Author

Topic: What ChipMixer’s, Whirlwind’s and Sinbad’s downfall teaches us (Read 79 times)

member
Activity: 330
Merit: 23
Now, just a few days to go before year’s end we need to remember a year of centralized mixer fails. First, ChipMixer’s downfall, later Whirlwind’s downfall and now Sinbad.io’s downfall are truly lessons to be learned from.
We need to draw conclusions and it is important for us to learn from it to avoid repeating similar mistakes.

While all cases are different, a basic problem is boiling down to being centralized services. We have learned from Bitcoin why decentralization is important. Centralized mixers is exactly what a decentralization maximalist needs to be critical of.


Disadvantages of centralized services

We know it very well from Bitcoin: decentralization is king. Bitcoin is so famous because it’s decentralized. By decentralizing it, important attack vectors against it won’t work.

In opposite, mixers like Whirlwind, Sinbad.io or ChipMixer are centralized. It is run by an operator / CEO and he can do mistakes, get caught and steal funds. We have to trust him and how he is running his service.
Whirlwind outright scammed everyone, where developers just decided to abandon Whirlwind and as a logical result from centralized services, customers received financial loss. Maybe all data will be sold on Darket marketplaces to increase owner profits.
It is all about avoiding a middleman, trustless.
Bitcoin is legit, Bitcoin has no CEO.

Decentralized is king!


ChipMixer’s case


Let's have a closer look at ChipMixer:

Are ChipMixer operators really well educated and honest?

In a centralized service, we depend on its operators to be honest and well educated. We don’t know it if ChipMixer’s developers are honest and well educated but what we heard from some research, ChipMixer’s founder was not someone who was extremely educated, as flaws in his operations were revealed. Yes, he was able to set up a website and code mixing operations, also in DarkNet but after all, he can also have hired a coder to set it up and maintain it. We don’t now much about ChipMixer’s development team size and experience. It is unknown.
Once again, we need to trust some internet strangers.


Centralized services need an income – not unlike Bitcoin

As every centralized service, also ChipMixer needed an income. ChipMixer didn’t charge any fees for mixing, only dust, which didn’t fit in Chips was charged, which is not much after all. ChipMixer also had a gambling part, where customers can bet a Bitcoin amount and double it – or lose it. 47% chance of success. A part of it was ChipMixer’s revenue.
To generate revenue for it’s operations, every centralized service needs an income and most likely ChipMixer’s income was to launder criminal funds and even being involved in DarkNet operations.
It’s not a surprise. Sinbad.io is even worse involved in criminal syndicate businesss, it is shocking, but later more about it.
Conclusion: Such money needs to have an origin and it’s likely to be from criminal origin (hacked funds, stolen funds, extorted funds), where ChipMixer participated in deals to obtain income from.


ChipMixer’s involvement in DarkNet markets

After ChipMixer was operating for a long time, it suffered to be a target for criminals to launder stolen or hacked Bitcoins. It is quite likely, more and more hackers and criminals found out about ChipMixer over time.
In addition, ChipMixer seemed to be operating a DarkNet activities itself but it is still not known to which degree ChipMixer has been involved in DarkNet markets.
After ChipMixer never provided any statement, not from employees as well, it seems to be a very centralized service and a very small team. We don’t know how many employees ChipMixer had. Most likely ChipMixer was run by few people close to DarkNet markets and didn’t apply valid security measures, like deleting old private keys from customers because data was found later and keys emptied.


Sinbad.io’s case

Let's have a closer look at Sinbad.io:

While most points are already covered and apply for Sinbad.io like it does for ChipMixer, Sinbad.io is one step more shocking and more tied to crime. Because from all information available, seachable for anyone to do a quick internet research, Sinbad.io was already tied to massive criminals when it started.
Sinbad.io started as a re-branded, already busted mixer, blender.io, known for funneling funds from big hacks and criminal syndicates before it got busted:

https://finance.yahoo.com/news/sanctioned-mixer-blender-launched-sinbad-183621428.html
https://www.coindesk.com/business/2023/02/13/sanctioned-mixer-blender-re-launched-as-sinbad-elliptic-says/
https://decrypt.co/208160/sanctioned-bitcoin-mixer-blender-relaunch-sinbad-sanctioned-again
https://www.theregister.com/2023/02/14/blender_crypto_mixer_sinbad/
https://decrypt.co/121222/new-sinbad-bitcoin-mixer-is-sanctioned-blender
https://cointelegraph.com/news/crypto-mixer-blender-has-been-rebranded-to-sinbad-says-elliptic
https://www.theblock.co/post/211225/sinbad-crypto-mixing-service-may-be-blender-in-disguise-elliptic
https://dailycoin.com/elliptic-reports-that-blender-rebranded-as-sinbad/

While people here now complain about Royse777 remaining funds are difficult to process, many funds going into blender.io previously, going into Sinbad.io after blender.io got busted, are 100% identical. It’s also stolen and hacked funds.
Sinbad.io funds were not just from DarkNet markets like ChipMixer, funds were even from organized crime syndicates.

Sinbad.io abused Bitcointalk to attract clean coins, to get volumes for mixing Sinbad.io’s extremely tainted coins. Bitcointalk members were abused like exit liquidity from shitcoin pump and dumps.
It’s a real shame, what Sinbad.io pulled of.
We need to spot such scum next time.



Final conclusions

While mixers like ChipMixer or Sinbad.io have been very famous, it’s now clear how ChipMixer clearly missed solid standards in terms of operation, transparency and security, how Sinbad was already guilty when it started and what Sinbad.io pulled off against Bitcointalk.
While ChipMixer was tied to DarkNet marketc, Sinbad.io funds were even from big organized crime syndicates.
We don’t know yet, which fallouts are still upcoming because for ChipMixer, 7 TB of data are a lot. For Sinbad.io a similar outcome of sized data might be up and people need to be aware how tainted coins from Sinbad.io really are. It’s coins from criminal syndicates. 
Possibly, many transactions can get unmixed, which is good to catch scammers, criminals and syndicates but everyone who used such a mixer legitimately, can possibly get identified as well.
In Whirlwind, many people lost funds but just because of luck, an escrow still held money for refunds. In future cases, such refunds might not be available.
In ChipMixer, many people lost funds because private keys, which serves as "chips" were not deleted by ChipMixer.
According to LoyceV’s research many chip-sized funded addresses were emptied, indicating funds from Chips were moved at once in a sudden action. We can draw a conclusion from it: ChipMixer didn’t delete private keys after a session expired. According to ChipMixer, deleted sessions can’t be restored, where we can expect also deleting keys to prevent any malicious actor from obtaining it.
Because imagine it is also possible for a hacker to obtain such private keys.

Because of being a centralized service, ChipMixer's, Whirlwind's and Sinbad.io's downfall was no surprise.
Jump to: