[ANN] ChipMixer.com - Bitcoin mixer / Bitcoin tumbler - mixing reinvented

[AdolfinWolf]

so therotically, the funds from the key which iv'e exported in my wallet and then sent to bitpay are still vulnerable, cause if an third party ( like chipmixer ) still knows  these keys ?

No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer.

If you're talking about the remainder (the "change"), depending on your wallet software it could be that it's sent to a change address belonging to your original keypool, or it might've not used any change addresses and instead has sent the coins back to the same address, for which the private key is known by chipmixer.

As general advice: If you're not planning on immediately spending the keys you received from chipmixer, it's usually a smart idea to send them over to a private key you generated yourself.

[1714048456]

1714048456

[1714048456]

1714048456

[moejoejay]

No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer.

so the key is the same but the owner changes ?

send them over to a private key you generated yourself.

this is the sweeping feature or?


best regards

[AdolfinWolf]

No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer.

so the key is the same but the owner changes ?

If you're talking about the private keys you receive from Chipmixer, yes that is the case.

If you're talking about normal bitcoin transactions; no. a different private key will hold the outputs (as otherwise it wouldn't be trustless..)

send them over to a private key you generated yourself.

this is the sweeping feature or?

best regards

I think this is what most people understand under "sweeping", correct (?).

[HCP]

No, because once they are confirmed, they belong to an adress of which the private key belongs to bitpay, not you nor Chipmixer.

so the key is the same but the owner changes ?

No.

As explained, if you send the bitcoins to Bitpay, once the transaction is confirmed, they will be assigned to the Bitpay Address (which will have a completely different private key to the one you received from ChipMixer.

If there is any change from that transaction... ie. you withdrew a 0.1 BTC "chip" and only sent 0.08 BTC to Bitpay... then what happens with the 0.02 BTC change depends on what wallet you used to setup the transaction and/or how that wallet is setup to handle change.

If the wallet creates a "new" change address, then the coins are now assigned to a new address (with a new private that neither Bitpay nor ChipMixer have any control over... only your wallet will have the private key. Transaction will look something like this:

Code:

0.1 BTC 1ChipMixerAddress -|-> 0.08 1BitPayAddress
                           |-> 0.02 1YourNewAddress <-- Only you have access to this

If the wallet does not create a change address, but sends the coins back to the original address created by ChipMixer, then you and ChipMixer still have access to the coins. Transaction will look like this:

Code:

0.1 BTC 1ChipMixerAddress -|-> 0.08 1BitPayAddress
                           |-> 0.02 1ChipMixerAddress <-- Both you AND ChipMixer have the private key for this

[ChipMixer]

So there is no possibility to make an (rpc) call or sth like that  to destroy the specified client-side cookie also ?

or does this undermine privacy ? if so may it makes sense to put an hint to the side on step 4.

Client-side cookie can be destroyed by server with http header and it will be changed to do so. It does not require Javascript or user action. It will increase privacy.

If I Destroy my session, then restore that session in another browser, I get the same deposit address. Is that the intended behaviour?

If you destroy the session (at step 4 you confirm you want to destroy it) - it is impossible to get same deposit address when you restore session with session token. You will get new session with same token but different deposit address and no history. If that is not true - please send us more info by email.

[jackg]

@jackg:

i think the tor browser blocks all java ( thats also the reason for that the faq site doesn't working properly anymore)

may just a design for the faq site without folded out parts is an better privacy oriented option.  

No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

I'm not sure on running a js app from a your own machine either in tor - I thought that was allowed as there are no outward connections.

[LoyceV]

If I Destroy my session, then restore that session in another browser, I get the same deposit address. Is that the intended behaviour?

If you destroy the session (at step 4 you confirm you want to destroy it) - it is impossible to get same deposit address when you restore session with session token. You will get new session with same token but different deposit address and no history. If that is not true - please send us more info by email.

I can't reproduce it anymore, so all good.

[moejoejay]

@chipmixer:

You will get new session with same token

Whats the reason to hold the same token after destroy the session.

It does not require Javascript or user action

Ok but if i try to read the faq over tor it doesn't work cause the side elements for expand the Answers seems to embedded with java code.

best regards   


 

[moejoejay]

@jackg:

No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

i think thats not really practicable for an normal user to hit f12 to solve an problem.

@jackg:
@hcp:

Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface.

neverthless i'm trying to understand and thanks for guidance.

how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )

what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?

best regards

[jackg]

@jackg:

No I was talking about the console you get by hitting f12 in most browsers, isn't that still available in tor.

i think thats not really practicable for an normal user to hit f12 to solve an problem.

@jackg:
@hcp:

Not its getting complicated , at least for me and my limited knowledge about how the bitcoin network is working under the surface.

neverthless i'm trying to understand and thanks for guidance.

how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )

what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?

best regards

Yeah it's not within the scope for a normal user, might have been better to say site settings are normally findable from where you can hit the padlock and hit settings or options to delete data.

If you sweep using electrum with the addresses individually then you'll be sending funds individually. If you just import the private keys to a new wallet, you'll have to get a receive address and click each you're trying to spend in turn, right click and press spend from for each... A new return address should be generated each time you send a new transaction but memorising the last 3 characters for example or even the last one shouldn't hurt too much.

[HCP]

how could i figure this out, if i get a "new" change address or an old one ? ( i use electrum )

You can view the transaction created in Electrum... "receive" addresses within your wallet will be highlighted green... "change" addresses will be highlighted in yellow. If you see an "output" that is green, it is most likely being recycled back into the original receive address.

This generally happens if you create a wallet in Electrum that only has imported private keys (in the title bar at the top, it should say [imported]), because Electrum cannot generate new private keys/addresses automatically for this type of wallet... it will only ever have the private keys that you have manually imported.

If you have a "standard" wallet... Electrum will generally automatically generate new change addresses as required. However, this wallet type will not let you import private keys, you can only "sweep" them.

what if i'm not sweeping my imported keys but just sending to my general wallet ? does it hold my privacy level in any way instead sweeping ?

You don't sweep imported keys... you either sweep the keys, which sends funds from those address(es) to a new address(es)... or you import the keys and the funds stay on the original key(s)/address(es) until spent...

So, which one are you doing?

[ranchoodas]

Attention:

At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.

[moejoejay]

So, which one are you doing? Huh

U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys.

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet  

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.

best regards

[LoyceV]

I need help regarding with my session.

It's best to email chipmixer@protonmail.com (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website).

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet 

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.

Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them.

[HCP]

U right ive point this out in an wrong way i dont mean the keys import or sweeping i mean after the import of the keys.

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet  
just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.

If you have already imported the keys into an Electrum wallet and you want to move the funds to another wallet... just send them in a transaction as you normally would any other transaction.

Although, you might want to consider using the "spend from" option in Electrum, so that you avoid accidentally linking UTXOs back together by including them all as inputs to the same transaction. Also, it would be a go idea to avoid sending all the funds to the same address... as again, that creates a link between them all.

This is effectively the same thing as "sweeping"... all sweeping does is "simplify" the process for you and means you don't need to import any keys. Instead, it will take a private key (or keys) and then create a transaction that sends all available UTXOs controlled by those keys to an address of your choosing. Probably not ideal, as you can only specify ONE destination address when sweeping, and that will relink all the UTXOs back together again (unless you sweep each key individually).

So, your options are:

1. Import ChipMixer keys, then create transaction to send coins to other wallet (new keys)
or
2. Sweep ChipMixer keys directly into other wallet (new keys)
or
3. Do neither and leave the coins on the ChipMixer keys until you need to spend them

Neither importing nor sweeping is any more "private" than the other if you need to move the coins to another one of your wallets... they will both end up creating transactions that take coins from the ChipMixer addresses and send them to your addresses... and in both situations you need to take steps to prevent them all being relinked.

Leaving the coins on the ChipMixer keys until you wish to send them to someone else is probably better for privacy... but security wise is not great because ChipMixer have knowledge of the private keys and you have to trust them not to steal them (or leak the keys). So, in this case, it's a trade-off between privacy and security.


Which option is better for your particular use-case is only really something that you can determine.

[ranchoodas]

I need help regarding with my session.

It's best to email chipmixer@protonmail.com (it's a good precaution never to trust third parties (such as me), always verify the email address on the actual website).

for ex.  when i need it on an other wallet to gather funds,  then should i  sweep or to just send the keys to the other wallet 

just the option which gains more privacy preferentially in relation to funded coins which comes from chipmixer.

Each new wallet means an additional risk of compromising private keys. I would only import private keys when I'm ready to use them.

I'm pretty sure I was in the right website , I was just confused why the receiving bitcoin address changed while the session token was just the same. Now I don't have access to the address I used. Hopefully the admin can help me out.

[ChipMixer]

Attention:

At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.

ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

[ranchoodas]

Attention:

At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

I need help regarding with my session. I was using TOR then connected to chipmixer.com I saved my session token after that I closed the TOR browser and open it again , I pasted my session token and the btc address already changed. I need help recovering my old btc address as my funds are sent to that address. I've been using chipmixer for like 2 years already and it's my first time encountering this problem.

ChipMixer deposit address never change for active session. If it changed - you have accessed website without encryption and Tor exit node used their own address instead of ours.

If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/

So like even if you're typing chipmixer.com in TOR it's still considered unsecure?

[jackg]

So like even if you're typing chipmixer.com in TOR it's still considered unsecure?

Yes because they're using let's encrypt to generate the certificate so they don't have to kyc with anyone.

But it also means the attacker can do the same and just push connections through to them via a non ssl protocol (http).

[moejoejay]

So like even if you're typing chipmixer.com in TOR it's still considered unsecure?

dont use clearnet adresses in TOR generally  it undermines the privacy principle and may trace u easier in some cases.

best regards