Topic: ♻️ [banned mixer] — FAST, SECURE and RELIABLE BITCOIN MIXER (Since 2016) ⭐⭐⭐⭐⭐ - page 29. (Read 48136 times)

Credits: This update include 'PrivacyImportant' and 'Feqlizer' proposals, listed below

Instead of full percentages (1%,2%,3%,...) it is much better to have 1.5%, 1.8%, 2.5%,...

I registered this account to share my findings.

Once a lot people mention some weak points of your service I tried to code a little.

I wrote a simple js script sending random cryptomixer codes to server. The server responds with a discount for each code. Running script for about two hours I succeeded to found the code with 0.1% discount: 34ntw. Anyone can check it, though they likely delete the code soon after posting.

My message to cryptomixer: please guys, improve your server responses. You can restrict the rate per IP, for example. Turns out that 5 letters code does not give you good level of security.

We expect to deliver this update before Apr, 3.

Add a small randomly chosen amount to your transaction fee.
Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

Every repayment delay should be modified with absolutely random "time noise" which would be hard to quantize.

This is not my alt account. I have registered specially for this case. I may suggest better way of confirmation. I keeped your signed letters of guarantee. I will PM one of it to you shortly so you can ascertain everything yourself.

Do you use single key for all your outgoing addresses permanently? How did he found them all? I find all this case disturbing.

Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

What is this?

CRYPTOMIXER - UNRELIABLE! STOP USING IT! SERVICE COMPROMISED!

LIST OF ALL OUTCOMING ADDRESSES FOR THE LAST MONTH:

https://...

Don't let the fact, that we are implementing the proposed measures confuse you. Cryptomixer offers ones the most advanced and secure mixing algorithms. As I already said we are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. We are building the Cryptomixer with inputs from the forum community to make transactions safer and untraceable while contributing towards privacy over internet transactions. The improvements proposed by "PivacyImportant" member will really bring even more security to Cryptomixer in certain cases.

You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!

I am using your service for a long time now and I am very satisfied with it. But lately I have been investigating possibilities to track transactions which were send over mixing services and I found two possible attack vectors to cluster transactions which were mixed with your service.

The first one is less effective but there is still a decent risk. The transaction fees of your service are constant when the transaction has the same size. For example three transactions with one input and two output addresses had the same size of 42.598 sat/B. Obviously the fees vary when there are more input addresses but most of the time I received transactions with one input two output and the fees were constant.

The second is more severe. Let's say we have a setup of x-forward addresses and all of them are differently delayed in time. Normally you should think that this setup is bullet proof but it isn't. As the delay steps in your service are hour based and your service is sending the transactions at exactly the same time just hourly shifted (for example: 01-01 21:10:21, 01-01 14:12:20, 01-01 03:12:18) it is easy to cluster all transactions which are connected to one mixing step. With the help of the first attack vector the analysis becomes even more effective.

With the help of those information it should be no big deal for future blockchain analysis techniques to track down the source of mixed coins. This is a big risk for a mixing service which should offer a high grade of privacy.

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

Sounds great, especially the SegWit support, but could you already estimate when this update will roll out (days, weeks, months)?

It would be nice to see these improvements implemented as fast as possible so that anybody using your service receives a far better privacy. Can I somehow speed up this process by helping to implement those changes or send you some financial support?

Sad to see that still nothing has changed. I don't want to overexagerate but as long as this hasn't been fixed