Bitcoin Forum

Hello.

I have a multisig vault. In order to achieve the highest privacy:

1. I generate an address per incoming transaction.
2. My wallet (co-signers) has been created using airgapped devices.
3. I have imported my xpubs to my personal electrum server on my node.

But, I have sent some coins from addresses to which I had originally sent directly from Binance.

Have I lost all of my privacy because of this mistake?

Please feel free to let me know whether you  think that I exaggerate. I am not a privacy maniac. I just want to know the best practices.e

To have privacy, first mix the coin you sent from Binance using a mixer or coinjoin before sending it to your full client wallet address. Mixing it will make it easy for you.

Or you can first convert it to a privacy coin like monero on a decentralized exchange and then convert it back to bitcoin.

Do not reuse address.

You have a (multi-sig) HD wallet and you spent the fund that you had received from binance. Am I getting you correctly?
Did you use coin control? If you didn't use coin control and you used multiple UTXOs in a single transaction, now all those coins are linked together.

I don't reuse address but for the first thing you mention, how would you go about doing that from scratch?

Could I send it from Binance to another wallet and then use a mixer (like whirlpool) to send it to my multisig vault ?

Finally, since I haven't done that, what are the risks that may occur now ?


Hi! No, I have sent from Binance to another wallet. Then from my other wallet into my multisig vault (not in a single transaction) but in several transactions, in order to create larger UTXOs.

Send it to an address that you own, not an address on your privacy wallet. Use another wallet for it and name it 'centralized exchange wallet'. Send the coin from Binance to one of the addresses. Use a coinjoin for it like whirlpool, or use a mixer like Whirlwind to send it to your privacy wallet.

For whirlwind mixer. Download Tor browser and open Whirlwind site on it: http://whirlwct7ertqae6i7ivsm475kgia6v67zzxevgzkilykknrjke33cqd.onion/

Make use of coin control, send the coin to a mixer or coinjoin it. Freeze the address and do not use it anymore. But I will recommend you to create a new wallet.

That's great, but doesn't it apply only to new "coins"? I mean can I do the same with the "coins" that I already own?

It seems like you have completed  KYC procedure on Binance which implies that  the address to which you have sent from this exchange is linked to your identity. Consequently, any transactions from this address will also be linked to you.

If I where in your position  I would use mixer and  shuffle the associated  UTXOs.

I recommend that you  read the following guide ( divided into four sections ^[1] (#post_ANK01) ^{, [2]} (#post_ANK02)^,[3] (#post_ANK03) ^and[4] (#post_ANK04).) to gain a deeper  understanding on   how you can maintain privacy  when making your transactions.

::::::::::::::::::::::::::   ::::::::::::::::::::::::::::  ::::::::::::::::::::::::::::::

[1]. Understanding Bitcoin Privacy with OXT — Part 1/4  (https://medium.com/oxt-research/understanding-bitcoin-privacy-with-oxt-part-1-4-8177a40a5923)
[2].  Understanding Bitcoin Privacy with OXT — Part 2/4  (https://medium.com/oxt-research/understanding-bitcoin-privacy-with-oxt-part-2-4-20010e0dab97)
[3].  Understanding Bitcoin Privacy with OXT — Part 3/4  (https://medium.com/oxt-research/understanding-bitcoin-privacy-with-oxt-part-3-4-9a1b2b572a8)
[4].  Understanding Bitcoin Privacy with OXT — Part 4/4  (https://medium.com/oxt-research/understanding-bitcoin-privacy-with-oxt-part-4-4-16cc0a8759d5)

That's great, thanks! Yes I have completed KYC. I am curious to see whether I can use the mixer to mix my UTXOs and send them to the same vault.

Do you mean the coins that are already in your multi-sig set up where you maintain your privacy? If that is it, then you said you do not reuse addresses, so if you want to spend from a particular address you should use coin control to make sure there is no link between the sending address and your other addresses. Nevertheless if you are sending from your multi-sig set up wallet to another different address that you own, you should first send the funds to Whirlwind mixer and from the mixer to the address, or you use CoinJoin.

Mixer is capable of  sending funds back  to any address  you choose  but it's not recommended to reuse the same vault. Create a new vault instead of using existing  one repeatedly.

I have shared my personal   experience of using  Mixy service. Perhaps my post  (https://bitcointalk.org/index.php?topic=5457664.msg62501584#msg62501584) will be helpful to you.

That does not repair the privacy issue you are trying to fix, also privacy cannot be "fixed" in the direct sense.

The proof of transactions from your binance address to you current address will always be on the blockchain and anyone with basic analytic skills can link the dots.
What you can do is to create a different set of addresses and send (coinjoin or mix) all the coins into these new sets. This will break the link between your current set of addresses and the new one.

- Jay -

Thanks Jay. Even if the word "fix" isn't the proper one to use, I believe what you said WILL fix my privacy issues.


I am checking it right now. Thanks.


That's exactly what I meant. Thanks

Unfortunately I don't have any merit to send you guys, but I thank you all!!!!

Keep in mind that what you do before sending to mixing services and what you do after the mixing was completed are equally important for preserving your privacy because any false move or mistake may compromise your identity or the safety of your funds. Let's call these "pre-mix and post-mix etiquette": pre-mix implies preparing your UTXOs for mixing with coin control and other techniques to prevent unnecessary merging of anonymous coins and coins connected to your real identity. On the other hand, post-mix implies the absence of interaction with any centralized services that may peer into the history of your transactions and freeze your account for suspicion of money laundering or other criminal activity.

As others have said, if you want to break the link between your KYCed coins from Binance and the coins in your multi-sig, then you should empty your current multi-sig, mix the coins or coinjoin them with Whirlpool or JoinMarket, and then return them to a fresh multi-sig wallet. It's better to do this over a couple of transactions and addresses and not consolidate everything in to a single UTXO to make it harder for any blockchain analysis firm which is tracking the total amounts.

This will give you coins which are no longer linked to your KYC data from Binance, but of course Binance will still have a record of you purchasing and withdrawing x amount of bitcoin. If you want to go for full privacy, then you would need to return the coins you have bought to Binance, sell them for fiat, withdraw that fiat, close your Binance account, and then buy fresh bitcoin using a non-KYC method such as Bisq.

Actually I am buying BTC using RELAI at the moment which is non-KYC, but half of my stack is from Binance.

So, let me clarify the process once more, because I will do it any time soon.

1. I will send my coins to a fresh wallet that I have created in Sparrow.
2. Sparrow gives you the ability to mix UTXOs.
3. I will create a brand new multisig vault (fully airgapped).
4. I will send my coins to my new vault.

Is this ok?

That will work, but a couple of points to be aware of.

If you choose to use Sparrow to Whirlpool, you will pay the Whirlpool entry fee, and some of your inputs will be segregated in to toxic change. You'll have to work out what to do with this change separately, since if you combine this change with any of your final outputs or address you will lose all your privacy.

Also, this method won't be quick. Putting 0.1 BTC in to Whirlpool (for example), coinjoining it once, and then withdrawing 0.1 BTC is still traceable. You will need to leave your coins in Sparrow for several weeks (assuming you are connected 24/7, if not then even longer than this) in order to get a good number of remixes in order to properly obfuscate things.

You will also need to make sure Sparrow is linked to your own full synced node and connecting to the Whirlpool coordinator over Tor.

I think this will work for me. Should I create smaller UTXOs to break the incoming amount into smaller?

In your example if I send 0.1BTC to my mixing wallet, should I send 0.1BTC to my vault in one transaction or multiple smaller?

To highlight how the address privacy works:

Assuming you make all transactions with one address each, if you are transacting to exchanges and the link, those transactions can be tagged with your KYC info by blockchain analysis companies (who ask nicely for such data).

So that is one transaction "link" that is personally identifiable information.

When you use that address to pay somewhere else, that makes another "link" as in a correlation, in that the person who paid for the exchange and for the other service is the same person.

Your other transactions are made using disposable addresses so those transactions are still private. Also if you make more payments to the second service using different addresses, those will also be private, unless the second service is also a KYC service.

So let's say you deposit 0.1 BTC to Sparrow. You'll probably want to enroll that in the 0.01 BTC pool. So you'll end up creating 9 outputs of around 0.01005000 BTC, paying 50,000 sats in fees to the coordinator, and creating a toxic change output of around 0.009 BTC. Your 9 outputs will then pay for themselves to be coinjoined, and you'll end up with 9 coinjoined outputs of 0.01 BTC exactly. You will then need to leave these outputs alone for several weeks for them to benefit from free remixes.

Once you've done all that, you can start moving your 0.01 BTC outputs to your multi-sig wallet. I wouldn't combine all 9 in a single transaction to a single address, since anyone looking at your 9 inputs going in could also look for 9 inputs coming out and make the connection. Maybe consolidate 2 or 3 at a time to a new address each time.

That’s some of the advantages you get from having wallets, that allows you the leverage of naming them other than leaving it with default. You could essentially label a wallet and accord it a use and this use would serve better but, having to use it only once would add to your layer of security as, when looked at there won’t be traces of a strain within the wallet.

Having to send them in batches would in no particular order and possibly not all at once would help but, aren’t they still getting into the same address? I get the idea that the dots could still be connected some how from the sun up value though, it still gives that extra stress to deduce.

Well, the whole point would be to withdraw in batches of different amounts at different times to different addresses. And since OP says his watch only wallet is synced via his own personal Electrum server and bitcoin node, then there is no risk of a malicious Electrum server linking the addresses in his wallet together via his IP address querying all the addresses at once.

If he withdrew everything to the same address then doing so in batches provides no additional privacy over doing so in a single transaction - anyone can simply sum up all the withdrawals and then try to match input and outputs amounts.

Yes, spending coins from Binance and/or mixing them in with your other coins invalidates any privacy measures that you previously previously took. If any inputs aren't mixed together, maybe they are okay...though it also depends on your wallet and the level of logs that the node you are connected to is taking edit - Credits to you for using your own electrum server and Bitcoin node! You should be fine for the inputs that you don't mix with your binance inputs.

It should be noted too that even if you didn't use Binance, the moment that you start spending yours coins, you will likely join the inputs if you aren't using coin/input control (as without this, inputs will join to make your transaction)...and if you aren't using a P2P marketplace for liquidating, coin privacy measures are likely redundant anyway.

From a security standpoint, you have a great setup. It would be extremely difficult for anyone to hack your wallet.

To both @o_e_l_e_o and @Smartvirus.

In my opinion sending in batches is better.

In fact, I started getting familiar with Jam. I don't know if you have heard of it. It is an app that I run on my node through tor. It allows you to send BTC and do the whole mixing stuff. Seems good, have you checked it?


Hi! thanks.

Unfortunately half of my sats come from centralised exchanges.

I am aware of it and have heard lots of good things, but I haven't used it myself so cannot vouch for it directly. It's effectively a GUI for JoinMarket though, which I do use frequently. Of all the coinjoin implementations, JoinMarket is the best, so it seems like a good choice for what you are looking for.

I'd be interested to hear your thoughts on Jam once you've used it a bit. It remains on my ever growing list of "interesting things to look at more than I have the time". :P

 Railgun could help here.

 Bridge to Polygon through wBTC. Deposit into Railgun. Depending upon the amounts you are anonymising you may need to privately swap your wBTC for other coins which have better anonymity sets. Wait for other transactions to create the volume to mask your own. Withdraw into a fresh Polygon wallet, or several wallets if you swapped into other coins. Swap back into wBTC. Bridge back to a fresh wallet on bitcoin.

 Therefore so long as you are careful about anonymity sets and timings there is nothing to link your new bitcoin wallet to your old one. The BTc to deposit to the wBTC bridge will likely not be the same you receive, track mints and burns if you need surety. Fees would be 0.5% for the first scenario and 1% for the latter. Though you could add further swaps from within Railgun depending upon your estimation of the privacy set required.

If you are happy to swap bitcoin in to another coin, then there is no reason not to use monero. You don't need to deposit your bitcoin in to some custodian's wallet, you don't need to deal with centralized tokens and IOUs, and you don't need to use things like wBTC which are not private at all and easily traced. Just swap to monero, move the monero around, and then use a different service to swap back in different amounts. Far easier and far better privacy than anything you can do with wBTC.

If convert to private coins, like XMR on centralized exchanges, like Binance? Don't be quick to criticize. It is important for us to break the chain of connections, right. Withdraw this XMR from the exchange to a desktop wallet1, create another wallet2. From wallet1 send to wallet2. At this stage, the coins disappeared. Create a new account at the Binance (so that there is no connection with the old account) or any other centralized exchange (of course, without KYC and other verification). Send XMR here, exchange it to BTC and safely withdraw to your desktop wallet, like electrum.

I understand that this option has a lot of extra steps, but still, it can be applied. Is not it?


The connection between those addresses can now be established, but will it be possible to associate those addresses with you? If you are not verified in the Binance through KYC, then I suppose this is not a cause for concern. Ideally, there would be no connection between addresses at all if you wish to maintain your privacy.

If you substitute Binance for peer to peer trading via somewhere like Bisq or Agoradesk, then yes, you can apply this method.

There is exactly zero point in trying to obtain any shred of privacy while using Binance. Even if you don't complete KYC, they are tracking everything from your IP address to your browser fingerprint and paying multiple blockchain analysis firms to trace your deposits and withdrawals.

This is correct. However, Spinflight's solution is still a good one if one has doubts in Monero for whatever reason. The fee would be roughly the same, depending on the exchange method that you are using. Both solutions are valid ones though.

In terms of wBTC not being private - that's right, however the solution provided by Spinflight allows you to mask origins by burning/minting different amounts at different times and points, thus making it extremely difficult to track it down. As effective as monero? I couldn't say for sure, though both methods seem to be effective for privacy in their own ways. If someone is determined, using both methods might be a way to increase effectiveness as well.

Monero is the only coin which is truly private and which blockchain analysis firms have been entirely unable to break. If you have doubts about the privacy provided from monero, then it would be absolutely insane to think you would somehow get better privacy from wBTC or similar.

I'm definitely not refuting what you are saying - though to play devils advocate, I'll say that things that are unbreakable are, until they aren't. Some people have their doubts and try other solutions, that is normal and fine. (again, not refuting that monero is truly private or that analysis firms can't break it).

Achieving privacy is also somewhat static. You either achieve it, or you don't. You don't "get some" or a degree of privacy. If it's not an adequate measure, ultimately it's not private. Monero is not the singular key to privacy. There are definitely other, unique ways in which you can achieve privacy. I believe that Spinflight's solution is possibly one of them, I can't say for sure as I haven't given it a try though in theory I do see Spinflight's logic/rationale behind the theory.

Hmmm... Is there a bridge between Monero and bitcoin? If so that what is the volume, average transaction size etc? If not are you talking about going via a dodgy CEX? Can't say I know as I've never used that method, though true knowledge of privacy sets and timings isn't limited to the coin or token in question, as much or more information can be gleaned from the bridge or exchange.

 So if you want maximal privacy then you can chain the railgun deployments. Bridge to Ethereum, deposit and use the largest privacy sets there, then take those tokens and bridge them to polygon taking advantage of what is effectively compound interest of diminishing returns, privacy sets squared. When you then bridge back it's guaranteed that there is no heuristically feasible way to track and no connection between the original coins locked on the bridge and those returned.

 This might sound expensive... Though frankly would still be cheaper ( 1-2% in fees plus gas) for the vast majority of token amounts than any other method.

There is, but the rates are terrible.

There are some services which aim to either enhance decentralization or utilize peer to peer functionality. Agoradesk, trocador, hodlhodl, are some peer to peer or reduced centralization services. Bisq is decentralized. In terms of fees, around 1.5-3% after network fees after all is done. So in terms.of cost efficiency, the railgun method is a little.more cost efficient or on par in comparison' and probably with increased decentralization.

 Are the volumes at least reasonable?

 I can more than understand most bitcoin mixers seeing protocols which provide similar services on other chains as competitors.

 On chain privacy however is not a zero sum game where one solution wins at the expense of others, all methods have some merit and utility.

 Indeed one of the concerns about bitcoin mixers is that a user might get rid of their ( for whatever reason) tainted bitcoin, merely to receive some proportion of someone else's possibly more tainted back. I'm not sure whether this is a valid concern as I haven't looked into the mechanics behind these mixers too much.

 Curiously the method I've outlined above should, on the face of it, be of most interest to bitcoin mixers themselves who are seeking to provide the best service possible for their customers. Deposit on one bridge and withdraw completely different coins on another. Other ways may be possible.

On Bisq right now the spread between buy and sell orders for the BTC/XMR pair is 163 sats, which is less than 0.03%. The trading fee for a taker is 0.575%, and the trading fee for a maker only 0.075%.

Within a 1% price spread on Bisq, there is approximately 0.6 BTC of volume for selling XMR, but about 14 BTC of volume for buying XMR. This is only one platform, however, and there are plenty of others you can choose from. https://kycnot.me/

This is just as much a risk with the methods we are discussing here. The correct approach to this issue is to never use any centralized exchange or service which attacks the fungibility of bitcoin by buying in to the provable nonsense of "tainted" coins.

I'm using that instead, although with not big amounts as it's beta software. It supports almost every feature JoinMarket does, even though I have noticed a bug or two. Specifically, in Fee Limits, Jam is reading from the JM's configuration file, but when you attempt to set a base fee and restart both JoinMarket and Jam, it defaults base fee to some value as if it wasn't changed. You should better change that value from the configuration file directly.

I think that unless suggested by AdamISZ (https://github.com/AdamISZ), kristapsk (https://github.com/kristapsk), undeath (https://github.com/undeath) or some other top contributor from JoinMarket, we shouldn't be using Jam confidently. (though some of those do have contributed to Jam (https://github.com/joinmarket-webui/jam/graphs/contributors))

 The whole premise of the thread is tainted bitcoin... OP believes, correctly, that through use of a CEX he has lost his anonymity.

 Your own example here seems to cost about 3% at least for the round trip and only a handful of transactions in the last week.

 Indeed Monero's privacy features play no part in anonymizing theoretical bitcoin here, you'd have been better trading for any other pair with higher volumes. Just because you are swapping for magic beans it doesn't mean the exchange transactions are private you know. :) Merely the action of sending btc to a known bisq vendor with no resultant transaction in return flags an XMR buy up, I'd warrant.

 Low volume exchanges with few transactions and high costs are not a good solution here.
 

But you don't want to hide the fact you're buying XMR (even though I don't see how it's easy to figure out that part unless the seller is a surveilling entity). Just as with bitcoin mixing, you pretty much want from the rest to know you're mixing. You just don't want them to know which are the coins you're receiving from the other end. When coinjoining, you want to give a sign that the rest of the coins aren't in your possession, but you're part of a coinjoin; what you don't want them know is which are the new coins you own. 

But when buying XMR, you enter a very high volume market; Monero's. Sure, Bisq isn't a large one, but any XMR user could have chosen to sell their XMR, I don't see why it has to be one who's traded in Bisq before. Ultimately, you can sell XMR for BTC outside Bisq.

Sure, but KYCed bitcoin and tainted bitcoin are two entirely separate things.

Not sure how you reached that number. Given maker fees of 0.075%, then I can set my own spreads and pay combined transaction and network fees of <0.5% all in, provided I am not in a rush.

Swapping for any other coin which is completely traceable is completely pointless.

So? So blockchain analysis knows I sold my KYCed bitcoin for monero. Then what? They can't trace that monero, so they can't pinpoint when I trade it back in bitcoin.

Hey. So I have been experimenting with 2 mixers in the past 3-4 days.

I have created a BIP39 wallet in Sparrow where I have sent my UTXOs from my multisig vault. There, I have done 2 mixes and I have generated some new UTXOs. (I also have some coins in badbank which is the amount of coins that wasn't mixed - which I don't touch for the time being).

Then, I sent my freshly mixed UTXOs to Jam (which is a nice GUI for JoinMarket). I have done 5 mixes with 9 collaborators each.

Finally I have created a new vault and I plan to send my UTXOs there. I will use the auto-sweep feature which allows me to "Execute multiple transactions using random amounts and time intervals to increase the privacy of yourself and others. Every scheduled transaction is a collaborative transaction.". This will mix my coins even more.

As a sidenote, I run my own electrum server and Sparrow is connected to it over TOR. At the same time, I also run my own instance of Jam.

I assume this is more than enough, to secure my coins privacy-wise, isn't it?

Yes, that's more than enough, although I shudder a little at the thought of how much you have paid in fees to do all that.

If it was me, I would probably have just left my coins in Sparrow for more free remixes. I imagine it is fairly unusual to take outputs from Whirlpool and immediately feed them in to JoinMarket, so that potentially gives blockchain analysis companies something to latch on to.

You 're right. Unfortunately I couldn't leave my computer (Sparrow) turned-on since I 'll not be home for a week. I 've lost a total 2.3% of my original satoshi.


I don't understand this. Could you elaborate please?

It is easy to identify coinjoin transactions when examining blockchain data. Coinjoin isn't useful because the transactions are secret - they aren't - but because it is difficult or impossible to know which inputs are linked to which outputs.

However, you need to be aware of how you spend those outputs. If you send outputs from a coinjoin to Binance, for example, then there are probably lots of other people who are also sending their outputs to Binance, so yours will blend in with the crowd. However, I imagine it's fairly unusual to send coinjoin outputs to a different coinjoin implementation. If you are the only user spending your outputs in this way, then a blockchain analysis company might make that connection. If there are 10,000 Whirlpool outputs spent today, and only 5 of them go directly to JoinMarket, then those outputs are potentially linked.

But how can they know that? Considering that I run Jam on my node. I haven't seen the code but is JoinMarket connected to some central servers? If not, how can they know?

By examining the publicly viewable blockchain data. As I said above, coinjoin transactions are easy to identify.

For example, here is a recent JoinMarket coinjoin I just pulled from the blockchain: https://mempool.space/tx/98423f23138446f079442bda7856b87cba075d15142ae756e06dcbdc0eb6b61c
It has all the characteristics of being a JoinMarket coinjoin which makes it easily identifiable - large number of inputs and outputs, similar number of inputs and outputs, all inputs are from segwit addresses, multiple outputs of identical values (0.04416277 BTC in this case) in order to obfuscate which is which, and if you look back in time the majority of the inputs have come from similar JoinMarket coinjoins.

Similarly, here is a recent Whirlpool coinjoin I just pulled: https://mempool.space/tx/5a734035c9745820dc98ab79209a1e44d4fbd2b7a0ed1dd417131be31a7ad763
These are even easier to identify, since Whirlpool uses fixed pool values of 0.001 BTC, 0.01 BTC, 0.05 BTC, or 0.5 BTC, they always have the same number of inputs and outputs, and two inputs will always be slightly more than the pool size in order to pay the transaction fee.

As I said, the privacy gain from coinjoin transactions comes from it being impossible to link the inputs to the outputs, not from the coinjoin transaction itself being hidden or secret. A blockchain analysis company can easily watch where all the outputs of every coinjoin transaction go, but if they don't know who owns those outputs, which other outputs that person controls, or who owns the addresses they are being sent to, then they can't do anything with information. But if a very small number of outputs all go the same unusual and identifiable place, which I imagine would the case when taking outputs from one coinjoin implementation and sending them to a second coinjoin implementation, then they can infer common ownership. (I have no data on this, I am just postulating that moving coins from one coinjoin implementation directly to a different coinjoin implementation is not a very common thing to do.)

I totally understand, but I really assume that they wouldn't bother. The only reason why I did it was because I wanted to experiment with those conjoin apps. I won't repeat it though.

I will keep using Jam however. It seems too easy to me.

Maybe. Maybe not. We'll never know. Just pointing out that unusual uses cases like this do provide something for analysis companies to latch on to.

As I said above I've never used Jam, but I've been using JoinMarket via its own GUI for years and don't have any real complaints.