Author

Topic: Privacy: How to Store My KYC Coins After Whirlpool Coinjoin? (Read 297 times)

hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
Shower thought, if OP requires minimal privacy, can he use BlueWallet, create two Lightning wallets, load one of the wallets with Bitcoin, open invoice in the second wallet, loaded wallet opens direct channel to second wallet, send, then exchange Bitcoin from Lightning wallet to onchain wallet through zigzag.io?
In addition to what ETFbitcoin said, you shall know that transfers between Lightning wallets on BlueWallet might be completely useless since they might 'just shuffle around values in a database'. This would make sense due to their LN wallets being custodial.

Furthermore, if you were to use a real Lightning wallet in the first place, the moment coins are deposited into it, they gain a lot of anonymity; no need to send them over to a second wallet. This can be done in private through the Tor version of https://boltz.exchange/ (copy the link from the clearnet page) or through other similar swap providers.
Make sure not to get ripped off though; the other day there was a fake ChipMixer site (though it's a different type of service) someone fell for.
legendary
Activity: 2898
Merit: 1823
OP, if you want to "just HODL", just leave the coins alone and send them to your cold storage, IF you currently don't have any reason to require privacy.

Shower thought, if OP requires minimal privacy, can he use BlueWallet, create two Lightning wallets, load one of the wallets with Bitcoin, open invoice in the second wallet, loaded wallet opens direct channel to second wallet, send, then exchange Bitcoin from Lightning wallet to onchain wallet through zigzag.io?
legendary
Activity: 2268
Merit: 18771
They could ask at any time how exactly you spent those coins you withdraw from coinbase, and you would need to provide some proof.
What a shame that I lost all my coins in yet another tragic boating accident. Third time this year! Wink

But I do agree it is better to start with a private way of buying coins, rather than buying fully KYCed coins and then trying to scrub your details from them.

Yes, Core on some machine under your control is needed for perfect privacy, though you can use it through SPV as well for easier day-to-day usage & improved security. I personally don't put coins on my Bitcoin full nodes, because to me they seem more exposed (open ports, ..) to the web than even other hot wallets such as the mobile wallet I use.
Sure. So the best set up if you want to use an SPV wallet would be to have Bitcoin Core running over Tor, set up a watch only SPV wallet pointed exclusively at your node, and then have the complementary SPV wallet containing private keys on a fully airgapped and encrypted system. You can also throw a hardware wallet in to the mix as well if you really wanted, only plugging it in to your airgapped computer and interacting with your airgapped SPV wallet, if you wanted.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I will sum it up based on my knowledge and preferences:

* from what I know actual mixer may do a better job than CoinJoin
* OP can use Sparrow with a Bitcoin Core node or with a local Electrum server and should do that especially for the second wallet
* OP should use a separate, new wallet for receiving the coins and this new wallet has to work with the local server
* I may be a bit paranoid, however, imho whenever OP wants to do a firmware update for his Hardware Wallet, he should reset it before touching software like Ledger Live
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
-snip-
This would probably be fine for most people. If you want to be ultra paranoid, though, then you probably can't be sure that your hardware wallet doesn't have some unique identifier in it which is sent to the manufacturer's servers when connected/setting up/checking for authenticity/etc. which could then be used to link your old wallet to your new one.
That's actually one more thing that I like about hardware wallets that don't ship with their 'own' software to be honest! I've never mentioned it; I believe by today all of them do have an 'official software', but in the past it wasn't always the case and it basically eliminated this vector.
Still, you can use all of them with e.g. Sparrow or BlueWallet and circumvent this attack. Open-source software / hardware also helps to make sure this type of thing is not implemented.

Bitcoin Core (throw in an airgapped set up for additional security as you suggested) would still be the best option for privacy here. If you really wanted to use a hardware wallet, then I would only use it in conjunction with independent open source software such as Electrum (pointed only at your own server) rather than the software from the manufacturer.
Yes, Core on some machine under your control is needed for perfect privacy, though you can use it through SPV as well for easier day-to-day usage & improved security. I personally don't put coins on my Bitcoin full nodes, because to me they seem more exposed (open ports, ..) to the web than even other hot wallets such as the mobile wallet I use.

I would like to Whirlpool Coinjoin mix my KYC coins for better forward privacy. I would like to use the minimum number of wallets, steps and keys to achieve privacy.
Instead of doing this I would much ratter use Lightning Network and something like Chipmixer.
I am not saying using whirlpool coinjoin is bad, but I think doing what I suggest is better for privacy and it will be much harder for anyone to find real origin of your coins.
What I like about Lightning is that it's easy and effortless to use for frequent payments while keeping privacy without worrying about coin control or mixing again every single time. So for cold storage you can just use ChipMixer and send to an offline seed. However for your 'hot coins' it's very comfortable to hold them in a Lightning wallet, since it allows for the occasional on-chain payment as well (through submarine swap), if needed.
legendary
Activity: 2212
Merit: 7064
I would like to Whirlpool Coinjoin mix my KYC coins for better forward privacy. I would like to use the minimum number of wallets, steps and keys to achieve privacy.
Instead of doing this I would much ratter use Lightning Network and something like Chipmixer.
I am not saying using whirlpool coinjoin is bad, but I think doing what I suggest is better for privacy and it will be much harder for anyone to find real origin of your coins.

What is the simplest way for my to get my Coinbase funds out of Cold Storage, mix them, and send them back into cold storage without losing my privacy on the new coins?
Simplest way is not always the best way if you are looking for privacy.
I am not sure how you plan to use those coins in future, but you may run into problem with regulators once you connect your identity with any coins.
They could ask at any time how exactly you spent those coins you withdraw from coinbase, and you would need to provide some proof.
Maybe using those coins to buy something would be a good idea, and you can always sell that stuff p2p.
In future I suggest using decentralized exchanges like Bisq for trading.
legendary
Activity: 2268
Merit: 18771
-snip-
This would probably be fine for most people. If you want to be ultra paranoid, though, then you probably can't be sure that your hardware wallet doesn't have some unique identifier in it which is sent to the manufacturer's servers when connected/setting up/checking for authenticity/etc. which could then be used to link your old wallet to your new one.

Bitcoin Core (throw in an airgapped set up for additional security as you suggested) would still be the best option for privacy here. If you really wanted to use a hardware wallet, then I would only use it in conjunction with independent open source software such as Electrum (pointed only at your own server) rather than the software from the manufacturer.
hero member
Activity: 910
Merit: 5935
not your keys, not your coins!
It should ideally be a Bitcoin Core wallet ran over Tor, but if not, then it should be a brand new light wallet, preferably a client he has never used before, also ran over Tor.
While you're right regarding privacy (the question of this topic), let's not forget security. I'd always prefer some sort of cold storage, be it an airgapped offline laptop, a SeedSigner seed or a good open-source hardware wallet.

Since he already has a hardware wallet, the ideal way for him might be wiping it and transferring the funds back to it afterwards. Before doing so, he should set up the wallet software to run over Tor and / or connect to his own Bitcoin Node through the software. That would be my recommendation.

If the hardware wallet doesn't support wiping and creating a new seed, I'd probably buy a new one(but I realize I might be in the minority, almost collecting these little gadgets..) or creating a fresh, independent wallet using a passphrase. It could even be as simple as simply 'btc' for the purpose in question here. Even write it down onto the device if needed!

It still depends on the software implementation, but my best guess would be that if you start the software and enter the passphrase on-device, it won't even (be able to) query the 'default wallet' balances.
It's possible that the software does cache the different xpubs though, so to be safe I'd check the wallet's codebase and also wipe the installation off the hard drive & reinstall it. Or maybe even switch to another software.
legendary
Activity: 2268
Merit: 18771
We can't assume that surveillance companies are not doing exactly what you describe and are not running electrum servers.
We can go one step further actually - we know that blockchain analysis companies are doing exactly that. See below:

Another way Chainalysis captures Bitcoin user data is by running nodes that verify transactions, the documents confirm. This allows the company to capture data leaks on the publicly accessible internet, or clearnet, from users’ simplified payment verification (SPV) wallets. Those services were designed to prioritize easy storage over foolproof security (although to be fair they are arguably more secure than wallets that rely on APIs to verify transactions).

“The downside to this design is that when the user wallet connects to the network, a variety of information is revealed - the user’s IP address, the full set of addresses in the wallet (used and unused) and the version of the wallet software,” according to the slide deck. “Chainalysis runs a series of nodes on the Bitcoin network ... and if a user connects to one of our nodes, we receive the above information.”

The only safe option as you point out is to run your own node and point any SPV wallets exclusively at your own server.
legendary
Activity: 4522
Merit: 3426
Once your wallet has 0 balance (or all "dirty coins are gone) and you never reuse any old address, your wallet is "clean".
This is not the case.

... every time he opens his wallet it will query the balance of all the old addresses and all the new addresses, allowing them to be clearly and easily linked together by any server he connects to.

I was going to agree with bitmover, but I'm glad you pointed that out. We can't assume that surveillance companies are not doing exactly what you describe and are not running electrum servers.

It is not a concern for me since I am running a full node, as well as a private electrum server and private blockchain explorer.

My mixing solution is to run JoinMarket and let others mix my coins for me.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I am not doing anything ultra secret, just want general privacy from snoopy governments
Hiding from the government requires the best privacy techniques. It's not an individual who'll want to grope your money neither an advertising service that wants to know your activities. We're talking about an entity that has access to every log and chain analysis tool.

If you want privacy with Bitcoin, running your node is a must. To maximize it, don't reuse addresses, be aware to not link UTXOs (coin control), use mixers and do everything through Tor. If you want to be sure you're hidden from the government, then don't use Bitcoin.
legendary
Activity: 2268
Merit: 18771
Once your wallet has 0 balance (or all "dirty coins are gone) and you never reuse any old address, your wallet is "clean".
This is not the case.

As jzhou has explained above, it depends entirely on which wallet software OP is using and how he is using it. If he is using any wallet other than his own full node (or a light wallet which is only pointed at his own full node), then to look up the addresses in his wallet he will be querying some third party server. Even if he moves all his coins out and moves a bunch of different mixed coins back in to new addresses and never uses the old addresses again, every time he opens his wallet it will query the balance of all the old addresses and all the new addresses, allowing them to be clearly and easily linked together by any server he connects to.

By far the safest thing for OP to do here is to move the mixed coins in to a brand new wallet. It should ideally be a Bitcoin Core wallet ran over Tor, but if not, then it should be a brand new light wallet, preferably a client he has never used before, also ran over Tor.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science

Will the mixed coins be private if send back to the originating cold storage wallet (which held or still holds some Coinbase coins) l as long as I practice proper coin control (e.g., never combining mixed coin UTXOs with Coinbase UTXOs)?


Or, is a wallet "contaminated" with my identity once it received a lot of KYC coins and it would be most private to send the mixed coins to a new wallet?

Your wallet is "contaminated", but it is easy to clean.

I recommend that you send all of your funds to a bitcoin mixer that you trust (Chipmixer is trusted by the community in this forum, for example).

Send it in batches, and do not mix UTXO from different addresses so you don't damage even more your privacy.

Once your wallet has 0 balance (or all "dirty coins are gone) and you never reuse any old address, your wallet is "clean".

Quote
What is the simplest way for my to get my Coinbase funds out of Cold Storage, mix them, and send them back into cold storage without losing my privacy on the new coins?

Simple send your mixed coins back to your old wallet, in a bunch of new addresses. (or just one if you prefer)

Edit: Remember that it might be interesting to have some coins from Coinbase KYC. They might be useful if they become a lot of money and you need to pay taxes and explain where your money came from in the future.
newbie
Activity: 4
Merit: 10
Then IMO utxos being looked up from the same IP would be the only realistic concern (even then I don't think there's been a single proven case of this being exploited). You should be fine chainanalysis-wise on the mixed end if that's your concern. But remember that the fact of you having participated in a coinjoin may be easy to figure out. The government may not know what you did with your mixed coins, but they can audit you just for mixing coins and try to find something else.
newbie
Activity: 8
Merit: 20
I should add I am not doing anything ultra secret, just want general privacy from snoopy governments in case I made some small bitcoin purchase and forgot to fill out a bunch of tax paperwork for it.
newbie
Activity: 4
Merit: 10
Very specific to the implementation of your client. If new addresses are generated from a common seed then you need to make sure the xpub never leaks. How does your client looks up the utxos? What if your computer is compromised? Does the software leave any trace on your computer? Unencrypted logs etc? Only one things needs to go wrong. Heck, even if the implementation is perfect, a simple malware attack could link your addresses. Convenience and privacy usually don't go together.
newbie
Activity: 8
Merit: 20
I have a stack of Coinbase KYC Bitcoin in cold storage, using a hardware wallet.

I would like to Whirlpool Coinjoin mix my KYC coins for better forward privacy. I would like to use the minimum number of wallets, steps and keys to achieve privacy.

In Sparrow wallet you have to open a "hot" software wallet to Whirlpool them.

If I send my KYC coins to the new hot wallet, mix them, and send them back to the original cold storage (using new and unique receiving addresses, of course) wallet where the KYC coins were stored before...

Will the mixed coins be private if sent back to the originating cold storage wallet (which held or still holds some Coinbase coins) l as long as I practice proper coin control (e.g., never combining mixed coin UTXOs with Coinbase UTXOs)?


Or, is a wallet "contaminated" with my identity once it received a lot of KYC coins and it would be most private to send the mixed coins to a new wallet?

What is the simplest way for my to get my Coinbase funds out of Cold Storage, mix them, and send them back into cold storage without losing my privacy on the new coins?
Jump to: