2024 List Bitcoin Mixers Bitcoin Tumblers Websites

[JeromeTash]

It's me again. Have you heard anything about jambler platform? On the page [banned mixer]/mix-coins.php there is a list of 7 services, including mixer1.money, also two mixers that including on your list (mixsafer, mixtum). It turns out that if I can trust mixsafer and mixtum which also links to the jambler, then I can trust the mixer1.money? Or not?

The others have been used by other members, but for mixer1.money, you can't be sure. Why would you insist on a service whose reputation you are not sure about, yet we have other older mixing service whose good reputation we are sure of?

He already told you to avoid it if you are not 100% sure about it, but if you think you can trust it, then use it. It's your money that is at stake, so your choice 

[LeGaulois]

@LeGaulois
It's me again. Have you heard anything about jambler platform? On the page [banned mixer]/mix-coins.php there is a list of 7 services, including mixer1.money, also two mixers that including on your list (mixsafer, mixtum). It turns out that if I can trust mixsafer and mixtum which also links to the jambler, then I can trust the mixer1.money? Or not?

I know [banned mixer] but we rarely hear about it, unfortunately. It's a white label mixer with which people can create a Bitcoin mixer without having a huge knowledge. It's just a matter to customize the website. As you noticed, there are a few mixers using its solution.

I didn't know mixer1.money was using Jambler so I'm now starting to change my mind. Perhaps mixer1.money just wanted to grab the ORM done by [banned mixer]
I will test it during the week but I repeat: when you're not sure better to look for something else. There are several alternatives in the mixers niche, and you will always find one with the light turned ON

Since Taproot is activated, [banned mixer] supports it. (it was planned since the summer)

[LeGaulois]

9 scams were added to the list of mixers to avoid.

The domain names belong to the same person, and he does the same with other mixers

What the scammer does:

- He buys a few domain names similar to some legit mixers.
- He clones their design
- Then it becomes tricky to figure out how the URLs are ranking on the SERP
- He hacks some old websites (with authority), injects texts and backlinks, and spams the web
- He is actually using 13 domain names at the same time. Sometimes he redirects the domain name to another one. I believe when a domain is busted he redirects the URL to get the juice to the new domain. It was a trick to fool google with SEO years ago

Nothing sophisticated per se


All the domains owned by the same scammer:

bitcoin-chipmixer.com <= the domain name is ~2 weeks old (or maybe 1 month, sorry I already forgot)
chip-mixer.net <= redirects to the first
bestmixer.net
coino-mize.com
best-bitcoin-mixer.com
cryptomixer-io.com
coinmixer-es.net
blender-io.net
blenderbitmixer.com
smartmixer.net
bitcoin-laundry.net
my-crypto-mixer.com
bitcoinmixer-io.com
mixtum-io.com

[LeGaulois]

You're a fucking enculé de bastard.

1) So you posted your comment on October 5, 2019.
2) You came back to edit your post on July 9, 2021

What did you edit exactly?
You replaced the URLs and injected 2 backlinks to your website (bitcoin2.biz)

I checked the page review about Chipmixer, and what you're doing is redirecting people to a phishing website. You use the homograph attack method and you even go further to hide the phishing URL with a /go (I believe you use WordPress)
Your link redirects to https: //xn--chipmixr-z30d.com/



You do the same with BitMix: you cloned the website and uploaded it on a domain very similar

For newcomers to this topic, the real site is ChipMixer.com. You can get the official links right here

It can be very easy to be fooled. There are a lot of scams, much more than legitimate tumblers, (unfortunately).
Some don't bother to create a website with a different TLD (.net instead of .com) and replicate the design of a well-known mixer in order to mislead people.
Others go further using the IDN homograph attack.
To make it simple they use very similar characters. For example, using "l" lowercase L, and "I" uppercase "i". Or "ẹ" instead of "e".

examples below:

Code:

aladinwebsite .net
aiadinwebsite .net
bitcointumblerslist. com
bitcointumblẹrslist .com

[LoyceV]

1) So you posted your comment on October 5, 2019.
2) You came back to edit your post on July 9, 2021

What did you edit exactly?

Good find! His original post (I'm not even going to post a link to my archive) used a different phishing URL:

[mocacinno]

If i'm not mistaking, the issuer of the certificate on that new phising chipmixer clone does require personal information to obtain a certificate... There are only a handfull ca's that are available anonymously, and sectigo isn't one of them...

IF this scammer didn't use stolen credit card info to obtain the certificate, i guess somebody could try to actually go to the police and see if they're willing to follow the trace and catch this scammer?

[LeGaulois]

2 new domains were added to the scam list.
The worst thing is that I suspect these domains belong to a mixer currently online and even listed in my original post :/ I don't have any concrete proof (yet) but what I found is quite strange and the possibility of a coincidence, low enough. There is a 3rd domain name involved, so the person operates 3 scams (at least).

blenderio.com
chipmixer.best
cryptomixer.host

Happy new year everyone

[LeGaulois]

I'm removing [banned mixer] from the list. After reading this post I couldn't find something recent on a search engine. I suppose too, he abandoned the service but keep it alive. Whatever, I could add it again if they come back, but it may actually be better to take it off than to let it go and then to see someone getting screwed

Additionally, I'm adding a few domains to the list of services to avoid
btcmixer.in
bitcoin-laundry.org
bitmix.bz
mycryptomixer.in
chipmixer.in
coinmixer.it
anonymix.io
cryptomixer.si


Probably all are owned by the same person

Post #2 is becoming too big, wondering if it could be better to split it into another topic? It pollutes post #1 ranking in the SERP.

Edit:

I'd say go for it. But keep it in Service Discussion, not Scam Accusations.

Yes, that was the plan

Edit 2:
From now on I will continue here

personal note: link wheel map/foxmixer1st/bookmarks

[LoyceV]

Post #2 is becoming too big, wondering if it could be better to split it into another topic?

I'd say go for it. But keep it in Service Discussion, not Scam Accusations.

[brodevs]

I'm removing [banned mixer] from the list.

I also propose to remove from the list mixsafer.com, they also use the platform [banned mixer], their mail (support@[banned mixer]) does not work, the topic is inactive

[LeGaulois]

I'm removing [banned mixer] from the list.

I also propose to remove from the list mixsafer.com, they also use the platform [banned mixer], their mail (support@[banned mixer]) does not work, the topic is inactive

All mixers using [banned mixer] look inactive and abandoned. As for mixsafer.com, I noticed they deleted their Facebook page and their Reddit account and it was done not long ago because I was able to see the content via google web cache. But at the same time, they used Twitter last month. They display [banned mixer]'s email on their website to make things on autopilot for the support (i guess). Whatever but the service doesn't seem active for now

This weekend, I tried to email [banned mixer] but it wasn't delivered, look like they deleted their email

Time to remove mixsafer.com

edit:

Bitcoin mixers using [banned mixer] include:
- XXL Mixer
- Bitmixer.online
- Mixer1.money
- Mixtum
- Bitmixer.cash
- [banned mixer]
- Mixsafer.com

[mocacinno]

Eventough i think [banned mixer] has no place between mixers in the first place due to their MITM integration of cloudflare (nor do i think any other "mixer" using cloudflare's SSL certificates should be called a mixer, maybe a "semi-obfusicator" would be a better term) , it does seem like the owner has updated his thread for the first time in a very long time:
https://bitcointalk.org/index.php?topic=4667343.msg59095552#msg59095552

[LeGaulois]

While I agree with your view and have the same speech here and there, it's hard to say a mixer isn't a mixer due to its setup. It's like arguing your soup isn't a real soup because you haven't followed the highest standards. At best, we could argue about a blender not using the appropriate methods, but it's up to people to make their own opinion/searches about what's good and what's not

It is about lowering risk, hiding with SSL, the problem is it increases another one. It's not easy to judge the pros and cons to find the right ratio.

And about SSL, I wonder why CF is so prominent (even on the web in general) when there is a multitude of alternatives. CF is really a big fish

(I will edit the OP during the weekend)

[Mixsafer]

I'm removing [banned mixer] from the list.

I also propose to remove from the list mixsafer.com, they also use the platform [banned mixer], their mail (support@[banned mixer]) does not work, the topic is inactive

All mixers using [banned mixer] look inactive and abandoned. As for mixsafer.com, I noticed they deleted their Facebook page and their Reddit account and it was done not long ago because I was able to see the content via google web cache. But at the same time, they used Twitter last month. They display [banned mixer]'s email on their website to make things on autopilot for the support (i guess). Whatever but the service doesn't seem active for now

This weekend, I tried to email [banned mixer] but it wasn't delivered, look like they deleted their email

Time to remove mixsafer.com

edit:

Bitcoin mixers using [banned mixer] include:
- XXL Mixer
- Bitmixer.online
- Mixer1.money
- Mixtum
- Bitmixer.cash
- [banned mixer]
- Mixsafer.com

Sorry for the delay , i deleted facebook twitter , and reddit, but mixsafer website is fully operational, like [banned mixer] platform. If you wanna contact https://mixsafer.com o https://[banned mixer] team ,please , you can use telegram , we will re-open social networks, but for now, telegram is fine https://t.me/mixsafer, or jambler group https://t.me/jambler
Jambler platform is working fine

[mocacinno]

While I agree with your view and have the same speech here and there, it's hard to say a mixer isn't a mixer due to its setup. It's like arguing your soup isn't a real soup because you haven't followed the highest standards. At best, we could argue about a blender not using the appropriate methods, but it's up to people to make their own opinion/searches about what's good and what's not

It is about lowering risk, hiding with SSL, the problem is it increases another one. It's not easy to judge the pros and cons to find the right ratio.

And about SSL, I wonder why CF is so prominent (even on the web in general) when there is a multitude of alternatives. CF is really a big fish

(I will edit the OP during the weekend)

I know i'm preaching to the choir here, and i know this is your thread, but i still wanted to chip in to give some more background information since i think this is really, really important stuff...

I've actually dedicated a complete thread to this problem, i like to refer to it since it cost me a long time to write this stuff up: https://bitcointalk.org/index.php?topic=5247838.0

The problem with the soup analogy is the following.
When i eat soup, i have several "mayor" goals and a couple "minor" goals.

• I want nourishment: mayor goal
• I want a healthy snack: mayor goal
• I want something to quench my thirst: minor goal
• I want something warm: minor goal

If mixers using cloudflare had to fit into the soup metaphore, cloudflare mixers would be like calling hot water with salt "soup". When it comes to my goals:

• I want nourishment: mayor goal: FAILED
• I want a healthy snack: mayor goal; FAILED
• I want something to quench my thirst: minor goal: OK
• I want something warm: minor goal: OK

When it comes to mixing, i also have mayor and minor goals... When talking about cloudflare mixers, this is where i stand:

• I want complete anonymity against everybody (including law enforcement): mayor goal: FAILED
• I want "normal" (non hacker/non law enforcement) users not to be able to track me: minor goal: OK

The problem here is that, once a site uses cloudflare's SSL certificates, what happens is:
The mixing client creates a symmetric key between their device and CLOUDFLARE... The user THINKS he's safe because he/she sees a green padlock in the mixer's url, but he does not realise cloudflare WILL decrypt EVERY package they sent to (what they think is) the mixer. Cloudflare then looks at the requests, checks it's cache, and if the request cannot be fetched from the cache, they create a symmetric key between cloudflare and the mixer to request the missing content.

This means that, when a mixer uses cloudflare, cloudflare will know:

• The exact deposit address shown by the mixer
• The exact withdrawal address entered by the client
• The letter of guarantee (if the client downloads it)
• The client's ip
• The client's browser fingerprint
• The exact timestamp

Not only this, but cloudflare is a US company... In the US, data privacy seems to stop as soon as law enforcement comes into play... This basically means that, if you use a mixer using cloudflare, law enforcement *might* be able to obtain more data about you than if they'd had access to your wallets directly.

Now, once again: i'm not against cloudflare... Cloudflare protects even my own blog against DDos attacks, it speeds up my site due to their cache, it lets me enhance my site due to their addons, it handles my emails, it's a really easy dns record editor,.... Cloudflare is great, as long as your visitors don't have anything to hide from a US company (and US law enforcement).

It's great for non-political blogs, it's great for mom and pop shops... This being said: it's not OK to use cloudflare's cache (and their ssl certificates) for a mixer, a gunshop, a political blog, a porn site,...

[LeGaulois]

I know i'm preaching to the choir here, and i know this is your thread

Don't worry, I have no problem with that. It's all about debate and I like doing it

And to be honest, I don't have another argument to put on the table, but just something about

When it comes to mixing, i also have mayor and minor goals... When talking about cloudflare mixers, this is where i stand:
I want complete anonymity against everybody (including law enforcement): mayor goal: FAILED
I want "normal" (non hacker/non law enforcement) users not to be able to track me: minor goal: OK

Some people don't care about law enforcement that might be able to obtain data. For example, I pay a prostitute, I have no problem if a 3 letter agency knows it. what they could do with that? Asking me if the pussy was good.?

they go to the category

I want "normal" (non hacker/non law enforcement) users not to be able to track me: minor goal: OK

[LoyceV]

For example, I pay a prostitute, I have no problem if a 3 letter agency knows it. what they could do with that? Asking me if the pussy was good.?

Any data that gets recorded can get leaked. I'm not sure how secure 3 letter agencies are, but I am sure they can't leak what they don't know.

[Jay Johanson]

It's great for non-political blogs, it's great for mom and pop shops... This being said: it's not OK to use cloudflare's cache (and their ssl certificates) for a mixer, a gunshop, a political blog, a porn site,...

I understand part of your concern. And it would be interesting to hear your opinion. For example, the site may have a certificate issued by an outside organization, but it will still use cloudflare services, you will never know, but you will be sure of your safety.

And I’d like to point out one thing. Jambler, for example, is not a mixer, it’s a platform for the rapid deployment of mixers. The end-user who does not want to advertise the sending and receiving addresses and other data does not address to the site jambler, and not mediocre to our partners. Also, all default partners have a version of tor that helps raise the level of anonymity.

[LoyceV]

I understand part of your concern. And it would be interesting to hear your opinion. For example, the site may have a certificate issued by an outside organization, but it will still use cloudflare services, you will never know, but you will be sure of your safety.

That doesn't matter: the certificate handles the traffic between the user and Cloudflare, not between Cloudflare and the server. See this post (about Bitcointalk, but it applies to any site that uses Cloudflare):

What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything. If you use PGP for important communications and use a unique password, then IMO this addresses the plausible attacks well enough.

Or my own (layman) explanation: Cloudflare can only stop DDOS if they know what traffic is coming in. In order to stop only the attack and not all data, Cloudflare has to decrypt everything.

[mocacinno]

It's great for non-political blogs, it's great for mom and pop shops... This being said: it's not OK to use cloudflare's cache (and their ssl certificates) for a mixer, a gunshop, a political blog, a porn site,...

I understand part of your concern. And it would be interesting to hear your opinion. For example, the site may have a certificate issued by an outside organization, but it will still use cloudflare services, you will never know, but you will be sure of your safety.

And I’d like to point out one thing. Jambler, for example, is not a mixer, it’s a platform for the rapid deployment of mixers. The end-user who does not want to advertise the sending and receiving addresses and other data does not address to the site jambler, and not mediocre to our partners. Also, all default partners have a version of tor that helps raise the level of anonymity.

I see your point of view... And i do agree... You're in a grey area yourself, you're not really a mixer, so maybe you can get away with using cloudflare's SSL certificates... This being said: three letter agencies might still find it usefull to know who your partners are, so i wonder if it wouldn't be better to use an x3 certificate instead of cloudflare's. Offcourse, you'd lose DDos protection, your website responsiveness *might* drop (if you were using slow hosting, or a high latency dc), and you'd use a little bit more bandwith.

I actually pointed this out to you in august 2018!
https://bitcointalk.org/index.php?topic=4667343.msg44815063#msg44815063

Here's your reply:

why is your mixer using cloudflare's ssl? Do you realise cloudflare will be able to decrypt all data between your customers and yourself? I'd encourage you to buy your own SSL certificates and move away from cloudflare asap if you want to be taken seriously.

Even letsencrypt certificates would be a hell of a lot better than cloudflare's on such a privacy-centric service (don't get me wrong: cloudflare is great if you're not a service that would require absolute privacy... I've been using cloudflare on my sites for a long time, but then again: i don't even allow useraccounts to be created on my sites...)

Thank you for pointing this bug out. This is a very acute thing. We will definitely resolve the issue and will replace ssl certificates to eliminate this weak point of using cloudflare’s ssl.    

At this moment, your platform is enabling 7 mixing services (when looking at https:  //    [banned mixer] /mix -coins.  php). 6 have a clearnet presence, 3 of them use cloudflare, and one does not use ssl at all (what?). I know there are your customers, but maybe giving them a nudge in the right direction wouldn't be to bad? Only 3 out of 7 of your clients got it right... Some kind of guidance from you side would probably be a good thing for privacy as a whole.

@LeGaulois: you make a valid point aswell... For some people, "moderate" privacy against non-law enforcement might be enough... I know i have never actually needed protection against the law, i'd still like them to keep their nose out of my business tough
The main problem, which is the same for cloudflare SSL certificates and tor: not everybody is tech savvy, not everybody will do their homework... A lot of people will just use google to find a mixer, look at the green padlock, read the promo text and mix their coins, thinking they are now anonymous... A lot of people won't look at which certificate is issues by who, they won't look up nameservers or dns records, they won't inspect the code for embedded javascript,... They certainly won't download the tor proxy and start using the tor mirror... They are average people that want privacy, they trust the mixer in question, and in the end, they usually don't get the privacy they payed for... Granted, 99% of them don't *need* said privacy, they still payed for it, they  trusted the mixer, so they should get that privacy (wether they need it or not).

But that's just my opinion