Author

Topic: Can Bitcoin Mixer services be trusted? (Read 624 times)

legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
April 19, 2022, 06:15:42 AM
#45
I would guess that a large majority of the users who utilize these services are petty criminals who are laundering small amounts of stolen funds.



Chainalysis say only 8.1%, https://e-cryptonews.com/chainalysis-most-mixed-bitcoin-not-used-for-illicit-purposes/.

That point aside, you have to assume that government agencies such as the IRS have likely already setup their own mixing services as honeypots or are monitoring mixing services to go after any large transactions they are able to trace (which is easier than you think).

You don't need to assume, mixer which use CloudFlare can be considered as honeypot and government already hire blockchain analysis service (such as Chainalysis) to trace all Bitcoin transaction. But how accurate their service is different case since each mixer have different way to break the link.
hero member
Activity: 2786
Merit: 657
Want top-notch marketing for your project, Hire me
April 22, 2022, 09:15:42 AM
#43
That's why you see those wearing mixing service signatures constantly harassing attempted scammers who are not covering their tracks by paying a % of their stolen funds to mixing services.
Who exactly is harassing attempted scammers here, can you mention some names please?
I can also assume the similar thing for members who are wearing gambling signatures, they could also be criminals who are using stolen funds for gambling and washing their coins.
Government could also use gambling websites like stake as honeypot, that is ever worse if we know they could ask your verification documents at any time.
Wearing tumbler or gambling site signatures or not, I believe no one support scam or any bad habit but the truth worth telling.

Technically it's ridiculous for a criminal with stolen crypto funds not to make use of crypto tumbler or any privacy method and it reminds me of the TikTok queen that was arrested last year (if i can remember correctly) due to her involvement in a crypto scam fund. It was childish of her to have made use of a crypto ATM for the stolen funds.

legendary
Activity: 2212
Merit: 7064
April 19, 2022, 09:01:39 AM
#42
That's why you see those wearing mixing service signatures constantly harassing attempted scammers who are not covering their tracks by paying a % of their stolen funds to mixing services.
Who exactly is harassing attempted scammers here, can you mention some names please?
I can also assume the similar thing for members who are wearing gambling signatures, they could also be criminals who are using stolen funds for gambling and washing their coins.
Government could also use gambling websites like stake as honeypot, that is ever worse if we know they could ask your verification documents at any time.

Chainalysis say only 8.1%
I can't wait to hear what are the sources for his claims... maybe a hunch or a gut feeling Cheesy
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
April 18, 2022, 02:18:21 PM
#41
I think that's a lot of bullshit.
Which thing? Their intention to protect their privacy? The mixing services? Privacy in general?
donator
Activity: 4760
Merit: 4323
Leading Crypto Sports Betting & Casino Platform
April 18, 2022, 01:58:26 PM
#40
I believe that when it comes to privacy and anonymity, you can't trust anyone at all. So what kind of information can a bitcoin mixer service get?

This is a very good point with relation to mixing services.  A lot of people talk about how they use the services for privacy reasons.  I think that's a lot of bullshit.  I would guess that a large majority of the users who utilize these services are petty criminals who are laundering small amounts of stolen funds.  That's why you see those wearing mixing service signatures constantly harassing attempted scammers who are not covering their tracks by paying a % of their stolen funds to mixing services.  That point aside, you have to assume that government agencies such as the IRS have likely already setup their own mixing services as honeypots or are monitoring mixing services to go after any large transactions they are able to trace (which is easier than you think).  I imagine at some point in the future there will be a massive sting and a lot of people are going to get caught up using these services.  That or they will shut down and run once they realize they've been compromised and take any funds they're mixing with them.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
April 18, 2022, 11:53:06 AM
#39
The ETH smart contract cannot observe the BTC blockchain.
I understand. Thank you for reminding me of this. Smiley  In my idea, networks BTC and ETH do not intersect in any way. Iintermediary program, which, just does not allow one of the parties (mixer and user) to scam, connects ETH and BTC networks (conditionally), checks the receipt of the required amount to the addresses, controls the fulfillment of the conditions.  
This program would need to be a smart contract though, right?
Probably yes.

Otherwise who is running that program? How could one of the parties trust that the other party is running it correctly?
I would gladly answer if I knew the answers to your questions and had the technical experience to do so. I proposed the idea in general terms without having any idea how it could be implemented. Perhaps experts in the field could answer or have already answered, as in the case of submarine swap.
 
No need to apologize! I'm really interested in this topic and glad to discuss. If you've got more thoughts on submarine swaps or other, maybe better ideas for these cross-chain swaps and using them for mixing, keep the discussion going!
The discussion really turned out to be interesting and I learned about such curious things as submarine swap. I am also increasingly inclined to think that mixing services will need to change, become more complex and evolve over time in order to be able to provide their customers with the best possible privacy. I think after a while we will be able to see and try mixing services v.2.0.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
March 31, 2022, 09:11:20 AM
#38
[...]
Doesn't that require you to already have a channel with the amount you want to mix, so that you can immediately exchange LN-BTC for BTC? Also, what about the time? It plays a big role when it comes to privacy. If a chain analysis company routed a 0.16 BTC payment it could be far nearer to the new address. (That received money few seconds/minutes later)
You don't need a single channel; in fact it would even better if your channels are smaller than the mixed amount, because then it's guaranteed that the payment has to be split in multiple smaller ones.
But in general anything a little bit larger usually takes multiple different paths to its destination.

As I said, when it comes to correlating input / output sizes, you can break that by choosing random amounts that are sent to the LN wallet in different time intervals (network topology also changes over time) and sent back out at different time intervals and in different sizes than what 'comes into' the LN wallet as well.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 30, 2022, 12:21:16 PM
#37
[...]
Doesn't that require you to already have a channel with the amount you want to mix, so that you can immediately exchange LN-BTC for BTC? Also, what about the time? It plays a big role when it comes to privacy. If a chain analysis company routed a 0.16 BTC payment it could be far nearer to the new address. (That received money few seconds/minutes later)
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
March 30, 2022, 08:25:05 AM
#36
Yeah, well, except if you construct a mixer that is indeed based on commitments and / or smart contracts that run on the blockchain.
I don't think there's a way to do that and gain the same privacy you would (without any on-chain connection). There are solutions which improve your privacy non-centrally, such as JoinMarket, but the inputs and the outputs have an on-chain connection.

I'd be appreciated if you explained how could this work, but as far as I can tell it's impossible unless we entangled it with the Lightning Network which would then create other kind of problems (such as liquidity).
You could also argue that building something that leverages the LN for mixing would increase its usage and motivate more liquidity!
The idea would be something like:

Code:
         payments usually  ┌────────────────────────┐
         split into        │                        │
         multiple routes   │                        │
        ┌─────────────────►│  Lightning             ├─────────────────┐
        │                  │  Network               │                 │
        │                  │                        │                 │
        │                  │                        │                 │
        │submarine swap    └────────────┬───────────┘   submarine swap│
        │                               │   ▲                         │
        │                               ▼   │                         ▼
┌───────┴──────────┐       ┌────────────────┴───────┐       ┌──────────────────┐
│ On-Chain input   │       │ Intermediary LN wallet │       │Destination       │
│ address          │       │                        │       │On-chain address  │
└──────────────────┘       └────────────────────────┘       └──────────────────┘

The idea about the intermediary LN wallet is that you could 'swap in' different amounts than the ones you 'swap out' and spread them over time by adding time checks (locktime) to the output scripts of the submarine swaps.

There wouldn't be a direct connection between outputs and inputs in this scenario, since it is all obfuscated through the LN's off-chain transactions. The outputs could also arrive at different unrelated on-chain addresses so that it will super hard to correlate input amounts and output amounts. The whole thing will also blend in super well with regular LN usage and regular LN submarine swaps, compared to potentially suspicious '0.007888BTC' transactions that are obviously ChipMixer chips for instance.
The only attack would be something involving controlling lots of LN nodes and tracking LN payments; so an attack on LN itself. At least the way I see it.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 30, 2022, 02:10:42 AM
#35
Yeah, well, except if you construct a mixer that is indeed based on commitments and / or smart contracts that run on the blockchain.
I don't think there's a way to do that and gain the same privacy you would (without any on-chain connection). There are solutions which improve your privacy non-centrally, such as JoinMarket, but the inputs and the outputs have an on-chain connection.

I'd be appreciated if you explained how could this work, but as far as I can tell it's impossible unless we entangled it with the Lightning Network which would then create other kind of problems (such as liquidity).
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
March 29, 2022, 06:13:49 PM
#34
if you give access to ETH before receiving the BTC, the user can scam you,
To avoid this, an intermediary program is needed, which will unfreeze access to ETH only after BTC is received.
This program would need to be a smart contract though. I do count Bitcoin scripts as smart contracts.
The issue is that neither chain's contracts can access the other chain's contracts. So any system that requires 'monitoring the other chain' won't work. Hence the commitment-style implementation that Submarine Swaps use is so far the best idea that I came across for swaps across chains.

The ETH smart contract cannot observe the BTC blockchain.
I understand. Thank you for reminding me of this. Smiley  In my idea, networks BTC and ETH do not intersect in any way. Iintermediary program, which, just does not allow one of the parties (mixer and user) to scam, connects ETH and BTC networks (conditionally), checks the receipt of the required amount to the addresses, controls the fulfillment of the conditions. 
This program would need to be a smart contract though, right? Otherwise who is running that program? How could one of the parties trust that the other party is running it correctly?

It is possible and if so, then I apologize that I wasted your time with "inventing the wheel". Smiley I don't know anything about submarine swap or and first saw the term in your post, but I'll look through your links and try to learn more about it. 
No need to apologize! I'm really interested in this topic and glad to discuss. If you've got more thoughts on submarine swaps or other, maybe better ideas for these cross-chain swaps and using them for mixing, keep the discussion going!

To avoid this, an intermediary program is needed, which will unfreeze access to ETH only after BTC is received.
What he's telling you is that there's still trust from either the user or the service the way you say it.
Yeah, well, except if you construct a mixer that is indeed based on commitments and / or smart contracts that run on the blockchain.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 29, 2022, 04:11:57 AM
#33
To avoid this, an intermediary program is needed, which will unfreeze access to ETH only after BTC is received.
What he's telling you is that there's still trust from either the user or the service the way you say it. There are ways to trade trustlessly, such as with submarine swaps, but there's no way I know to give a mixer access to your money and get them back, mixed, without having to trust they won't rip you off.

Remember: They need to create outputs with your money and therefore, you need to hand them out. Afterwards, it's part of their service.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
March 29, 2022, 03:44:37 AM
#32
~
I don't think that smart contracts work between chains. Depositing currency into a smart contract is literally done by sending it to the contract's address. Since you can't send BTC to an ETH address, that won't work.
You misunderstood my point. Smiley I'm not suggesting sending BTC to ETH address.
It is enough to automate the following:
- BTC arrived at the account of mixer.
- In parallel, a smart-contract with ETH is created for the user.
- This frozen ETH acts as a guarantee for the user. If he doesn't receive BTC from the mixer exit, he will be able to pick up ETH.

BTC and ETH chains are independent of each other, but an intermediary program appears between them, which performs all actions. For example, it analyzes BTC receipt to the mixer's address, creates a smart-contract with ETH, etc.
You need a trustless way to do this though;
Undoubtedly, you are right and the method must be extremely reliable so that neither side can deceive the other. Without this, the whole idea becomes meaningless.

if you give access to ETH before receiving the BTC, the user can scam you,
To avoid this, an intermediary program is needed, which will unfreeze access to ETH only after BTC is received.

if you only hand out the ETH after receiving, you can scam the user.
This is what a smart contract is for. The intermediary program, when sending BTC to the desired address (but not yet fully confirmed by the network), creates a smart contract with the conditions "freeze the equivalent of the amount ETH sent by the user to BTC for the period of waiting for confirmation." After BTC arrives at the address, the intermediary program will unfreeze ETH account. Or, the program will not be able to influence the smart contract after it is created (which should be more reliable), and the account will unfreeze after a certain time, sufficient to confirm transaction BTC.

This is only a draft version, completely devoid of grace for solving the desired problem.

The ETH smart contract cannot observe the BTC blockchain.
I understand. Thank you for reminding me of this. Smiley  In my idea, networks BTC and ETH do not intersect in any way. Iintermediary program, which, just does not allow one of the parties (mixer and user) to scam, connects ETH and BTC networks (conditionally), checks the receipt of the required amount to the addresses, controls the fulfillment of the conditions.

You would need something like a preimage / commitment that is opened by the receiver, thus giving access to the sender; just like it is done in Lightning Network and submarine swaps.
Yes, commitment sounds the closest.

It is possible and if so, then I apologize that I wasted your time with "inventing the wheel". Smiley I don't know anything about submarine swap or and first saw the term in your post, but I'll look through your links and try to learn more about it. 
HCP
legendary
Activity: 2086
Merit: 4363
March 29, 2022, 01:25:27 AM
#31
Perhaps there could be some way to implement this as a Layer 2 solution that would enable some sort of "trustless" mechanism to enforce the transfers etc? Huh

hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
March 28, 2022, 04:18:14 PM
#30
~
I don't think that smart contracts work between chains. Depositing currency into a smart contract is literally done by sending it to the contract's address. Since you can't send BTC to an ETH address, that won't work.
You misunderstood my point. Smiley I'm not suggesting sending BTC to ETH address.
It is enough to automate the following:
- BTC arrived at the account of mixer.
- In parallel, a smart-contract with ETH is created for the user.
- This frozen ETH acts as a guarantee for the user. If he doesn't receive BTC from the mixer exit, he will be able to pick up ETH.

BTC and ETH chains are independent of each other, but an intermediary program appears between them, which performs all actions. For example, it analyzes BTC receipt to the mixer's address, creates a smart-contract with ETH, etc.
You need a trustless way to do this though; if you give access to ETH before receiving the BTC, the user can scam you, if you only hand out the ETH after receiving, you can scam the user.
The ETH smart contract cannot observe the BTC blockchain.

You would need something like a preimage / commitment that is opened by the receiver, thus giving access to the sender; just like it is done in Lightning Network and submarine swaps.

I think your mixer idea just boils down to doing a submarine swap.

Maybe have a look into those.
There's also a video presentation by Alex Bosworth. Not sure if it's good, though.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
March 28, 2022, 04:14:11 PM
#29
~
I don't think that smart contracts work between chains. Depositing currency into a smart contract is literally done by sending it to the contract's address. Since you can't send BTC to an ETH address, that won't work.
You misunderstood my point. Smiley I'm not suggesting sending BTC to ETH address.
It is enough to automate the following:
- BTC arrived at the account of mixer.
- In parallel, a smart-contract with ETH is created for the user.
- This frozen ETH acts as a guarantee for the user. If he doesn't receive BTC from the mixer exit, he will be able to pick up ETH.

BTC and ETH chains are independent of each other, but an intermediary program appears between them, which performs all actions. For example, it analyzes BTC receipt to the mixer's address, creates a smart-contract with ETH, etc.


hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
March 28, 2022, 03:15:42 PM
#28
~
I don't think that smart contracts work between chains. Depositing currency into a smart contract is literally done by sending it to the contract's address. Since you can't send BTC to an ETH address, that won't work.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
March 28, 2022, 02:37:30 PM
#27
Yes, this is a risk. When you deposit coins to any exchange, casino, mixer, etc., then you are giving up custody of them. This is a risk I am willing to accept with ChipMixer due to a number of reasons: Firstly, I am mixing small amounts of coins at a time and not leaving amounts I can't afford to lose in the custody of a mixer, and secondly, they have mixed hundreds of thousands of bitcoin over the years without a single incident of loss or theft.
I am sure someone will create a way to reduce the risk soon, maybe something similar like Bisq is doing but used for mixing of coins, like you mentioned before.
Maybe we should all start thinking out of the box for solving this problem.
Is it possible to use something similar to a smart-contract for this? I understand that this is not ETH and there is no such feature on the BTC network.

But what if something similar is applied?

User sends BTC from address 1 to mixer. At this point, a smart-contract is created on the ETH network (or any other, on the basis of which it can be implemented), equivalent amount (in ETH) sent by user BTC is frozen.

The conditions will be as follows:
1 - if user receives BTC at the address 2, then the deposit from the smart-contract is returned to mixer.
2- if user didn't receives BTC at the address 2 after the allotted time, then the user receives a deposit from the smart-contract in ETH.

In the worst case scenario, the user lost BTC, but gained ETH, the equivalent of $. If desired, user will be able to exchange ETH for BTC in some exchanger. Yes, there will be partial losses, but this is not a loss of 100% of the amount sent from address 1.

Also, all this will create additional costs (for example, the same commissions for transactions), which will ultimately affect the end user.

I don't pretend to be a genius idea (quite the contrary), but there is such a cool thing as smart-contracts that can possibly solve the trust problem, including with mixers. If it is impossible to implement a mechanism to protect the user from losing he's BTC when interacting with mixers, on its basis, then why not take advantage of the possibilities of other technologies?

Firstly, I am mixing small amounts of coins at a time and not leaving amounts I can't afford to lose in the custody of a mixer,
The issue of trust (reliability) to mixers would also save users from such unnecessary actions. Why send in parts of 10 transactions when you can send the entire amount you need in a "couple of clicks".

This can also reduce the unnecessary operational burden from mixers (they will still receive the same commission as from one large transaction or many small ones, but for the same amount), therefore, the issue of trust for them also remains relevant.
legendary
Activity: 2212
Merit: 7064
March 27, 2022, 12:35:01 PM
#26
Yes, this is a risk. When you deposit coins to any exchange, casino, mixer, etc., then you are giving up custody of them. This is a risk I am willing to accept with ChipMixer due to a number of reasons: Firstly, I am mixing small amounts of coins at a time and not leaving amounts I can't afford to lose in the custody of a mixer, and secondly, they have mixed hundreds of thousands of bitcoin over the years without a single incident of loss or theft.
I am sure someone will create a way to reduce the risk soon, maybe something similar like Bisq is doing but used for mixing of coins, like you mentioned before.
Maybe we should all start thinking out of the box for solving this problem.

I believe there's a market for a LN-based mixing service. Not sure if it might require an extension of LN and / or Bitcoin, but it should be possible without. Basically a way to submarine-swap on-chain funds into different LN channels, maybe even splitting it and having it arrive in multiple different LN wallets / nodes using https://bolt12.org/ invoices for instance. Then, similarly to ChipMixer chips, you can submarine-swap them all at once or over time as you need them, back into an on-chain wallet.
I believe Lightning Network will be much more popular in near future, especially after I saw then news that USDT recently got it's first transaction on LN using OMNI Layer and Bitcoin-powered service provider Synonym.
This will bring more liquidity to Lightning Network, and even if I am not a fan of any stable coins that are not really stable if we know that inflation is growing every day, but it will bring more attention for sure.
I think that Chipmixer or some other mixing service can improve in future and bring some version two that would make it much safer for everyday users.
Chainalysi and other tracking companies are working non-stop with new ways to track mixers and LN, but don't think for a second that good developers are not thinking of new ways for improving their service.
hero member
Activity: 924
Merit: 5943
not your keys, not your coins!
March 27, 2022, 09:21:59 AM
#25
you don't have the associated private keys to your deposit and you risk losing your money but no one is discussing that which I'm having interest on.
Yes, this is a risk. When you deposit coins to any exchange, casino, mixer, etc., then you are giving up custody of them. This is a risk I am willing to accept with ChipMixer due to a number of reasons: Firstly, I am mixing small amounts of coins at a time and not leaving amounts I can't afford to lose in the custody of a mixer, and secondly, they have mixed hundreds of thousands of bitcoin over the years without a single incident of loss or theft.

why not go through Coinjoin where you have access to your keys than a mixer that you have to trust about your privacy and custody of funds.
Coinjoin is another useful tool, but it is neither perfect nor infallible:

Still, it seems that Wasabi has never been as safe as we all think:
Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.
I believe there's a market for a LN-based mixing service. Not sure if it might require an extension of LN and / or Bitcoin, but it should be possible without. Basically a way to submarine-swap on-chain funds into different LN channels, maybe even splitting it and having it arrive in multiple different LN wallets / nodes using https://bolt12.org/ invoices for instance. Then, similarly to ChipMixer chips, you can submarine-swap them all at once or over time as you need them, back into an on-chain wallet.
This is possible today already, but it's a manual effort - creating various invoices, initiating multiple swaps, and reversing the process.

Basically, when using a submarine-swap based swap provider, you're not trusting anyone, however by associating similar amounts and running lots of surveillance nodes, your payment might be tracked.
However, if there was a way to specify multiple invoices when using such a provider, it could be possible to e.g. receive part of the payment on your mobile node, one on your main LN node and even maybe part on a friend's node (with pinky promise to send it to yourself afterwards) for instance. This splitting action would be similar to ChipMixer chips that are spent at different points in time.
legendary
Activity: 2268
Merit: 18771
March 27, 2022, 08:27:32 AM
#24
you don't have the associated private keys to your deposit and you risk losing your money but no one is discussing that which I'm having interest on.
Yes, this is a risk. When you deposit coins to any exchange, casino, mixer, etc., then you are giving up custody of them. This is a risk I am willing to accept with ChipMixer due to a number of reasons: Firstly, I am mixing small amounts of coins at a time and not leaving amounts I can't afford to lose in the custody of a mixer, and secondly, they have mixed hundreds of thousands of bitcoin over the years without a single incident of loss or theft.

why not go through Coinjoin where you have access to your keys than a mixer that you have to trust about your privacy and custody of funds.
Coinjoin is another useful tool, but it is neither perfect nor infallible:

Still, it seems that Wasabi has never been as safe as we all think:
Using a capability that is being disclosed here for the first time, Chainalysis de-mixed the Wasabi transactions and tracked their output to four exchanges.
hero member
Activity: 1106
Merit: 912
Not Your Keys, Not Your Bitcoin
March 27, 2022, 07:35:21 AM
#23
Can we just put aside the other worries and address the main problem? I want to believe Sending bitcoin (either Utxo that has been KYC or not) to a mixer is risky because even if you know a little about their protocols,  you don't have the associated private keys to your deposit and you risk losing your money but no one is discussing that which I'm having interest on.
If not for the fact that some Mixers claimed that they usually purge their logs, why trust a mixer that can be threatened just like an exchange? why not go through Coinjoin where you have access to your keys than a mixer that you have to trust about your privacy and custody of funds.

@o_e_l_e_o
legendary
Activity: 2268
Merit: 18771
March 27, 2022, 03:46:44 AM
#22
Bob can send a voucher to a third party acting as escrow. Escrow checks it, creates a new voucher, and gives it to Alice.
I was thinking more of a trustless escrow, such as Bisq's 2-of-2 multi-sig escrow between buyer and seller, rather than just shifting the trust from one party to another. I can't see a way to do this in the current system.

And it would allow them to advertise on this forum again, right?
It should do. The whole point of the blinding is that even ChipMixer would not know which certificate is which. They would be unable to log any activity as all they can tell is if a certificate is valid and unspent, but not when it was signed or who has owned it.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 26, 2022, 04:08:25 PM
#21
I can't see a way to safely escrow
Bob can send a voucher to a third party acting as escrow. Escrow checks it, creates a new voucher, and gives it to Alice.

Now this risk is with the escrow:
The risk is that the other party redeems the voucher and then claims that it didn't work, or sends you a fake or already redeemed voucher.

Quote
Unless of course ChipMixer implemented blinded bearer certificates.
As far as I understand BBC, that would really be the next large step for privacy.
And it would allow them to advertise on this forum again, right?
legendary
Activity: 2268
Merit: 18771
March 26, 2022, 04:01:45 PM
#20
I'll add a bit to what has been said already: you could get a voucher from ChipMixer, and exchange that with someone else (obviously someone you trust). If you do that, there's not a single entity on the planet who could know all the information linking your incoming and outgoing transactions.
So I'm quite interested in exploring this. In order to maintain your privacy from the other party, you would have to exchange vouchers rather than private keys, so I didn't know which UTXOs you ended up spending and vice versa. Given that ChipMixer now allows you to generate vouchers of custom amounts, then it is trivial to create vouchers of matching sizes. However, if I split a voucher of 0.008 BTC off from a larger stack and we swapped vouchers, there would be no point in my combining that 0.008 BTC back in to my larger stack, since that would defeat the entire purpose of the swap.

The risk is that the other party redeems the voucher and then claims that it didn't work, or sends you a fake or already redeemed voucher. I can't see any way around this, since if you wanted to send a hidden voucher or similar to someone else then it would require the cooperation of ChipMixer, which brings us back to square one. So as you say, you could only do this with someone you trust, since I can't see a way to safely escrow or blindly send the vouchers to each other. Unless of course ChipMixer implemented blinded bearer certificates.

hero member
Activity: 882
Merit: 792
Watch Bitcoin Documentary - https://t.ly/v0Nim
March 26, 2022, 12:52:46 PM
#19
Bitcoin mixers can be trusted in a way you trust your friends who know your secrets. It depends on your friends whether they tell your secret to someone else or not but keep in mind that friends can be tortured to reveal your secrets.

Keep in mind that Blockchain analysis and tracking methods are improving daily. You not only need to trust bitcoin mixers but to trust your computer's software/hardware, trust your OS, trust your Browser and then trust your mixer.

There are problems that you should always keep in mind:
1. Mixer will scam you and not send your coins.
2. Mixer is run by authorities.
3. Mixer stores your log and data.
 3.1 - Mixer may sell your data
 3.2 - Mixer may reveal your info/data if they get in trouble with authorities.
4. Mixer website contains viruses.

There are chances that you'll experience at least one problem from the list and there are chances that you won't experience any listed problem. This is the situation where you have to trust their words, it's a risk anyway.

I want to tell you one thing, if everything that you do is legal and you just wanna hide your legal transactions, then you can feel secure by using popular bitcoin mixers. If you do something illegal, which I hope you don't do, then trust nobody or every trust will carry serious potential risks.
legendary
Activity: 3010
Merit: 3724
Join the world-leading crypto sportsbook NOW!
March 26, 2022, 05:53:00 AM
#18
Think it's pretty clear by now to OP. You can't trust any mixer to be a good actor because they're all centralised. In the end, like every business, you hope their motivation to conduct business correctly to ensure future income is more than their motivation to run off with your funds or steal your data.

If it's fund security you're worried about, even with alternative type of mixing like CJ where you maintain custody of funds, you have to give up a degree of mixing efficacy (to me).

Really do read the posts suggested by LoyceV (the ChipMixer articles).

However, it's hard to believe big company like BitPay reuse same address. I can't imagine the pain when user make mistake (under pay, over pay, etc.).
I've seen it with my own eyes: the address they gave me was funded half a year earlier.
But it was (is?) much worse with the instant exchanger I mentioned: they used a few different deposit address many times per day.

I can confirm the same. Was some time ago though, it was legacy address, I checked it as force of habit and saw it had 2 older txs, funded and then swept out I guess. It's not even the first time, I've seen it on other services before, and on some services I've been using for years, never once (Localbitcoins, for example, probably used hundreds in my lifetime, and they're now on bech32, but have never given a recycled address) so I know it's just negligence on the part of services who do.

And ETF, when users make a mistake, though, you don't talk to BitPay. You talk to merchant if you overpay or make a mistake who then refunds you only in fiat (and you can't underpay, Bitpay just would reject the invoice and ask you to get your refund from the merchant).

Happened to me plenty during peak congestion, when it takes too long to confirm (expire) or you use RBF (yeah, who knew) so you're forced to overpay fees in a major way with BP. Sorry, didn't meant to go on a rant.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 26, 2022, 04:59:16 AM
#17
However, it's hard to believe big company like BitPay reuse same address. I can't imagine the pain when user make mistake (under pay, over pay, etc.).
I've seen it with my own eyes: the address they gave me was funded half a year earlier.
But it was (is?) much worse with the instant exchanger I mentioned: they used a few different deposit address many times per day.
hero member
Activity: 2786
Merit: 657
Want top-notch marketing for your project, Hire me
March 25, 2022, 05:17:37 PM
#16
Never mixer huge BTC, always use Tor, and make sure you use 3 direct mixing methods (decentralized mixing should be included).
Can you talk a little more about this? Or in what topic it is possible to find out?
This is issue was discussed some years ago and based on the research was done by reputable members of the forum that there's a chance for flaws when mixing a huge number of BTC like 500 at once through an external mixing service and you're also trusting the external tumbler not to run away with your BTC either.
Having said that, when you mix through Bitcoin tumblers, you're trusting them not to keep logs this is the reason why it is good to use different tumblers when anonymity is a top priority. After you use Bitcoin tumbler, make use of a privacy wallet like Wasabi and no KYC p2p exchange.


Does anyone have updated information about the open transactions?
legendary
Activity: 2212
Merit: 7064
March 25, 2022, 10:28:16 AM
#15
Wallet address rarely shared among multiple user though, unless you use custodial service.
It's not that rear if you think about it.
I think dkbit98 meant wallet addresses can be paid to by multiple users. Although not recommended, it's not uncommon to ask different people to pay to the same address. I even see it on Bitcointalk for raffles or paying back loans, I've seen Bitpay do it, and I've seen instant exchangers reuse addresses.
Yes, and I even know some cases with multiple members of one family are using one bitcoin address, or some company is using only one addresses for accepting payments or donations.
That means that Bitcoin address can be personal used by one human but it's not necessarily, similar like one family is using one IP address in the same home,
or how internet providers have shared IP addresses instead of more expensive static IP addresses, that are usually optional.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 25, 2022, 05:52:58 AM
#14
Wallet address rarely shared among multiple user though, unless you use custodial service.
I think dkbit98 meant wallet addresses can be paid to by multiple users. Although not recommended, it's not uncommon to ask different people to pay to the same address. I even see it on Bitcointalk for raffles or paying back loans, I've seen Bitpay do it, and I've seen instant exchangers reuse addresses.
legendary
Activity: 952
Merit: 1386
March 25, 2022, 04:47:33 AM
#13
If you use tor or use a public WiFi service then you'll be much more hidden.
Public WiFi is not secure, anonymity in this regard would be better with Tor.

And cameras, do not forget about cameras.
For example : if you go to bar/cafeteria to use their free WIFI, the most probably you will be recorded.

I think it's similar to having a gun - it gives you a false sense of security (in this case, anonymity).
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 25, 2022, 04:31:00 AM
#12
Can you briefly say for overall development what information can be obtained using Cloudflare?
Everything:
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot

Ok. Has this topic already been discussed on the forum, where I can fill the gap in my knowledge?
I've seen some discussions about it. A good place to start might be different ANN threads on the Service Announcements board.  ChipMixer wrote a few articles about Best practices of Bitcoin mixing.

Quote
the bitcoin network was considered anonymous
It never was. Bitcoin is pseudo-anonymous at best.

Quote
everything is going to the fact that not a single transaction will be carried out without mixing services.
That's not needed. It really depends: you probably wouldn't mind paying for your coffee from an address linked to the address you use to pay for your lunch. But it's not wise to let your local barista know you own $100M in Bitcoin, and you may not want to pay for sexual services from the address you received your Christmas bonus on.
legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
March 25, 2022, 02:56:24 AM
#11
1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?

It'll be impossible to verify whether this data is stored by a mixer or not. Most say they won't keep logs or will only keep them for a certain amount of time (chipmixer is a week unless you destroy your session and then it's straight away - from what they say).

Anything can be said. Ok. I understood. So, by default, need to be prepared for the worst: that information about you is stored and can be transferred to third parties.

If you use tor or use a public WiFi service then you'll be much more hidden.

As far as I know, it's not enough to use tor with default settings, but that's another topic for discussion.
In our country, to connect to public WiFi, need to specify a phone number. Well, you understand how hidden it can be and someone already wrote above that public WiFi is not the best idea.

If the Bitcoin mixer uses Cloudflare they have enough information about their user saved. However, they didn't save any of their customer data theres information the hacker that access their website will get.
Can you briefly say for overall development what information can be obtained using Cloudflare?

Never mixer huge BTC, always use Tor, and make sure you use 3 direct mixing methods (decentralized mixing should be included).
Can you talk a little more about this? Or in what topic it is possible to find out?

I have no idea how this service works.
It's hard to discuss privacy of mixers if you don't know how it works, or haven't at least tried it.
I touched not so much on the technical aspects of privacy, but more on information of a general nature.

Different mixers work in different ways.
Ok. Has this topic already been discussed on the forum, where I can fill the gap in my knowledge?

If at the beginning of the birth of crypto industry mixing services there was no, in view of the fact that the bitcoin network was considered anonymous, now everything is going to the fact that not a single transaction will be carried out without mixing services. New times - new needs.
legendary
Activity: 2212
Merit: 7064
March 24, 2022, 08:29:15 AM
#10
I believe that when it comes to privacy and anonymity, you can't trust anyone at all. So what kind of information can a bitcoin mixer service get?
All they can get is your bitcoin address use for sending them coins with all past transactions, and IP address you used for connection on their website.
You can easily mitigate that and hide your real IP address with using Tor browser that is recommended anyway or with alternative paid vpn service.

Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?
All this information is probably stored for some time on their servers, but good mixers will delete this data periodically.
My assumption is that some mixers could be operated by government organizations in same way like they run Tor nodes, so they will probably going to save all your activity.
You can use mixers multiple times making it very hard for anyone to read complete history for your transactions.

If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?
I already answered this, and there is no need to ask the same question twice.

How can minimize the collection of personal information by mixers?
There is no ''personal'' information collected by mixers, it's just IP address and your wallet address, both of this can be used my multiple humans if they are shared.
You are again asking same question multiple times, and I said yo can use Tor browser or vpn, with good address management.
legendary
Activity: 1974
Merit: 2124
March 24, 2022, 06:53:20 AM
#9
If you want to use a mixing service, you will need a reputed one that you can trust, if you do not trust any, then do not use any mixer.
Even if you are using the reputed mixing services you should be extra cautious to look for the legit one's as the fake copies are also around the net with same UI to make you fool for which newbies fall.

The popular mixing service of Chipmixer is used by many to avoid the orginal tracing of address but some fake websites are always ready to scam you of your funds like this recent one so take care of it.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
March 24, 2022, 06:30:07 AM
#8
4) How can minimize the collection of personal information by mixers?

Use Tor Browser. But if you're willing to use terminal with Tor/VPN with some trial and error, you can make POST request so the mixer have no information about your browser/OS.

5) What other weaknesses and vulnerabilities are there in the scheme "your address 1 - mixer - your address 2"?

Under the hood, usually it's more complex than "Your Address 1 - Mixer Address - Your Address 2". But the weakness heavily depends on how mixer mix user coin and user behavior. You might want to check Breaking Mixing Services.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
March 24, 2022, 06:22:04 AM
#7
I have no idea how this service works.
It's hard to discuss privacy of mixers if you don't know how it works, or haven't at least tried it. Different mixers work in different ways.

I'll add a bit to what has been said already: you could get a voucher from ChipMixer, and exchange that with someone else (obviously someone you trust). If you do that, there's not a single entity on the planet who could know all the information linking your incoming and outgoing transactions.
hero member
Activity: 2786
Merit: 657
Want top-notch marketing for your project, Hire me
March 23, 2022, 02:46:19 PM
#6
I believe that when it comes to privacy and anonymity, you can't trust anyone at all. So what kind of information can a bitcoin mixer service get?
Yes, when privacy is the top priority you can't trust anyone, and thats people are advised to you 2 or more mixing services but there are some Bitcoin mixers that have been operating for years with no problem. The information the Bitcoin mixer gets is the wallet address used and IP address.

1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?
Yes, you're correct but there are some mixers that operated in p2p while there are some that provide you with a chip that is already funded before you mix your coin, and what they provide you is the chip that's equal to the amount of BTC want to receive with the private keys to the wallet that contain the Chips.

2) If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?
You have already answered this question yourself but the last time I checked most Bitcoin mixers use Tor and what you need is to know how to use it. So, the IP address and user location shouldn't be a problem.

3) What information about users can generally be stored on bitcoin mixing service servers? If attackers / hackers get access to them, then this can be used to the detriment of users, right?
If the Bitcoin mixer uses Cloudflare they have enough information about their user saved. However, they didn't save any of their customer data theres information the hacker that access their website will get.

4) How can minimize the collection of personal information by mixers?
Every mixer has its own rules, regulations, and mode of operation. You just have to use those that have a good record and require minimum data.

5) What other weaknesses and vulnerabilities are there in the scheme "your address 1 - mixer - your address 2"?
Never mixer huge BTC, always use Tor, and make sure you use 3 direct mixing methods (decentralized mixing should be included).
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
March 23, 2022, 02:36:37 PM
#5
If you want to use a mixing service, you will need a reputed one that you can trust, if you do not trust any, then do not use any mixer.

After having less privacy (in a way the public can trace your addresses on blockchain) like your bitcoin addresses are connected together (maybe) during transaction and some other reasons, this would be available for the public as the blockchain is transparent. This is one of the reasons someone can decide to use a mixer, even if the addresses are known to the mixer, the public will not know the owner of the old address is the owner of the new address which is the function of a mixer.

If you use tor or use a public WiFi service then you'll be much more hidden.
Public WiFi is not secure, anonymity in this regard would be better with Tor.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
March 23, 2022, 02:33:50 PM
#4
1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?

They can indeed do such connections if they want to, and even sell to chain analysis companies. In theory.
In reality I'd expect that they erase as much information as they can (and as early as they can) to avoid headaches from authorities (and also boast about this to their potential customers).

2) If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?

It has been proven that clearnet websites of the mixers are pretty much under constant attacks. Putting them into the protection of cloudflare and such is something I've seen done by some of the mixer businesses, but it's wrong, exactly because then (also) cloudflare can get (some of) this information.
So the solution is simple: use the mixers that offer TOR addresses. This way you protect yourself from this (valid!) situation.

3) What information about users can generally be stored on bitcoin mixing service servers? If attackers / hackers get access to them, then this can be used to the detriment of users, right?

I am not that "advanced" in this, but I expect that the best mixers keep only the minimum information to ensure customers' money is not lost because of various mistakes.
But source transactions (and obviously source addresses) and also the resulted funded addresses should be there, together with some unique ID or session information the user may receive before starting the process.
Of course, as you stated, IPs can also be stored, but only on clearnet.

4) How can minimize the collection of personal information by mixers?

Access them only under TOR, be careful to not make mistakes (which can reveal more info about you when you ask about them), withdraw the mixed coins to your wallet (obviously to different addresses), never mix from or to centralized service (exchange)... I don't know of anything else. Don't mix overly big amounts in one step.

5) What other weaknesses and vulnerabilities are there in the scheme "your address 1 - mixer - your address 2"?

Make sure the mixer you use is known, has a good reputation and it's highly professional. Because if they're not, you may face "vulnerabilities" (intentional or not) you may not like (and the service provider may or may not be aware of that).
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
March 23, 2022, 02:33:40 PM
#3
In summary, you can't know if a mixer sells your information to third parties or lies to you in some other way, but one thing is sure and I believe that's the purpose of mixing coins after all: You get privacy on-chain.

If you didn't use a mixer, your coins' connection would be publicly known. Analysis companies and advertising services wouldn't have to start searching what's yours; they'd already have a proof of that. On the other hand, if you mix coins you ensure that there's no probable way that everyone will know where your coins ended up to, even if the mixer sold this info to few.
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
March 23, 2022, 02:21:58 PM
#2
1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?


It'll be impossible to verify whether this data is stored by a mixer or not. Most say they won't keep logs or will only keep them for a certain amount of time (chipmixer is a week unless you destroy your session and then it's straight away - from what they say).

2) If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?

They can get your ip and location. It depends on what your isp stored about you but I've seen cases where you can get someone's name/address too via whois sites.

If you use tor or use a public WiFi service then you'll be much more hidden.

3) What information about users can generally be stored on bitcoin mixing service servers? If attackers / hackers get access to them, then this can be used to the detriment of users, right?


Most mixers save session tokens and deposit addresses, these are things they have to save to allow them to support their users - aside from that and maybe a captcha solve, they shouldn't be storing anything else. Captcha solves might hide some information about who a user is but it's probably not reliable.

4) How can minimize the collection of personal information by mixers?


As said above, use tor and/or public WiFi where you can.
Don't take your funds straight out of a mixer as it'll be easier to use chainanalysis to determine it's you.

If you wait anywhere from 2-7 days before withdrawing funds from a mixer they should be harder to trace.

Also if you use multiple mixers or multiple services, it should make your funds harder to tract too if worried about logging - it may be possible to incorporate dexes too.

legendary
Activity: 1792
Merit: 1296
Playbet.io - Crypto Casino and Sportsbook
March 23, 2022, 02:06:08 PM
#1
I have never used bitcoin mixer services (sooner or later, each of the signature campaigns participants will be visited by this thought) and in this regard, I have no idea how this service works. I'm not interested in "send BTC to this address", "receive BTC to another address" (I'm sure this info is on the each mixer website), but questions about collection of personal information by service providers matter to me.

In this topic , we are discuss the collection of information about users by hardware wallet applications. New points of view and comments will always be welcome here, because the more complete information we have, the more objectively can assess the situation.

I believe that when it comes to privacy and anonymity, you can't trust anyone at all. So what kind of information can a bitcoin mixer service get?

Next, I will voice hypothetical vulnerabilities from the point of view of a person who has NOT used mixer service, but is concerned about what information the bitcoin mixer can get. Please correct me or supplement if I'm wrong and I hope you answer the questions I'm looking for answers to.

1) Mixer knows BTC address from which you send and knows the address to which you receive. Is information about the connection of the sending address with the receiving address saved? If this info is stored on their server, having access to this info, you can unravel the entire chain of transactions?

2) If the mixing service provider is a website, then it can get various information, such as an IP address and location? What can the mixer learn about its customers in this way?

3) What information about users can generally be stored on bitcoin mixing service servers? If attackers / hackers get access to them, then this can be used to the detriment of users, right?

4) How can minimize the collection of personal information by mixers?

5) What other weaknesses and vulnerabilities are there in the scheme "your address 1 - mixer - your address 2"?

I may have more questions as I learn more about mixers.
Jump to: