Pages:
Author

Topic: Breaking Mixing Services - page 2. (Read 1874 times)

sr. member
Activity: 910
Merit: 351
March 07, 2019, 03:35:12 AM
#9
An important research, but why don't you spend more time on attacking Chipmixer or other mixing services (of course, ideally the biggest ones). I'm curios as how far will you be able to attack reputable mixer services and if you did succesfully hack it up, maybe we need to rework how mixing services is built.
member
Activity: 588
Merit: 10
March 06, 2019, 01:38:51 AM
#8
..thanks for sharing your information here..in the first place,,I really don't have the idea on what is mixing services and how does it goes,,until I have read your thread and found out that mixing services works like this and it can be broken..
I admire you for giving this a time to conduct research and explain to public how does mixing services or bitcoin transaction works..this is very informative,thank you again for giving us the result of your study.
legendary
Activity: 3542
Merit: 1965
Leading Crypto Sports Betting & Casino Platform
March 06, 2019, 12:27:30 AM
#7
If this is true, then you can help law enforcement to trace coins that was used in crime.   Wink

Did you find any criminal activities and terrorism funding that was presumably done with these Mixer services? Did the 3 letter agencies approach you, like they did with Gavin in the early days, to help them track some of the criminal activities that were done with these services?

Glad to hear that some Mixer services are more secure than others, because we need financial privacy.   Wink
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 06, 2019, 12:18:53 AM
#6
Thanks for sharing. I take a quick look and while you list lots of attack scenario, you forget to mention de-anonymization attack through Tor exit or VPN which leak information such as DNS request (or you intentionally left it as it's complex enough to make separate research)

You might want move this thread to Development & Technical Discussion as you'll get more people who interested or can give better feedback.

P.S. will add comment after i done read the paper or/and try python code
member
Activity: 120
Merit: 10
March 05, 2019, 06:23:43 PM
#5
Thanks for posting, this is very interesting.

Is your conclusion that the specific services have been poorly designed and their implementations are faulty or is an unbreakable mixing service impossible/hard to make?
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
March 05, 2019, 05:47:36 PM
#4
In my thesis, I attacked coinmixer.se (at the time of writing it was the biggest centralized mixing service), however - except chipmixer.io1 - every other centralized mixing service I checked could be broken in a similar fashion.

1 Chipmixer was the only centralized mixing service which I did not break fully. However, I did not put much work into checking this mixing service.

I'd be curious what your findings are if you pursue it further. I always thought Chipmixer's approach was superior to the traditional script methods because those can be extensively analyzed and repeated. With Chipmixer, outputs are broken into generic amounts and users extract private keys that aggregate to [deposit amount - donation]. Those keys can be sweeped at any time. This seems much harder to analyze.
full member
Activity: 1092
Merit: 117
March 05, 2019, 05:46:03 PM
#3
Wow, I did not expect to see this since I've used a few mixing services and never came to my mind that their algorithm could be broken. If it was to be just a regular mixing service that was recently opened than I would understand but hacking the biggest mixing service existing is a big surprise for everyone that uses it. Anyway, there are some many mixing services existing right now and it's obvious that almost all of them use the same algorithm and if you can break it then you hack 80% of the websites.
newbie
Activity: 40
Merit: 0
March 05, 2019, 04:45:18 PM
#2
Well, I believe that such research should be undertaken in details and more accurately, although I agree with a lot of the above hypotheses
copper member
Activity: 11
Merit: 325
March 05, 2019, 04:30:35 PM
#1
Hey,
more than a year ago I wrote my bachelor thesis about mixing services/anonymous bitcoin transactions (yes, bitcoin is pseudonymous).
I found some trivial bugs (timing attacks, leakages, xss, ...) through which nearly all relevant centralized bitcoin mixing services could be broken. Based on outgoing mixing transactions (transactions sent by the mixer) I was able to identify the correct incoming transactions sent by customers (vice versa).
My thesis is quite easy to understand and the bugs are also trivial, however, at the time of writing, I did not find any specific work related to these problems.

The most important conclusion of my work is, that even though a mixing service/a mixing algorithm might seem to be reliable at the moment, through a single leak/implementation fault, an attacker could be able to deanonymize any past transaction which has been processed by the mixing services. Even though the leak/implementation fault gets fixed by the service, every transaction which has been processed prior to the fix is irreversible vulnerable.

bitmixer.io & coinmixer.se are offline now, however its still possible to use the bugs I describe in my thesis to reverse nearly all transactions which have ever been processed by these services.
In my thesis, I attacked coinmixer.se (at the time of writing it was the biggest centralized mixing service), however - except chipmixer.com1 - every other centralized mixing service I checked could be broken in a similar fashion.


If there is interest in this topic, I can publish further information (source-codes, examples, ..) on this topic and attacks.


Link to my thesis (python source inside): https://www.dropbox.com/s/3yapwyfz72tvswh/BA_mixing_services.pdf?dl=0

Author: Felix Maduakor
Email: [email protected]

1 Chipmixer was the only centralized mixing service which I did not break fully. However, I did not put much work into checking this mixing service.
Pages:
Jump to: