Topic: [ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented - page 67. (Read 92822 times)

Site not down but not usable at the moment.  
Here is my unbiased analysis to current chipmixer's situation (time will tell if this is true):

1) Attack against Chipmixer isn't all that volumetrically significant.
2) Chipmixer had been watched and targeted by state level adversaries with assistance by deep state and related big data entities can do mass surveillance on hosting providers /CDN entites with AWS/Google/Cloudflare user data exfiltration to facilitate necessary traffic and data correlation attack.
3) major transit providers to datacenter hosting clear web probably now had span port enabled for quite site time on their switch to log, spoof and identify the .onion site's origin.  This isn't likely to change.
4a) DDoS is necessary to attempt to trick browser to leak information related to chipmixer session key over TLS/SSL (that can be restored / steal privatekey and chips) but since chipmixer uses minimal .js was the likelihood of success in this side-channel SSL content scrubbing trick isn't all that great.
4b) sustained DDoS would be necessary since it would compel site under DDoS (unfortunately for the adversaries Chipmixer isn't clueless) to reconsider use DDoS CDN services like Cloudflare.
4c) Once Cloudflare or similar CDN is used, all chips, sessions, and private keys can be monitored and logged by deep state, since now the privatekey is available for the SSL Cert (on *.cloudflare domains) used to serve up and fetch content proxy to chipmixer web site.  This is done with special SSL pinning appliance with cloudflare's private key tapping (span) Chipmixer scrubbed/clear traffic channel and exfiltrate IP, User Log (session), and even private key and bitcoin address of all transactions or activities involved.
5) Chipmixer Admin realize the above situation and quietly re-architect the server infrastructure to parallel a dozen of .onion mirror site with different Host/transit ISP to survive similar deep state surveillance attack in the future.  How much help Chipmixer from expert in this area forum and resources such as bitcointalk would likely determine how soon site returns to normal service.

I think you really need that remote attestation to make it useful. I'm not sure, but I suspect AMD/ARM probably have similar things, but not sure about the process. For Intels you need to register, but I don't think that's an issue (and it's free)



Actually seems up for me, just supppppper slow. So probably a big long-lasting DDoS (ugh, fuck the internet )

Is it possible to avoid using Intel's Attestation Service? (since that requires registering with Intel and so on as far as I understand how it works.)

---

I don't know if it's 2 days already (last time I checked the website was a couple days ago), but at least for the past several hours both their regular and the .onion site have been down for some reason.

If it's actually been down for 2 days, then that doesn't sound good, as ChipMixer hasn't posted any info, nor has he logged into his account in the past 24h.

 Am  I  the only one who noticed that their website is down for 2 days now?

Yeah, that doesn't matter. That's actually the attack vector Intel SGX is designed for. It protects against it by encrypting the entire memory space of the application. There's a bit of a performance hit to this (say 15% slower than a program not running in an enclave) but it's surprisingly reasonable. Although your CPU actually does physically contain that decryption key, which in theory could be extracted with physical access. As I understand it though, it's extremely hard to do so with any attempt to physically extract should destroy the data before you can do so.



No, Intel SGX provides something called "remote attestation" which you can think of Intel signing a message saying "This specific program, generated this specific value when run in a secure enclave". So if that program (which you verify matches, and doesn't log) generated a public key. You know you can now communicate with that program in a way no one else can intercept the messages.


The two immediately obvious pitfalls:

a) Intel could potentially be compelled into signing a false-attestation.
b) There's security vulnerabilities in SGX which nullify their guarantees (which has happened several times before).

Either way though, Intel has probably invested billions (?) into their secure computing so they would be extremely unhappy to see their guarantees fail in the wild.




Users wouldn't need to download anything other than the webpage, which contains a few hundred lines of javascript to serialize/deserialize encrypted messages to the known public key. Then you'd verify the public key matches what people have said actually matches the remotely attested to one.

Yeah as I interpret it, this would be more of a release of the frontend (mostly) and might not go very far towards proving openness as you'd still have to trust ChipMixer's daemon thats running on the same and the different server.

A mixer shouldn't be the only place you go to mix your coins in order to make it more private, sending funds to certain exchanges, mining rentals and gambling sites are often good additions after and between mixing. There are probanly better ideas others have come up with that I've missed, large companies holding bitcoin on a large scale aren't going to care too much if a few bitcoin go in and out every so often - some exchanges are better than others will be so remember to research if you want a good strategy.

---

On the Ddos issue if ChipMixer were to put into development a system where you download something and get a public private key pair you can then use to connect to the site over cloudflaee so it's still encrypted however there are a few main issues with this: most people mixing don't want people to know who they're connected to and that they're using a mixer, why should you download something from an anonymous source (even if you trust them it's still a bit risky) most devs in bitcoin for example have compromised their identity this can't be done here... If a decentralised anti ddos system gets put into place then these problems can be vastly mitigated but even bitcointalk goes down when it's heavily ddosed and behind a cloudflare package so it might not actually do much...

I agree, but that discussion should be held in a topic of it's own.



I don't know that this would prove anything.  Regardless of the encryption method you suggest, we must still trust that ChipMixer's code running on their server is the same code made available for public audit.  Without being granted access rights to their server (which I can't imagine happening) we're left taking their word for it.  Like we're taking them at their word that they are not logging.

This goes far above my technical knowledge, but I'm very interested to see how this would actually work. Would this still work if the owner of the website can create an exact clone of the RAM and read everything (including encryption keys) in there?

@ChipMixer have you looked into trying to provide guarantees you're not logging?


I am probably not the target audience, but I am deeply skeptical of mixers.  It would seem to me to be negligent of intelligence-agencies to not be running their own mixing services. And as none of the mixers provide any guarantees of not-logging, it seems kind of impossible for a user to know which are honeypots and which aren't.

One feasible way (AFAICT) of proving you aren't logging would be making-public the program that runs on the server. That program would not log (which people can check by looking at the source code) and it would generate a "communication key". Which would be an asymmetric encryption key that can be used to securely talk to the program. Then on your website you make a little light js client which serializes/deserializes encrypted messages from server-side program.

So now the only thing you need to do, is prove the "communication key" was generated by the program. If we know the communication key was generated by the program, then we know anything encrypted to that key can only be read by the program, and we know that program does not log. Now the cool thing is we can use Intel's SGX and remote attestation to actually prove this key was generated by this particular program.

I think put together would give users pretty strong assurances that your service is doing what it claims.


Anyway, food for thought.

I think you  did 0 research before writing your post.

1. Where do i claim that OVH  dont log anything? I said that they preserve customers privacy (dont give data easily), but they're not BF provider.
2. Chipmixer is currently hosted on vultr. Which is not any kind of bulletproof provider either, but they dont have sufficient ddos protection. Therefore moving to another one would not be any kind of issue.
3. It doesn't matter what OVH allows or doesn't. Chipmixer is already hosted on similar type of hosting of American company and seems that they do not care.
4. Running TOR Exit node results with high number of abuse complains and IP blacklist, therefore it's normal that they prohibit that - totally faulty comparison to hosting mixing service.

If you host on non-BF providers, at least move to the one which has sufficent DDOS protection.


I see that you completely aren't, since you're not even aware where chipmixer is currently hosted, and yes it's currently in Vultr cloud.

Both of them would cause severe privacy issues.

Unless you can 110% trust the cloud hoster (which really is impossible unless you run the entire hosting service as well), they shouldn't be used as they would be able to log virtually everything.

OVH doesn't even allow tor software to be ran on it's hardware, and you're claiming they don't log anything, or won't do so if they're asked by a LE?........
Are you sure you know what you're talking about at all?

You got to be kidding me... you can have processing done on other server than the one where website is hosted on.
If DDOS is disabling deposit processing logic on software level (not processing incoming deposits), it only proves amateur-job of the one who designed the system. No offense.

1. Move deposit processing to different server with IP unknown to attackers and one problem is solved.

2. DDOS can be mitigated by:
- moving it to proper hosting provider with DDOS protection
- move entire web traffic behind cloud firewall (this would cause privacy issues, so rather not).

Cost 1-3k monthly and you can mitigate most of these, but of course not all.
Eg. OVH deals very well with DDOS attempts and you do not pay anything and preserves privacy of customers.

Btw. 502 errors indicates rather resource exhaustion and weak server configuration with lack of enough workers to process incoming requests. This is little different than typical DDOS where server is totally unreachable.

I got an email and my chips credited after 7 hours after i reported the problem - thank you @chipmxier!

Probably is related to the DDoS? Servers don't run properly when they keep getting flooded by fake traffic.

Doesn't care about what? There is literally nothing he can do to mitigate these DDoS attacks. And it's way better to keep getting DDoS'ed them to implement a MITM protection that will track you and give your data to the gov.

And can keep getting more. As explained by malevolent above, he spends $60k worth of BTC per month in their signature, got hold of hundreds of BTC at once multiple times and can still keep running after 2 years. He is probably making some cash, right? So why stop when you have the reputation and a pretty good margin of profit?

Use other mixer, i dont know how you can have situation like this twice within 6 days. What is this? hot wallet not being refilled? Applications stopping to work?
Mixer is unreachable also due to DDOS for past few days (502), so i guess author does not care.. and he made enough money from it already, should be warning sign for this mixer already.

They have a small team to improve your privacy and their security. It may only be one or a few people that know each other well. If you outsource to someone they might steal your coins or compromise your clients' privacy. Also, the longer you wait the more private it becomes and its normally suggested to wait anywhere from 48 hours to a month to send a transaction so it can't be traced back to its original source (or it is at least much more difficult)...

Since months i use this service and everything was fine ... BUT

today i think i became victim of the known bug where the transaction is confirmed and there are no chips
already sent an email to the support of chipmixer ..


i dont get it why they need 4 days+ to answer an email (as i read here in the thread) ..



edit: chips got credited, watch my new post

I see that it was done step by step according to chart as i said, thanks for proof.
Yeah, family problems will be solved with customers money, when someone with gun or so come to service operator and shoot in a leg of his child/wife/etc (for example ) you'll see how it'll be solved. And you'll not able to prove that you got scammed, but i think you're not using this service for large amounts so you just creating positive background here as other signature participants do. This service based on fake trust on this forum created by signature campaign, i see answers here only from paid guys. I got enough information, thanks.
Good luck with that service, if you wanna see your deposit wallet changed someday. I'm out from this thread.

Inflows and outflows of bitcoins, estimate from a blockchain analysis company called Clain:



If their estimate is correct, at a given moment Chipmixer often holds hundreds of bitcoins on behalf of its users.

They can also afford to spend about $60k worth of BTC per month on their signature campaign, not hiring more customer support would be more an indication of them having trouble finding a person they could trust, than lacking money.

Any family problems to be solved with money also shouldn't be an issue, they must be making a lot of money from voluntary fees alone with their volume.

One time 5k btc or step by step? I bet you'll know answer after think a bit about this question   You know nothing about person running mixer, so good, that you personally don't have a scam cap, but we talking about chipmixer.
I got an answer, so we can't prove and should just rely on some anonymous person running mixer who can simply not answer for few days if something went wrong with service. If they have enough money, why support is so poor? Hard to hire few ppl? Lol.
I don't have any 'magical' suggestion, project is not opensource or so, it's business and problem should be solved by creators of service, not by me or community, i'm not getting money from it or any profit. I just pointed to obvious problem which allows mixer operator do whatever he wants w/o being catched.
And you already agreed that the problem exists, good that they have a lot of trust here, but it's still coin laundering anonymous service running by anonymous person, don't be naive, any personal problems (family problems or so) can force him to scam some deposit and you'll not able to prove it, anything can happen and customer should be protected from it, or, at least, prove that they were scammed, with current service site they can't do it.