Topic: ♻️ [banned mixer] — FAST, SECURE and RELIABLE BITCOIN MIXER (Since 2016) ⭐⭐⭐⭐⭐ - page 17. (Read 48136 times)

I've received a 100% refund. Deleted all my comments above.

A note for everyone mixing in the future, always double check the signing address before mixing.

100% refunded! I will remove all my negative previous posts about CryptoMxier.io in this forum. Thank you [banned mixer]

I have been 100% refunded!


I will remove all my negative previous posts about CryptoMxier.io in this forum.

The next time someone comes up with this company, I want to tell him something like this.

There is no company like this one.


VERY THANK YOU

Update: He wrote me on Monday., i confirmed the address. Currently i have still no refund.
I will keep you updated.

Did you get a refund??

Have you considered the possibility the attacker can claim to be a victim too? All they need is to sign a transaction from their own fake 1CrypMix address.

This possibility worries me a lot more!

We were investigating issues where users reported the wrong signing address on our website. All of this users reported that they were on our website and their connection was secured by the fake SSL-certificate. All incidents were grouped by dates March 16-17 and April 19-20. The Letters of Guarantee of this users had the same fake signing addresses listed below:

• 1CrypMixUKiXduy6J42nEzm4Z9CpJuXptS (March 16-17)
• 1CrypMix3194qKbmZBeM2TRxgBu1gorrB4 (April 19-20)
  

While the original signing address was generated back in 2016 and has never changed:

• 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM (bookmark this very address if you are reading this)

To make it clear:
 

• our servers were not hacked or compromised;
• the operations of our customers did not fall into third hands;
• this attack affected only those users who have got the fake signing address.

To understand what have happen to this users and how to avoid it for yourself, kindly read further.

Background

The Internet is a global network in enabling any connected host, identified by its unique IP address, to talk to any other, anywhere in the world. This is achieved by passing data from one router to another, repeatedly moving each packet closer to its destination. To do this, each router must be regularly supplied with up-to-date routing tables. At the global level, individual IP addresses are grouped together into "prefixes".

These prefixes are originated, or owned by an autonomous systems (AS) - groups of networks that operate under a single external routing policy.  For example, Sprint, Verizon, and AT&T each are an AS. Border Gateway Protocol (BGP) is the standard routing protocol used to exchange information about IP routing between autonomous systems.

Each AS uses BGP to advertise prefixes that it can deliver traffic to. For example, if the network prefix 192.0.2.0/24 , then that AS will advertise to its provider(s) and/or peer(s) that it can deliver any traffic destined for 192.0.2.0/24.

The problem is, by default the BGP protocol is designed to trust all route announcements sent by peers, and only few ISPs rigorously enforce checks on BGP sessions through security extensions available for BGP, and third-party route DB resources.

What is BGP hijacking?

BGP hijacking can occur deliberately or by accident in one of several ways:

• An AS announces that it originates a prefix that it does not actually originate.
• An AS announces a more specific prefix than what may be announced by the true originating AS.
• An AS announces that it can route traffic to the hijacked AS through a shorter route than is already available, regardless of whether or not the route actually exists.

Common to these ways is their disruption of the normal routing of the network: packets end up being forwarded towards the wrong part of the network and then are found at the mercy of the offending AS. When an AS announces a route to IP prefixes that it does not actually control, this announcement, can spread and be added to routing tables in BGP routers across the Internet. It would be like claiming territory if there were no local government to verify and enforce property deeds.

Typically ISPs filter BGP traffic, allowing BGP advertisements from their downstream networks to contain only valid IP space. However, a history of hijacking incidents shows this is not always the case. There have been many examples of deliberate BGP hijacking:

• https://en.wikipedia.org/wiki/BGP_hijacking#Public_incidents
• https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/

What happened to our users?

During our investigation, we have found out that on the dates corresponding to the incidents one of the AS was broadcasting to BGP the fake route for our servers network and that route was used by some of ISPs (you can click diagrams for details).  


This way attackers rerouted HTTP-traffic to their servers, deceived the verification system of the global Certification Authority (CA) lettercrypt.org and issued a fake Domain Validation (DV) certificate, and were able to send the victims HTTPS-traffic to their servers either.  

It may seem surprising that the operator of a large network or group of networks, many of which are ISPs, would brazenly undertake such malicious activity. But considering that by some counts there are now over 80,000 autonomous systems globally, it is not surprising that some would be untrustworthy.

How to defend yourself?

Because BGP is built on the assumption that interconnected networks are telling the truth about which IP addresses they own, BGP hijacking is nearly impossible to stop at one moment. Though security extensions such as Resource Public Key Infrastructure (RPKI) are available for BGP, are still not widely deployed and adoption will takes time. It is very important to understand that the clear Internet infrastructure is dramatically insecure. You can face it both in cryptocurrency and the fiat worlds.

What you can do to make sure that the Letter of Guarantee has been generated not by third side, besides bookmarking our signing address and checking the signature, is to check the signing address provided in the Letter of Guarantee on the blockchain explorer. Our original signing address has been generated back in 2016 and has 32 pages of donation transactions on about 40 BTC in total and has never changed:

• https://www.blockchain.com/btc/address/1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM

You will easily see if it is the freshly new generated address of scammers, like this one:

• https://www.blockchain.com/btc/address/1CrypMixUKiXduy6J42nEzm4Z9CpJuXptS

What will happen to victims of this incident?

We value our customers and their trust very high and do not want to leave them as victims in this situation. During coming days we will contact affected users and offer them an option to compensate the lost funds. We are aimed to provide the compensation till the end of this month. If you haven't contacted me or support@[banned mixer] yet, get in touch and provide the LOG on your operation.

More info

• https://en.wikipedia.org/wiki/BGP_hijacking
• https://www.cloudflare.com/learning/security/glossary/bgp-hijacking/
• https://blog.cloudflare.com/bgp-leaks-and-crypto-currencies/

Lost 0.607 BTC still no refund! I think the site is scamming unfortunately.

If the server is hacked, obviously the attacker can change the signing address as mentioned on the site. That makes it difficult to know with certainty which is the official signing address. At this moment, cryptomixns23scr.onion/faq.html shows 1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM, and was confirmed in this unedited post:
This address (1CrypMixXWtTjYGCM5ZJmyQYP1Y39P7aLM) was posted in this topic in 2016 by several users.
I'll leave neutral feedback with this information.


Stay vigilant!

I got this answer:


I definitely have the right URL because I have it bookmarked and have been using it for many years. My bookmark is: https://[banned mixer]/

If their server was hacked, they have to give us our money. This is FRAUD!!!!!!!!

I have sent 0.01234921 BTC to this address 14qxxxxxxxxQK1xxxxxxxxdxxxxxxxxxfs

Another person also got this address and this person sent 0.01823139 BTC

I have not made a mistake! I trusted them and now I have big problems! I want my money back! Show your pride and send the money! Can a moderator please write an Official Warning on page 1 so other people don't lose their money?


We await an official statement!

I understand this is a very difficult situation.
So I won't rush you.
However, if you are thinking about how anxious your customers must be, I think you should upload the progress in detail.

I know you're gonna claim to be a victim, too. But what's wrong with customers who trust you and use you?

I'll wait for the wise. I hope you take advantage of this opportunity to make your company bigger.

I have now also written an email to support@[banned mixer] and I hope for a response.

Hello guys, unfortunately [banned mixer] has not answered me yet. 
I am still waiting for your PM @ [banned mixer]

I will keep you  updated on this issue.

On February 4th I lost approx. 0.22 BTC to this attack.  I reported it here: https://bitcointalksearch.org/topic/m.56269625

Today, approx. 2 weeks after I emailed and PMed them, I received a full refund for the loss into one of my source wallets!

[banned mixer], you guys are true honest legends!

Using an online tool to verify a Letter of Guarantee is terrible for your privacy. You should use your own wallet to verify the signed message.

He was online but did not reply and not receive BTC. I still have hope, maybe tomorrow everything will be fine. I HOPE VERY 

or just dont use the mixer with 5+ pages of scam accusations / people losing money  on the thread....

if you look back on this thread, the issue has been happening since February. this is clearly selective scamming going on by them, or their servers have been hacked 3+ times in the past few months (which seems unlikely, and is just as good of a reason to not use this mixer... )

Kindly, PM me with the transaction details. If you have got no reply on your email it hasn't reached us.


Check your PM, I have already answered you.