Please beware of phishing sites! The only true one is washbit.org!
Washbit is a bitcoin laundering service which features well thought washing process, high anonymity and ease of use. Washbit does not log any user activity,
doesn't need any javascript and runs on clearnet over https or tor. It's super easy to use - there's
no need to register, you just enter your new adresses to receive clean bitcoins and the system will generate a deposit address for you. The
address is valid for next 24 hours and any bitcoins sent to it are automatically cleaned and sent back within next 12 hours. Service charges 1% fee.
Rationale behind creting washbitAnother bitcoin mixing service, you might say. Sure there are many bitcoin laundering services with varying degree of success. The leading player in the field,
Bitcoin Fog, seem to have problems lately (see their topic), although they claim to take things seriously. Last time the
founder logged in this forum is in November 2014, which is not serious enough. But even if it was working flawlessly, I created washbit mainly because I wasn't happy with the way it works.
First of all, the washing process should be as simple as possible: washbit does not require any sort of registration or configuration - your laundering process is literately one click away.
Second, service does not need to hold your bitcoins longer than necessary. In washbit, you'll get bitcoins back in 12 hours. You don't need to leave it on the internal account (there isn't any) for several days. The reason Bitcoin Fog gave for doing so was that it increases anonymity. That's not true, see following sections about how to stay anonymous.
However Bitcoin Fog claim they are a team of professionals, I personally presume it's just one person, as it is with other services. I won't claim otherwise, although I might sometimes refer to the service as "we". I dare to say I have at least the same expertise as they (he) have - my background of computer knowledge goes back to 1995. Creating washbit was deliberate and well thought through process and I spent considerable time and resources to make it right the first time. Washbit is here to make things easy yet still very secure and anonymous.
Washing processWashbit instantiates several big pools of bitcoins, which are totally independent of each other and in each transaction, it serves you new bitcoins from an unrelated pool. You input up to ten different addresses to which you want to receive the cleaned bitcoins. After 6 network confirmations, the deposit is accepted and withdrawals are scheduled. Each of the clean addresses is used exactly once, that means there will be X transactions for X addresses, and the process is done in a span of next 12 hours. If you duplicate one of the clean address, it is treated as two separated addresses - in this case you would receive 2 transactions at random times to that address.
SecurityWashbit has been tailored on several layers of security, from physical, over software, to network topology to offer the best anonymous solution. It might happen, due to nature of the service, that the clearnet domains are seized, but washbit will continue to operate on the tor network. Washbit uses dedicated physical servers with restricted access in combination with virtual servers for some tasks. It does full blockchain verification and the bitcoin client is on a separated machine from the website.
AnonymityIf you were the only person using the service, the link between inputs and outputs would be pretty obvious. Although the pools itself are independent and your new bitcoins can't be tracked back on the blockchain, the sum of your outputs will be pretty much the same (minus randomized fee) as the size of your input (which is one). To overcome this issue, washbit creates dummy transactions, and your inputs and outputs are indistinguishable from those. This way, an attacker cannot do his analysis based on the amount of the bitcoins transacted - unless you use one wallet for all the receiving addresses. Please see below to learn how to avoid.
Another misconception I saw is that anonymity depends on how much bitcoins are in the pool. That's false. It does not matter if you put your 1 coin to a pool of 10 or 1000 BTC, if you then withdraw again exactly 1 coin. The link between the two stays the same. The anonymity itself is based solely on the transactions itself, their count and amount being transacted. The only thing in which having a big pool of bitcoins is useful is that you can launder a bigger amount. Washbit does not have a problem with that, it has substantial amount of bitcoins at your disposal. Maximum recommended volume to clean is 200 BTC.
Recommended way of usageThe main flaw in the whole process is actually how you use the received bitcoins. If you receive them all into one wallet, you're flagging them as being together, because every bitcoin client will use them together and in each transaction it will send some to a wallet's "remainder address". In this case, after several operations with your new clean wallet, a potential attacker might realize that these addresses belong together.
Another vector of breaking anonymity is that outputs from the service might be known as originating from the service. Combining these two things, an attacker knowing your addresses and amounts transacted from washbit, he can easily learn how much bitcoins you laundered and, provided he was tracking you in the first place, correlate this to the former transaction and completely circumvent the whole cleaning process.
A way around this is to use two separate wallets. Use a client that supports multiple wallets (
Multibit might be a good choice), generate 5 receiving addresses for each and then put all these 10 addresses to washbit in one transaction. Bitcoins you will send to the service will be subsequently randomly split to your two wallets.
Now, use these these two wallets separately. If you're careful and don't send your new bitcoins to a same address from those two wallets, there is no way of an attacker doing the analysis described above.
Links