Bitcoin Forum
June 19, 2024, 07:42:33 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 »
  Print  
Author Topic: ♻️ [banned mixer] — FAST, SECURE and RELIABLE BITCOIN MIXER (Since 2016) ⭐⭐⭐⭐⭐  (Read 47941 times)
PrivacyImportant
Newbie
*
Offline Offline

Activity: 9
Merit: 1


View Profile
February 17, 2018, 12:26:24 PM
Merited by Reatim (1)
 #261

I am using your service for a long time now and I am very satisfied with it. But lately I have been investigating possibilities to track transactions which were send over mixing services and I found two possible attack vectors to cluster transactions which were mixed with your service.

The first one is less effective but there is still a decent risk. The transaction fees of your service are constant when the transaction has the same size. For example three transactions with one input and two output addresses had the same size of 42.598 sat/B. Obviously the fees vary when there are more input addresses but most of the time I received transactions with one input two output and the fees were constant.

The second is more severe. Let's say we have a setup of x-forward addresses and all of them are differently delayed in time. Normally you should think that this setup is bullet proof but it isn't. As the delay steps in your service are hour based and your service is sending the transactions at exactly the same time just hourly shifted (for example: 01-01 21:10:21, 01-01 14:12:20, 01-01 03:12:18) it is easy to cluster all transactions which are connected to one mixing step. With the help of the first attack vector the analysis becomes even more effective.

With the help of those information it should be no big deal for future blockchain analysis techniques to track down the source of mixed coins. This is a big risk for a mixing service which should offer a high grade of privacy.

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.
CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
February 20, 2018, 07:44:51 PM
Merited by Reatim (1)
 #262

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

These improvements sound reasonable. We are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. Thank you for your feedback!
Reatim
Sr. Member
****
Offline Offline

Activity: 2870
Merit: 363


Eloncoin.org - Mars, here we come!


View Profile
February 20, 2018, 07:51:06 PM
 #263

I am using your service for a long time now and I am very satisfied with it. But lately I have been investigating possibilities to track transactions which were send over mixing services and I found two possible attack vectors to cluster transactions which were mixed with your service.

The first one is less effective but there is still a decent risk. The transaction fees of your service are constant when the transaction has the same size. For example three transactions with one input and two output addresses had the same size of 42.598 sat/B. Obviously the fees vary when there are more input addresses but most of the time I received transactions with one input two output and the fees were constant.

The second is more severe. Let's say we have a setup of x-forward addresses and all of them are differently delayed in time. Normally you should think that this setup is bullet proof but it isn't. As the delay steps in your service are hour based and your service is sending the transactions at exactly the same time just hourly shifted (for example: 01-01 21:10:21, 01-01 14:12:20, 01-01 03:12:18) it is easy to cluster all transactions which are connected to one mixing step. With the help of the first attack vector the analysis becomes even more effective.

With the help of those information it should be no big deal for future blockchain analysis techniques to track down the source of mixed coins. This is a big risk for a mixing service which should offer a high grade of privacy.

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

I have given merit to your account since I'm been also using cryptomixer for a long time and I have notice the same specially the second attack vector.

I would love to see it being implement a delay of -/+ 10 minutes will be OK I guess on my end.

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

These improvements sound reasonable. We are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. Thank you for your feedback!

Thank you for your fast reply. I hope that we can see this implemented in the future release of cryptomixer and more power to you guys.









▄▄████████▄▄
▄▄████████████████▄▄
▄██
████████████████████▄
▄███
██████████████████████▄
▄████
███████████████████████▄
███████████████████████▄
█████████████████▄███████
████████████████▄███████▀
██████████▄▄███▄██████▀
████████▄████▄█████▀▀
██████▄██████████▀
███▄▄█████
███████▄
██▄██████████████
░▄██████████████▀
▄█████████████▀
████████████
███████████▀
███████▀▀
Mars,           
here we come!
▄▄███████▄▄
▄███████████████▄
▄███████████████████▄
▄██████████
███████████
▄███████████████████████▄
█████████████████████████
█████████████████████████
█████████████████████████
▀█
██████████████████████▀
▀██
███████████████████▀
▀███████████████████▀
▀█████████
██████▀
▀▀███████▀▀
ElonCoin.org.
████████▄▄███████▄▄
███████▄████████████▌
██████▐██▀███████▀▀██
███████████████████▐█▌
████▄▄▄▄▄▄▄▄▄▄██▄▄▄▄▄
███▐███▀▄█▄█▀▀█▄█▄▀
███████████████████
█████████████▄████
█████████▀░▄▄▄▄▄
███████▄█▄░▀█▄▄░▀
███▄██▄▀███▄█████▄▀
▄██████▄▀███████▀
████████▄▀████▀
█████▄▄
.
"I could either watch it
happen or be a part of it"

▬▬▬▬▬
PrivacyImportant
Newbie
*
Offline Offline

Activity: 9
Merit: 1


View Profile
February 21, 2018, 12:16:15 PM
 #264

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

These improvements sound reasonable. We are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. Thank you for your feedback!

It would be nice to see these improvements implemented as fast as possible so that anybody using your service receives a far better privacy. Can I somehow speed up this process by helping to implement those changes or send you some financial support?

PS: Sadly I can't send you private messages because of my Newbie status. If you are interested then leave me a private message with some contact information. Thank you!
PrivacyImportant
Newbie
*
Offline Offline

Activity: 9
Merit: 1


View Profile
March 10, 2018, 12:00:54 PM
 #265

Sad to see that still nothing has changed. I don't want to overexagerate but as long as this hasn't been fixed the whole mixing is useless and easily traceable even with open source blockchain analysis tools like BlockSci. And I am sure there exist even more powerful proprietary tools of services like Chainalysis and Elliptic which are already used to trace transactions of mixing services. When a service which pretends to offer privacy is shown that their privacy model is utterly broken one should at least hope that this problem is fixed asap.
CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
March 11, 2018, 11:40:11 AM
 #266

Sad to see that still nothing has changed. I don't want to overexagerate but as long as this hasn't been fixed

Sorry for the late response. I was sure, I have answered your last message.
CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
March 11, 2018, 11:41:25 AM
 #267

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

These improvements sound reasonable. We are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. Thank you for your feedback!

It would be nice to see these improvements implemented as fast as possible so that anybody using your service receives a far better privacy. Can I somehow speed up this process by helping to implement those changes or send you some financial support?


We are working on improvements that will cover your risk cases. We will roll out this update together with SegWit support.

Your help will be highly appreciated during the production tests. I'll contact you directly as soon as we would be ready. Thank you
PrivacyImportant
Newbie
*
Offline Offline

Activity: 9
Merit: 1


View Profile
March 11, 2018, 11:51:28 AM
 #268

Sounds great, especially the SegWit support, but could you already estimate when this update will roll out (days, weeks, months)?
CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
March 13, 2018, 12:02:55 PM
 #269

Sounds great, especially the SegWit support, but could you already estimate when this update will roll out (days, weeks, months)?

We expect to deliver this update before Apr, 3.
Backo
Newbie
*
Offline Offline

Activity: 98
Merit: 0


View Profile
March 18, 2018, 09:29:20 PM
 #270

Hello! I am available for franch and Arabic translation .Whether you need it please contact me on telegram @backobtc thank you  I'm waiting for your response
NowYouAreSee
Jr. Member
*
Offline Offline

Activity: 65
Merit: 1


View Profile
March 19, 2018, 01:09:27 PM
 #271

I am using your service for a long time now and I am very satisfied with it. But lately I have been investigating possibilities to track transactions which were send over mixing services and I found two possible attack vectors to cluster transactions which were mixed with your service.

The first one is less effective but there is still a decent risk. The transaction fees of your service are constant when the transaction has the same size. For example three transactions with one input and two output addresses had the same size of 42.598 sat/B. Obviously the fees vary when there are more input addresses but most of the time I received transactions with one input two output and the fees were constant.

The second is more severe. Let's say we have a setup of x-forward addresses and all of them are differently delayed in time. Normally you should think that this setup is bullet proof but it isn't. As the delay steps in your service are hour based and your service is sending the transactions at exactly the same time just hourly shifted (for example: 01-01 21:10:21, 01-01 14:12:20, 01-01 03:12:18) it is easy to cluster all transactions which are connected to one mixing step. With the help of the first attack vector the analysis becomes even more effective.

With the help of those information it should be no big deal for future blockchain analysis techniques to track down the source of mixed coins. This is a big risk for a mixing service which should offer a high grade of privacy.

My advice to improve the privacy of your service would be:
First attack vector: Add a small randomly chosen amount to your transaction fee. This hides the fact that a transaction is send by the same service/wallet.
Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.

You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!
CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
March 20, 2018, 07:06:48 PM
 #272

You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!

Don't let the fact, that we are implementing the proposed measures confuse you. Cryptomixer offers ones the most advanced and secure mixing algorithms. As I already said we are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. We are building the Cryptomixer with inputs from the forum community to make transactions safer and untraceable while contributing towards privacy over internet transactions. The improvements proposed by "PivacyImportant" member will really bring even more security to Cryptomixer in certain cases.
NowYouAreSee
Jr. Member
*
Offline Offline

Activity: 65
Merit: 1


View Profile
March 21, 2018, 07:24:07 AM
 #273

You raised an important topic. All services provided by a cryptomixer were not anonymous all this time. I think that the cryptomixer is compromised. All this time they did not make the transaction anonymous, but just took a commission for false anonymity!

Don't let the fact, that we are implementing the proposed measures confuse you. Cryptomixer offers ones the most advanced and secure mixing algorithms. As I already said we are constantly improving our algorithms and believe there is never too many measures when you deal with security and privacy. We are building the Cryptomixer with inputs from the forum community to make transactions safer and untraceable while contributing towards privacy over internet transactions. The improvements proposed by "PivacyImportant" member will really bring even more security to Cryptomixer in certain cases.

You have to admit that at the moment your mixer does not meet the high requirements for anonymity.
cryptomixerscam
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
March 21, 2018, 11:51:06 AM
Last edit: March 21, 2018, 12:03:16 PM by cryptomixerscam
 #274

CRYPTOMIXER - UNRELIABLE! STOP USING IT! SERVICE COMPROMISED!

LIST OF ALL OUTCOMING ADDRESSES FOR THE LAST MONTH:

https://justpaste.it/1ik93


CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
March 21, 2018, 06:43:31 PM
Last edit: March 21, 2018, 07:40:28 PM by CryptoMixer.io
 #275

CRYPTOMIXER - UNRELIABLE! STOP USING IT! SERVICE COMPROMISED!

LIST OF ALL OUTCOMING ADDRESSES FOR THE LAST MONTH:

https://...

What is this? Smiley We do respect our competitors and ask for the same. Don't confuse forum members with this

Anyway, we used to treat security issues with all respect. If you believe that you have any security-related issue, kindly contact support. Thank you
Feqlizer
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
March 25, 2018, 05:15:36 AM
 #276

What is this? Smiley
Hello! It seems to be real list of outgoing addresses of your service. I did use your services last month and found my addresses in this list. If last poster tried to confuse some of your customers he succeed at least in my case.

Do you use single key for all your outgoing addresses permanently? How did he found them all? I find all this case disturbing.
Feqlizer
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
March 25, 2018, 05:35:09 AM
 #277

Second attack vector: Offer the functionality of choosing the delay on minute basis OR add a randomly chosen delay (for example +- 10 minutes from the chosen hourly delay) to your transaction time.
I do not think this will resolve issue. Does it matter that repayment delay step is hour or minute or second? It does not. Every repayment delay should be modified with absolutely random "time noise" which would be hard to quantize.
CryptoMixer.io (OP)
Full Member
***
Offline Offline

Activity: 312
Merit: 127

Ever used CryptoMixer? Leave your feedback ↓


View Profile
March 26, 2018, 05:33:49 AM
 #278

Do you use single key for all your outgoing addresses permanently? How did he found them all? I find all this case disturbing.

No we do not use single key. It seems to be some random list of addresses. We still haven't got any confirmation on this list as we do not have the ability to check it and the author hasn't contacted us. As you seems to be the real cryptomixer customer who follow the tread, kindly contact me directly with you real account (not this alt) to confirm some details. This will help us to to dig into this issue.
Feqlizer
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
March 31, 2018, 08:47:27 AM
 #279

This is not my alt account. I have registered specially for this case. I may suggest better way of confirmation. I keeped your signed letters of guarantee. I will PM one of it to you shortly so you can ascertain everything yourself.
motherhacker
Newbie
*
Offline Offline

Activity: 5
Merit: 1


View Profile
April 02, 2018, 07:02:35 AM
Merited by CryptoMixer.io (1)
 #280

I registered this account to share my findings.

Once a lot people mention some weak points of your service I tried to code a little.

I wrote a simple js script sending random cryptomixer codes to server. The server responds with a discount for each code. Running script for about two hours I succeeded to found the code with 0.1% discount: 34ntw. Anyone can check it, though they likely delete the code soon after posting.

My message to cryptomixer: please guys, improve your server responses. You can restrict the rate per IP, for example. Turns out that 5 letters code does not give you good level of security.

Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 [14] 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!