LoyceV
Legendary
Online
Activity: 3374
Merit: 17019
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
December 02, 2020, 08:30:40 AM |
|
He was able to load the session ID on chipmixer just like I can so that invalidates the phishing/fake website possibility. I just tested with a made-up session ID ("aaaaaaaaaahbbbbbbbbbbddddddddddd"), and that works too. It gives a Deposit address. Based on this test, it makes sense any session ID from a phishing website would work too (and it can even give the owner of the phishing website access to your real session). Alternatively, any phishing site can get a real session ID from the real ChipMixer website and show that on their own phishing website.
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 02, 2020, 08:42:55 AM |
|
If they had the session ID, they could just withdraw the coins too though right? I don't know why they would go as far as to rip the data and spoof it and show it visually.
Either way went to .com, I have dozens of other session IDs moving a lot of coins for their support to see as I was moving a lot of coins for about an hour and a half two hours easily. I use their site and other mixers a lot and I'm extremely careful.
For me there would be no excuse. I'm not bummed so much about the amount (0.3 btc) as I am losing a great service I have been relying on.
Just in case they really do try to go the "you went to the wrong site" route, what other methods are great to clean crypto? Pls feel free to dm. Been thinking about checking out tornado and monero etc.
|
|
|
|
aesma
|
|
December 02, 2020, 10:13:07 AM |
|
I have a question related to this. I used the site for a couple of days to mix some coins, one session at a time, keeping vouchers, and destroying the session. Then I used it again. On the .com not the .onion (I will next time). What I experienced was that each new session, with timer starting back to the beginning etc., was still the same ID. Probably based on my IP address or my browser or both. Is that normal ?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 02, 2020, 02:56:12 PM |
|
I have a question related to this. I used the site for a couple of days to mix some coins, one session at a time, keeping vouchers, and destroying the session. Then I used it again. On the .com not the .onion (I will next time). What I experienced was that each new session, with timer starting back to the beginning etc., was still the same ID. Probably based on my IP address or my browser or both. Is that normal ?
I just tried it and I think it did the same for me so I guess it is. Might just be a saved cookie or something because it didn't do it on incognito.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2898
Merit: 7199
Top Crypto Casino
|
|
December 02, 2020, 04:25:05 PM |
|
What I experienced was that each new session, with timer starting back to the beginning etc., was still the same ID. Probably based on my IP address or my browser or both. Is that normal ?
Yes. Session token is stored with browser cookie. As long as you have this cookie - you will keep same token. Cookies can be set to never expire (privacy nightmare), expire after selected time or expire after you close your browser (best privacy). ChipMixer cookies are set to expire when you close your browser.
When you destroy session data at step 4 - server-side data is destroyed but browser-data (cookies) persist. We can change this to work as expected.
|
|
|
|
notblox1
Legendary
Offline
Activity: 2128
Merit: 1286
Logo Designer ⛨ BSFL Division1
|
|
December 02, 2020, 05:10:02 PM |
|
Is there any option to test how Chipmixer is working with tbtc testnet bitcoin? I know some some people who are willing to use it but they first want to test it before using mainnet Bitcoin. If owners or someone else knows about this this please reply here or send me private message if you want. Thanks.
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 02, 2020, 05:12:57 PM |
|
still no reply from them.....
will update as soon as I hear from them.
|
|
|
|
aesma
|
|
December 02, 2020, 09:37:31 PM |
|
@TryNinja
Thanks. I never close my browser (it currently takes 22GB of RAM :p) so it makes sense, next time I'll use a dedicated browser. Well that's a given since I will use Tor. Since the data is destroyed on the server then using a new session with the same ID doesn't provide any "safety" regarding eventual problems, anyway.
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 02, 2020, 10:50:13 PM |
|
@TryNinja
Thanks. I never close my browser (it currently takes 22GB of RAM :p) so it makes sense, next time I'll use a dedicated browser. Well that's a given since I will use Tor. Since the data is destroyed on the server then using a new session with the same ID doesn't provide any "safety" regarding eventual problems, anyway.
yea I've had same issue and didn't notice and sent coins again to same deposit address and they fixed it for me. I'm still waiting on this "different deposit address" issue/bug still though. Missing 0.3 bitcoin. Did determine the wallet I was originally given also belongs to them so hopefully its a quick fix.
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 03, 2020, 02:17:12 AM |
|
WELP they replied with the typical "that's not our address" BS. I push through so much bitcoin and I've been using their service dozens of times a day everyday so it sucks I have to find a different service to use now. I'm 100% sure I didn't go to a scam URL or copy and paste the wrong thing. I always goto the .com site. Here is the address the site originally instructed me to deposit to: https://www.blockchain.com/btc/address/1Gj9CbEuoxKnnhsw3xhUNo3v7jnzmQ8WMSWhoever it is, hasn't moved or used any of the coins sitting there. Now that I can't trust chipmixer anymore, what software/app implementations are best to clean bitcoin? I know it's hard to prove outside of a video recorded session, but I'm a VERY big user of mixing sites and so I'm very good with opsec and how I have my environment setup so me personally, I'm convinced I can't trust chipmixer anymore and won't be using them. Damn such a bummer.
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2898
Merit: 7199
Top Crypto Casino
|
|
December 03, 2020, 02:37:36 AM |
|
Don't you find weird that this address has already been used 6 times since October? I don't think you can be "100% sure" that this wasn't a mistake on your end.
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 03, 2020, 02:50:59 AM |
|
Don't you find weird that this address has already been used 6 times since October? I don't think you can be "100% sure" that this wasn't a mistake on your end. I think its actually quite convenient. If I was chipmixer and I was going to selectively scam people, this is exactly what I would do so people like you would say that. It's all about creating a scenario in which it looks "unrealistic" to get away with it. On the contrary, if someone went through all the trouble to try and trick me (whether getting a typo domain or whatever) why would it go to a place that isn't spent? I would just keep these unspent until my full complete exit scam. I move coins for hours at a time daily. I opened browser, went to chipmixer.com. No typos. I can produce session IDs for 0.3 bitcoin increments for up to 2 hours before this funky one. I probably put 2 bitcoin total that day before I had this issue. Just kept going one after another, just fine. That might've been the problem too, they noticed me doing same amount over and over and decided to keep one. I'm telling you, I'm the last person to make a mistake like going to a wrong site or having copying and paste hijacked or whatever else there could be. It's okay, I'm convinced I can't trust this site, I've already moved on. You guys be careful too.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3276
Merit: 4113
|
|
December 03, 2020, 03:07:02 AM |
|
I hope that's not what they say because it would be typical excuse. I might start video capturing each session now and my trust in them would be lost.
Might be worth noting, depending on what you're using a mixing service for; I'd assume for privacy, video capturing the process could well put that as risk, if there's digital evidence of you using the mixing service if that's something you''re concerned about. I'm telling you, I'm the last person to make a mistake like going to a wrong site or having copying and paste hijacked or whatever else there could be.
It's okay, I'm convinced I can't trust this site, I've already moved on. You guys be careful too.
I also consider myself pretty adept at security, and I'm probably a lot more cautious in some regards to other people. However, I also have made silly mistakes in the past with security, and I've also got somethings right now that need to be fixed from a security point of view. I don't think anyone is perfect. A lot of people like to mitigate going to a wrong address by using bookmarks, that might be something to consider as even when reading out what you've typed, your eyes can play tricks on you just as much as your hand coordination while typing it can. Although, I personally don't like the bookmark method, since that definitely isn't foolproof, and introduces a complacency aspect that I'm not comfortable with. There's been many customers over the years of Chipmixer, both larger, and smaller deposits. I personally believe there would be more incidents like yours if they were the culprit. It is very likely, that you made a mistake, as opposed to their system messing up which has been trialed by thousands of people over a course of a few years.
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 03, 2020, 03:15:12 AM |
|
I hope that's not what they say because it would be typical excuse. I might start video capturing each session now and my trust in them would be lost.
Might be worth noting, depending on what you're using a mixing service for; I'd assume for privacy, video capturing the process could well put that as risk, if there's digital evidence of you using the mixing service if that's something you''re concerned about. I'm telling you, I'm the last person to make a mistake like going to a wrong site or having copying and paste hijacked or whatever else there could be.
It's okay, I'm convinced I can't trust this site, I've already moved on. You guys be careful too.
I also consider myself pretty adept at security, and I'm probably a lot more cautious in some regards to other people. However, I also have made silly mistakes in the past with security, and I've also got somethings right now that need to be fixed from a security point of view. I don't think anyone is perfect. A lot of people like to mitigate going to a wrong address by using bookmarks, that might be something to consider as even when reading out what you've typed, your eyes can play tricks on you just as much as your hand coordination while typing it can. Although, I personally don't like the bookmark method, since that definitely isn't foolproof, and introduces a complacency aspect that I'm not comfortable with. There's been many customers over the years of Chipmixer, both larger, and smaller deposits. I personally believe there would be more incidents like yours if they were the culprit. It is very likely, that you made a mistake, as opposed to their system messing up which has been trialed by thousands of people over a course of a few years. no bookmarks and even that would be arguing for my point as I had like 12, 13 sessions in a row for close to 2 hours just fine right before this issue. the ONLY way would've been for me to mistype the domain and for me to not realize it, even though I make a conscious effort to look at the URL every single time. I have a good protocol that I go through when mixing. and that's the thing, there was another guy that mentioned this exact issue earlier, deposit address got swapped literally 2 pages before me. in fact I've looked through about 40 of these pages and there are a handful of people that mention the exact same thing and they all gave up / disappeared with no official feedback. for example if you look at the last guy like 2 pages back, he mentions he had the same issue on chipmixer site and also another bitmixer.eu site too. they clear up that the bitmixer.eu issue was indeed a scam site but the original issue of his coins going missing on the chipmixer site never gets addressed, its like oddly brushed away. like I said, I would be skeptical if I was you guys too but my sole purpose of this post is to share what my experience was. after all, it all starts with the first warning post right? and even if this scares chipmixer into doing it with less frequency or not do it all together, its worth that alone so.
|
|
|
|
LoyceV
Legendary
Online
Activity: 3374
Merit: 17019
Thick-Skinned Gang Leader and Golden Feather 2021
|
|
December 03, 2020, 01:09:58 PM Last edit: December 03, 2020, 03:39:44 PM by LoyceV |
|
Don't you find weird that this address has already been used 6 times since October? I don't think you can be "100% sure" that this wasn't a mistake on your end. I think its actually quite convenient. If I was chipmixer and I was going to selectively scam people, this is exactly what I would do so people like you would say that. It's all about creating a scenario in which it looks "unrealistic" to get away with it. From what I've seen, it's much more likely you just somehow used the wrong website. There are several phishing sites out there. I had like 12, 13 sessions in a row for close to 2 hours just fine right before this issue. the ONLY way would've been for me to mistype the domain and for me to not realize it, even though I make a conscious effort to look at the URL every single time. Making a small typo once every few hours doesn't sound too far fetched Can you check your browser history, or do you instantly delete everything?
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 03, 2020, 04:04:36 PM |
|
Don't you find weird that this address has already been used 6 times since October? I don't think you can be "100% sure" that this wasn't a mistake on your end. I think its actually quite convenient. If I was chipmixer and I was going to selectively scam people, this is exactly what I would do so people like you would say that. It's all about creating a scenario in which it looks "unrealistic" to get away with it. From what I've seen, it's much more likely you just somehow used the wrong website. There are several phishing sites out there. I had like 12, 13 sessions in a row for close to 2 hours just fine right before this issue. the ONLY way would've been for me to mistype the domain and for me to not realize it, even though I make a conscious effort to look at the URL every single time. Making a small typo once every few hours doesn't sound too far fetched Can you check your browser history, or do you instantly delete everything? How do you think I went to the wrong website? I'm using safari and typing in chipmixer.com. I was using the site for about 2 hours and had over a dozen sessions or so before I ran into this issue. I always glance at the URL bar to make sure the https is showing, I'm telling you guys, there was no typo. I know you guys really really want me to have made a typo or gone to a phishing website but 100% sure that did not happen. If anyone wants to PM me, I can show you and give you session IDs for all the sessions I had just fine with it before. I mix coins for several hours daily everyday and have been for years. If anyone can message me and help me with cleaning/mixing coins now that I won't be using chipmixer, that would be great.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1722
|
|
December 03, 2020, 07:21:46 PM |
|
no bookmarks and even that would be arguing for my point as I had like 12, 13 sessions in a row for close to 2 hours just fine right before this issue. the ONLY way would've been for me to mistype the domain and for me to not realize it, even though I make a conscious effort to look at the URL every single time. I have a good protocol that I go through when mixing.
and that's the thing, there was another guy that mentioned this exact issue earlier, deposit address got swapped literally 2 pages before me. in fact I've looked through about 40 of these pages and there are a handful of people that mention the exact same thing and they all gave up / disappeared with no official feedback. for example if you look at the last guy like 2 pages back, he mentions he had the same issue on chipmixer site and also another bitmixer.eu site too. they clear up that the bitmixer.eu issue was indeed a scam site but the original issue of his coins going missing on the chipmixer site never gets addressed, its like oddly brushed away. Are you sure you didn't type in "chipmixer" but with a different TLD at the end? As for the other person, if he fell for one scam, it's possible he fell for another one (phishing, malware), too. like I said, I would be skeptical if I was you guys too but my sole purpose of this post is to share what my experience was. after all, it all starts with the first warning post right? and even if this scares chipmixer into doing it with less frequency or not do it all together, its worth that alone so.
Sure.
|
Signature space available for rent.
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 03, 2020, 08:39:55 PM |
|
no bookmarks and even that would be arguing for my point as I had like 12, 13 sessions in a row for close to 2 hours just fine right before this issue. the ONLY way would've been for me to mistype the domain and for me to not realize it, even though I make a conscious effort to look at the URL every single time. I have a good protocol that I go through when mixing.
and that's the thing, there was another guy that mentioned this exact issue earlier, deposit address got swapped literally 2 pages before me. in fact I've looked through about 40 of these pages and there are a handful of people that mention the exact same thing and they all gave up / disappeared with no official feedback. for example if you look at the last guy like 2 pages back, he mentions he had the same issue on chipmixer site and also another bitmixer.eu site too. they clear up that the bitmixer.eu issue was indeed a scam site but the original issue of his coins going missing on the chipmixer site never gets addressed, its like oddly brushed away. Are you sure you didn't type in "chipmixer" but with a different TLD at the end? As for the other person, if he fell for one scam, it's possible he fell for another one (phishing, malware), too. like I said, I would be skeptical if I was you guys too but my sole purpose of this post is to share what my experience was. after all, it all starts with the first warning post right? and even if this scares chipmixer into doing it with less frequency or not do it all together, its worth that alone so.
Sure. I always type in the dot com
|
|
|
|
ChipMixer (OP)
|
|
December 03, 2020, 11:05:08 PM |
|
Don't you find weird that this address has already been used 6 times since October? I don't think you can be "100% sure" that this wasn't a mistake on your end. I think its actually quite convenient. If I was chipmixer and I was going to selectively scam people, this is exactly what I would do so people like you would say that. It's all about creating a scenario in which it looks "unrealistic" to get away with it. On the contrary, if someone went through all the trouble to try and trick me (whether getting a typo domain or whatever) why would it go to a place that isn't spent? I would just keep these unspent until my full complete exit scam. Unrealistic theory fits when you are sure who is guilty and you want proofs to confirm it. Your theory is - since October ChipMixer selectively scam users by serving special address before they decide how much they want to deposit. 5 out of 7 transactions to this address are under 3 mBTC. 1 transaction is even lower than 1 mBTC. All that while paying around 10 BTC (since October) for signature campaign at BCT. More realistic theory is that you are using Tor while accessing .com: Attention:At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/ This message was posted in July. More about Tor exit nodes: https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
|
|
|
|
smartmixerhelper
Newbie
Offline
Activity: 28
Merit: 1
|
|
December 04, 2020, 12:15:49 AM Last edit: December 04, 2020, 12:29:19 AM by smartmixerhelper |
|
Don't you find weird that this address has already been used 6 times since October? I don't think you can be "100% sure" that this wasn't a mistake on your end. I think its actually quite convenient. If I was chipmixer and I was going to selectively scam people, this is exactly what I would do so people like you would say that. It's all about creating a scenario in which it looks "unrealistic" to get away with it. On the contrary, if someone went through all the trouble to try and trick me (whether getting a typo domain or whatever) why would it go to a place that isn't spent? I would just keep these unspent until my full complete exit scam. Unrealistic theory fits when you are sure who is guilty and you want proofs to confirm it. Your theory is - since October ChipMixer selectively scam users by serving special address before they decide how much they want to deposit. 5 out of 7 transactions to this address are under 3 mBTC. 1 transaction is even lower than 1 mBTC. All that while paying around 10 BTC (since October) for signature campaign at BCT. More realistic theory is that you are using Tor while accessing .com: Attention:At least one Tor exit node serves chipmixer.com as plain-text stripping SSL encryption and replacing deposit address with their own. If you use Tor - please use Tor link: http://chipmixerwzxtzbw.onion/ This message was posted in July. More about Tor exit nodes: https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cacalready noticed that a long time ago....like I said, I use VPN (PrivateInternetAccess) and safari and go to chipmixer.com no TOR. it's just weird that the scammers would go through all that trouble and have me send to a wallet they can't even use since there are coins sitting there since last year. I'm trying to get you guys to understand, I mix coins for a lot of hours a day, it's kind of my job lol. any logic can be twisted to fit the narrative. I could easily say chipmixer is free and doesn't make money and on top of that they have spent 10 BTC since October advertising so selectively scamming or blaming that the user went to the wrong URL would be a great way to generate revenue. It is what it is, like I said, didn't go to a phishing site or go to URL no matter how badly you guys wanted me to have. I'm never using chipmixer again but you guys are all free to. its all good though, it was great service while it lasted for me anyway. now need to figure out how to clean these bitcoins daily, please pm if you guys have any good procedures.
|
|
|
|
|