Pages:
Author

Topic: ♻️ [banned mixer] — FAST, SECURE and RELIABLE BITCOIN MIXER (Since 2016) ⭐⭐⭐⭐⭐ - page 29. (Read 48175 times)

newbie
Activity: 5
Merit: 0
Credits: This update include 'PrivacyImportant' and 'Feqlizer' proposals, listed below
Thanks a lot! It is very nice to see such fast response.

Instead of full percentages (1%,2%,3%,...) it is much better to have 1.5%, 1.8%, 2.5%,...
Seems to be very good proposal! And also modify it with little random noise.

I would like to attract your attention to another little security breach. Setting variable fee of your service feature obviously makes tracing of mixed coins more difficult. But value of your fee is still partially predictable because its displacement amplitude depends on slider width. This trait reduces randomness of your fee severely.

For instance, I found these constant fee values for half a minute:
0.5000%, 0.5019%, 0.5038%, 0.5056%, 0.5067%, ... so on.

If you add random fee noise for each mixing session it will notably increase tracing difficulty.
newbie
Activity: 9
Merit: 1
Thanks for implementing all mentioned changes. I have another suggestion to futher improve the privacy offered by your service. If you use 10 change addresses there aren't that many possibilities to split the distribution percentages. Please make them more precise. Instead of full percentages (1%,2%,3%,...) it is much better to have 1.5%, 1.8%, 2.5%,...
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
I registered this account to share my findings.

Once a lot people mention some weak points of your service I tried to code a little.

I wrote a simple js script sending random cryptomixer codes to server. The server responds with a discount for each code. Running script for about two hours I succeeded to found the code with 0.1% discount: 34ntw. Anyone can check it, though they likely delete the code soon after posting.

My message to cryptomixer: please guys, improve your server responses. You can restrict the rate per IP, for example. Turns out that 5 letters code does not give you good level of security.

Good job, motherhacker! No, we are not intend to delete the code) Everybody can use it to get a discount. To make it clear, we are giving discounts to stimulate the usage of cryptomixer codes. The first time customer interacts with our system, it is given a code. This code is then used to ensure that this customer's coins are not mixed with any of the previous coins sent by him to our reserves during future transactions. In a simple words, to prevent the scripts to give you, your coins back. Though it is not a security breach, because it doesn't compromise any sensitive data - it only let somebody get a discount, you made a great research and I would like to thank you! Your proposal sounds reasonable and we will include it in one of upcoming updates.
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
RELEASE ANNOUNCEMENT

Sounds great, especially the SegWit support, but could you already estimate when this update will roll out (days, weeks, months)?
We expect to deliver this update before Apr, 3.

Website has been updated!

This update enables more precise & variable delays, variable network fees and better output distribution. The support of SegWit-addresses that was announced is shifted to the end of month.

Credits: This update include 'PrivacyImportant' and 'Feqlizer' proposals, listed below:

Add a small randomly chosen amount to your transaction fee.
Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.
Every repayment delay should be modified with absolutely random "time noise" which would be hard to quantize.

Thank you all for the cooperation! Feel free to mix your coins.
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
This is not my alt account. I have registered specially for this case. I may suggest better way of confirmation. I keeped your signed letters of guarantee. I will PM one of it to you shortly so you can ascertain everything yourself.

Thank you for cooperation. I confirm that I have got your PM message. We will carefully check everything.
newbie
Activity: 5
Merit: 1
I registered this account to share my findings.

Once a lot people mention some weak points of your service I tried to code a little.

I wrote a simple js script sending random cryptomixer codes to server. The server responds with a discount for each code. Running script for about two hours I succeeded to found the code with 0.1% discount: 34ntw. Anyone can check it, though they likely delete the code soon after posting.

My message to cryptomixer: please guys, improve your server responses. You can restrict the rate per IP, for example. Turns out that 5 letters code does not give you good level of security.

newbie
Activity: 5
Merit: 0
This is not my alt account. I have registered specially for this case. I may suggest better way of confirmation. I keeped your signed letters of guarantee. I will PM one of it to you shortly so you can ascertain everything yourself.
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
Do you use single key for all your outgoing addresses permanently? How did he found them all? I find all this case disturbing.

No we do not use single key. It seems to be some random list of addresses. We still haven't got any confirmation on this list as we do not have the ability to check it and the author hasn't contacted us. As you seems to be the real cryptomixer customer who follow the tread, kindly contact me directly with you real account (not this alt) to confirm some details. This will help us to to dig into this issue.
newbie
Activity: 5
Merit: 0
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.
I do not think this will resolve issue. Does it matter that repayment delay step is hour or minute or second? It does not. Every repayment delay should be modified with absolutely random "time noise" which would be hard to quantize.
newbie
Activity: 5
Merit: 0
What is this? Smiley
Hello! It seems to be real list of outgoing addresses of your service. I did use your services last month and found my addresses in this list. If last poster tried to confuse some of your customers he succeed at least in my case.

Do you use single key for all your outgoing addresses permanently? How did he found them all? I find all this case disturbing.
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
CRYPTOMIXER - UNRELIABLE! STOP USING IT! SERVICE COMPROMISED!

LIST OF ALL OUTCOMING ADDRESSES FOR THE LAST MONTH:

https://...

What is this? Smiley We do respect our competitors and ask for the same. Don't confuse forum members with this

Anyway, we used to treat security issues with all respect. If you believe that you have any security-related issue, kindly contact support. Thank you
newbie
Activity: 1
Merit: 0
CRYPTOMIXER - UNRELIABLE! STOP USING IT! SERVICE COMPROMISED!

LIST OF ALL OUTCOMING ADDRESSES FOR THE LAST MONTH:

https://justpaste.it/1ik93


jr. member
Activity: 65
Merit: 1
You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!

Don't let the fact, that we are implementing the proposed measures confuse you. Cryptomixer offers ones the most advanced and secure mixing algorithms. As I already said we are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. We are building the Cryptomixer with inputs from the forum community to make transactions safer and untraceable while contributing towards privacy over internet transactions. The improvements proposed by "PivacyImportant" member will really bring even more security to Cryptomixer in certain cases.

You have to admit that at the moment your mixer does not meet the high requirements for anonymity.
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!

Don't let the fact, that we are implementing the proposed measures confuse you. Cryptomixer offers ones the most advanced and secure mixing algorithms. As I already said we are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. We are building the Cryptomixer with inputs from the forum community to make transactions safer and untraceable while contributing towards privacy over internet transactions. The improvements proposed by "PivacyImportant" member will really bring even more security to Cryptomixer in certain cases.
jr. member
Activity: 65
Merit: 1
I am using your service for a long time now and I am very satisfied with it. But lately I have been investigating possibilities to track transactions which were send over mixing services and I found two possible attack vectors to cluster transactions which were mixed with your service.

The first one is less effective but there is still a decent risk. The transaction fees of your service are constant when the transaction has the same size. For example three transactions with one input and two output addresses had the same size of 42.598 sat/B. Obviously the fees vary when there are more input addresses but most of the time I received transactions with one input two output and the fees were constant.

The second is more severe. Let's say we have a setup of x-forward addresses and all of them are differently delayed in time. Normally you should think that this setup is bullet proof but it isn't. As the delay steps in your service are hour based and your service is sending the transactions at exactly the same time just hourly shifted (for example: 01-01 21:10:21, 01-01 14:12:20, 01-01 03:12:18) it is easy to cluster all transactions which are connected to one mixing step. With the help of the first attack vector the analysis becomes even more effective.

With the help of those information it should be no big deal for future blockchain analysis techniques to track down the source of mixed coins. This is a big risk for a mixing service which should offer a high grade of privacy.

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!
newbie
Activity: 98
Merit: 0
Hello! I am available for franch and Arabic translation .Whether you need it please contact me on telegram @backobtc thank you  I'm waiting for your response
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
Sounds great, especially the SegWit support, but could you already estimate when this update will roll out (days, weeks, months)?

We expect to deliver this update before Apr, 3.
newbie
Activity: 9
Merit: 1
Sounds great, especially the SegWit support, but could you already estimate when this update will roll out (days, weeks, months)?
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

These improvements sound reasonable. We are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. Thank you for your feedback!

It would be nice to see these improvements implemented as fast as possible so that anybody using your service receives a far better privacy. Can I somehow speed up this process by helping to implement those changes or send you some financial support?


We are working on improvements that will cover your risk cases. We will roll out this update together with SegWit support.

Your help will be highly appreciated during the production tests. I'll contact you directly as soon as we would be ready. Thank you
full member
Activity: 312
Merit: 127
Ever used CryptoMixer? Leave your feedback ↓
Sad to see that still nothing has changed. I don't want to overexagerate but as long as this hasn't been fixed

Sorry for the late response. I was sure, I have answered your last message.
Pages:
Jump to: