, I have changed first deposit to the voucher but when I tried to use it, there was no message (no info if the voucher has been approved or rejected). Surely it was not approved, because I had no funds in the second step. And I misunderstood that I need to wait few hours (it was about sweeping). So I thought it is normal situation so I decided to waited a bit longer.
Second deposit has been made later. I got voucher and this voucher worked. But what is strange - this voucher changed its code. At the beginning it was XYZ and when I tried to write it down again, new voucher has been generated. The old one did not work anymore but the new one worked.
But the voucher of the first deposit still did not work and I got information that it is invalid or already redeemed. I thought that maybe the same situation happened - that the voucher changed it's code to the new one and old voucher code (which I saved) was invalid.
So when I saw information that it is already used I decided to contact you. I wanted to use both vouchers same time to be able to merge them and get less outputs (bigger chips).
Yesterday I did not understand your mail and tried to get private keys of the second deposit. Unfortunately they have been withdrawn already so either it was hack or you transfered them to avoid hack. I do not know. But still do not know what is about the first deposit. I have never know the private keys of it, because I could not use the voucher and later I got info that it was already redeemed or invalid.
I have no idea what to do now. If it was hack on the server or if it was internal transfer to avoid hack maybe? The amount was not small (0.4+ BTC) which was almost all of my BTC holdings and almost all of my savings. I have no clue what to do now. I have sent you a mail as well but you did not read it yet so I thought you will read forum faster than mail. I think I explained here everything now. Or at least I tried to explain everything and every step.
Waiting for your reply. I hope you are able to help in this situation. Best regards!

Important announcement

There has been successful attack on ChipMixer communication integrity. Small part of traffic to/from ChipMixer.com website has been compromised. Please read on to decide what to do next.

If you are using Tor and .onion to access ChipMixer - you are not affected.

If you are not using Tor and visit .com to access ChipMixer - there is a chance you have been affected. Sweep all chips you have received in last 7 days and treat them as linked with your deposit.

If you are using Tor and .com to access ChipMixer - please stop it and start using Tor with .onion. This is very bad for your privacy and your funds safety. Please read second part of this message. Also there is a chance you have been affected. Sweep all chips you have received in last 7 days and treat them as linked with your deposit.

Details of attack

Over last few days IP address of .com server have been switched to another server for about 30 minutes about 3 times per day. Attacker used it to create valid SSL certificate and then served their own version of service with minor cosmetic changes.
There were four effects:
1. If your session already started - your browser sent your cookies (session token) to attacker and they withdrawn and sweeped your chips.
2. If you created new session - attacker displayed their deposit address and you have never received your chips.
3. If you accessed .com only to get .onion address - attacker displayed their .onion address.
4. If you tried to redeem voucher - it was not redeemed instantly - you should redeem it as soon as possible.
This affected small part of customers and we assume it was motivated to steal Bitcoins not privacy - if you were using .com and were not affected - you should still assume your privacy has been affected.

None of the servers were compromised. Mitigations are in place.

---

If you are using Tor to access .com - you may be affected by different attack made with Tor Exit Node. At least one of them proxies .com using forged SSL certificate and replaces all bitcoin addresses to theirs.

@ChipMixer
Please check email inbox. I have problem with my vouchers. On the site I get error that this voucher is invalid or has been redeemed even if I did not use it yet. Details are sent to your email but looks like you did not check it yet.
I was using your service few times and everything was perfect but this time I had to use voucher (for the first time) and the problem occurred. Hope you are able to help.

UPDATE

Chipmixer provided me the voucher equal to the amount I lost. Thank you for the same! Now we know why Chipmixer is easily one of the best service out there.

Chipmixer staff is currently determining the cause of the issue. Once they are able to resolve it, an announcement will be made here by them.

I have emailed you the entire case with as much information as I could retrieve. Do inform me if anything else is needed. I would be happy to provide as far as it doesn't intrude privacy much.


I think I overstated the situation. It wasn't changing on every refresh. But it surely changed two-three times and I was redirected to captcha page.


I have included the name of VPN provider alongside the exact server I was using at that time, in case that helps.

---

Good to know that your issue is resolved. So, did you get the mixed private keys in the same session where the deposit address changed earlier?

Just a quick update that my issue was resolved, still not sure from where the problem came, but most important is that my coins are not compromised. To be honest this was better support then Kraken where my 1 BTC was gone due to support neglecting my case.
Thank you

Status update

In last 7 days there were two reported issues of customer visiting .com and receiving non ChipMixer deposit address. In both cases - after deposit transaction deposit address displayed in browser changed into ChipMixer deposit address.

In last 7 days there were three reported issues of customer visiting .com and depositing to ChipMixer deposit address. After deposit .com timeouts and when it starts working again all chips are already sweeped.

Both issues are being investigated. Please be aware of issues and if possible with your privacy plan keep documenting interaction with our service (ie. check SSL certificate, do and keep  screenshots).

---

Could you send an e-mail to [email protected] to avoid discussing addresses and txid in public? After your post there was only one support email about this issue and there were two deposits with that case.

Refreshing session page should not change cookie.

When you access .com website with correct SSL - your headers are encrypted and only you and .com server can see that. Cookie has relation with session token. It is unlikely to share session with other user in this case.

Please do send us as much information as you are willing to. Including VPN provider.

This idea was discussed in 2019:
We could do it anyway to provide integrity of server response ie. nobody switched deposit address but it would force users to check another thing (and they would not do that every time) and server response integrity is already guaranteed with SSL.

Do you have any extensions installed?

Same thing happened to me, so this is not an isolated situation!

Sent coins to the provided address. Waited for confirmation, once it was confirmed I went back to the website, just to see it went down (I'm used to this Chipmixer DOWN! situation).
After it got up and running again, I went to step 2 and Total Chips : 0.000
The coins were already withdraw!


I had 3 open sessions in 3 different browsers. Mozilla, Chrome and Edge.
The one in Chrome and Edge went through successfully - There were no problems, I managed to withdraw the chips!
But the one in Mozilla, were already withdrawn!

Hello,
Problem with me still persists. I cannot see the coins in my account and only one transaction was made to the deposit address.
I was not using VPN and entered the .com domain. Nothing different from what I was doing all the times I used the service before.

Nope, I can only see one deposit made on the deposit address i.e. the funds I sent. Also, only one sweeping transaction was made i.e. with the chips equivalent to my deposit less fees. I can't see the other deposit/withdrawal you are talking about.

---

I am not sure my VPN service would do that. Moreover, I made sure that I was accessing the encrypted website by manually checking the SSL certificate at two different occasions. It was indeed valid. By the way, I noticed one thing - the browser cookie was changing whenever I was refreshing the session page. I am talking about this one:



It has to remain same unless I close my browser session, isn't it? It maybe changing due to the use of VPN. Can this be the reason someone else got hold of my session? Does this cookie has any direct relation with session token? Is it possible that my session token got mingled with another user on site and both of us were shown same session?

The case still needs answers. @Chipmixer, do you want me to send e-mail with more extensive information like the txid I sent, etc? I need to get to the end of what actually happened because I regularly use Chipmixer and this is my common setup (VPN+browser+clearnet). It never happened before and I don't want this to happen again.

I know this has been mentioned before but it requires putting a private key on an online server that could compromise everything.

There's then the other prospect of how many letters will people check? A 1Chip or even 1Chipmix address would be crackable without much computation power afaik. So you'd need to find an address with another word in it imo which would probably be hard to find.

Also, if you keep a copy of your receipt, you keep a copy of what you've just tried to destroy. Deleting information you've downloaded or saved is fairly difficult to do (and make it irrecoverable) even in memory there's no guarantee that your data will delete once the session clears or after a certain amount of time on a lot of devices.

My suggestion was to publish their ssl public key whenever they update it and then someone could verify the key by looking at the site settings on their browser.

What do you think about giving the user a signed letter with the deposit address so they can confirm nothing went wrong?

edit: Now that I think about, someone could generate new sessions to create valid letters and sweep everything to match with his own (controlled) session. Maybe some brainstorming could result in a better solution.

Hello

Those are two different cases.

webtricks case
1. Visits our website, receives our deposit address
2. Does first deposit, receives chips after first confirmation
3. Half hour later sweeps chips into address
4. In the same block as sweep does another deposit to our deposit address
5. Half hour later sweeps chips into same address

gondel case
1. Visits website, receives not our deposit address
2. Does deposit but never receives chips
3. Restores session and receives another deposit address

I assume that gondel case could be
1. Use Tor
2. Access http chipmixer com
3. Malicious Tor Exit node serves website over clear text (SSL stripping) and switches deposit address to their

webtricks case is weird because there are two deposits and they say they did one. It could be that VPN does the same as Malicious Tor Exit node with SSL stripping and sweep them.

Guys I can see the coin I sent are in that address on the blockexplorer and it was used only ones, nothing is spent from there so far.
Just no coins are showing in my account. I always use the official link .com to deal with chipmixer and never had problems until today.
Any answer from their support will be appreciated as soon as possible.
Thanks!

Nope. Regular VPN.

Were you using Tor?

Well, there no chips at all on my side, they were not spent, but just not showing in the account. Hop this will be resolved pretty soon and they answer promptly.

Something is indeed wrong with Chipmixer today.

I sent some funds for mixing about an hour ago. After sending the funds, site became inaccessible. Then around half an hour ago, I was able to access my session. But when I imported the private keys, the funds were already spent! All UTXOs provided to me were spent in a single transaction few minutes before the session was once again accessible to me.

I don't think I made any mistake at any step but maybe it's possible that I did something wrong. I would appreciate if others can share their insights on what could have gone wrong.

---

Yes! Same thing happened to me. I was redirected to a new session as well. But I manually visited chipmixer.com/restore/session/oldSessionID to access my old session (the one where I sent funds). It wasn't accessible for like 20-25 minutes and when I was able to access it, funds were already spent.

Yes now it is back, but the coins I sent to them are not showing in the account. Transaction is already confirmed but the deposit address changed and the coins are not visible in my session.
Anyone else experienced this?