Mercury Wallet -> Mercury Layer - Privacy for Bitcoin

[dkbit98]

Few days ago member raw_avocado made a post and youtube video with various solutions we can use for improving Bitcoin privacy and one of them was new wallet called Mercury.

I got interested about it and I started reading Mercury documentation to better understand how exactly it works, and I tested it for the first time with testnet Bitcoin that is only available option now.

It is using something called CoinSwaps on layer-2 statechain that enables safe transfers of private keys without any on-chain transactions or paying miner fees, but I think there is 0.4% fee for deposits and withdrawals.

Wallet is first asking you to create 12 mnemonic words, name your wallet and add passphrase with minimum 8 characters, then you can select Statecoin value and deposit coins to generated address.



There is currently eight State coin values but liquidity is high for 0.0001 BTC so I choose that option for my testing and everything went just fine.

I am currently Awaiting Swap and Privacy Score to increase for my Statecoin, so I am calling other experienced members to join testing and report any bugs on their github page.



Website:
https://mercurywallet.com/

Github page:
https://github.com/layer2tech/mercury-wallet

Documentation:
https://docs.mercurywallet.com/docs/


*This is unofficial thread, and I am not associated with Mercury wallet team in any way.

[1713554814]

1713554814

[1713554814]

1713554814

[1713554814]

1713554814

[1713554814]

1713554814

[1713554814]

1713554814

[dkbit98]

Mercury Wallet moved from testnet phase and it's now officially in Beta mode working with mainnet Bitcoin.
Latest released version is 0.4.39, they made a lot of improvements, added dark theme, and I think this will soon be very good alternative for CoinJoin and Wasabi wallet, and one more tool for making private Bitcoin transactions.
Most liquidity now is for 0.001 BTC but I expect it to grow for other values in future.

If you didn't test it yet, give it a try, and before that watch video instruction to see how Mercury Wallet works:
https://www.youtube.com/watch?v=9DSvNzTBePY

[Quickseller]

I read the documentation, and it appears there might be some missing information.

The second paragraph in the "overview" section starts talking about the "SE" but this term is never defined. It is unclear what this is.

At the end of the first paragraph of the "statechains" section, it says that any collusion between the "SE" and an old owner of a UTXO that results in theft of a UTXO can be trivially proven. This does not explain any consequences of this collusion. If someone were to buy up all the 0.0001 BTC UTXOs one at a time, and sell each UTXO before buying the next one, if they are colluding with the "SE" what would prevent them from being able to have a tx confirmed to an arbitrary address? I don't see anything in the documentation that would.

The "fraud proof" paragraph again says that it can be trivially proven if the "SE" is corrupt, and alludes that the ability to prove a "SE" is corrupt is an incentive to be "honest". Again, the documentation does not explain the actual consequences for the "SE" for being corrupt. The LN protocol for example, has concrete consequences for publishing an old channel state to close the channel -- the other party is able to recover the entire channel balance of both parties. There does not appear to be any financial consequences for a corrupt "SE" that I can see.

I am curious if you are in any way associated with this project.

[suchmoon]

The second paragraph in the "overview" section starts talking about the "SE" but this term is never defined. It is unclear what this is.

https://mercurywallet.com/#faq

A statecoin is a specific amount of Bitcoin that has been deposited to an address where the corresponding private key is split between the depositor and the Mercury server (or 'statechain entity') and the depositor holds a time-locked 'backup transaction' that allows them to claim full control of the coin after a specified locktime. The full private key of the statecoin is never known by any party, and both the owner and the statechain entity must cooperate to sign a transaction.

[Quickseller]

The second paragraph in the "overview" section starts talking about the "SE" but this term is never defined. It is unclear what this is.

https://mercurywallet.com/#faq

A statecoin is a specific amount of Bitcoin that has been deposited to an address where the corresponding private key is split between the depositor and the Mercury server (or 'statechain entity') and the depositor holds a time-locked 'backup transaction' that allows them to claim full control of the coin after a specified locktime. The full private key of the statecoin is never known by any party, and both the owner and the statechain entity must cooperate to sign a transaction.

Thanks. The documentation at https://docs.mercurywallet.com/docs/ should be updated with their clarification.

I think the other issues are probably more important to be addressed before anyone should consider trusting their money with this type of service.

[dkbit98]

I am curious if you are in any way associated with this project.

No I am not associated with them in away way, but I am following the project for a while, I was testing to see how it works in testnet, and I did notice some bugs in previous releases.
I didn't see many crypto projects that always have updated documentation, and Mercury was still in testing phase until recently so you can't expect miracles from them.
You could always ask them for feedback or write an issue on their github.

I think the other issues are probably more important to be addressed before anyone should consider trusting their money with this type of service.

I don't have to trust them, but they are just one of the layer two solutions for Bitcoin, and I could also say that I don't fully trust Lightning Network or Liquid.
Idea in Mercury is that you have full custody of your coins at all times, and you could always withdraw coins to regular Bitcoin wallet.

Interesting article about Mercury statechains in Bitcoin Magazine:
https://bitcoinmagazine.com/technical/a-new-privacy-tool-for-bitcoin

[Quickseller]

I think the other issues are probably more important to be addressed before anyone should consider trusting their money with this type of service.

I don't have to trust them, but they are just one of the layer two solutions for Bitcoin, and I could also say that I don't fully trust Lightning Network or Liquid.
Idea in Mercury is that you have full custody of your coins at all times, and you could always withdraw coins to regular Bitcoin wallet.

Lightning Network protocol has measures in place that specifically prevent the theft of bitcoin by your channel partners. As far as I can tell, there are no similar measures in place with Mercury protocol.

I don't think it is accurate to say that you have full custody of your coins at all times, or at least this would not be true if you were to say "sole custody". This is according to my understanding of how Mercury works.

Every centralized service that holds custody of your bitcoin says that you can withdraw at any time. So did most ponzis before they imploded.

I don't think it is safe to entrust your money with Mercury until the issue of an malicious SE stealing your money is addressed.

[dkbit98]

I don't think it is safe to entrust your money with Mercury until the issue of an malicious SE stealing your money is addressed.

I never asked anyone to send bitcoin to any service, there was testnet and you could test how it works, not just speak in theory after few minutes of reading docs.
You can do as you like, but I also don't trust anything you say and I have your reputation to back me up on that  

Every centralized service that holds custody of your bitcoin says that you can withdraw at any time. So did most ponzis before they imploded.

I also think that Catena XXX and other defi stuff that you are advertising is also centralized junk that only have decentralized label.
Hope you also checked their ''documentation'' as well... sounds almost like a very visionary scam thing to me.

[Quickseller]

I don't think it is safe to entrust your money with Mercury until the issue of an malicious SE stealing your money is addressed.

I never asked anyone to send bitcoin to any service, there was testnet and you could test how it works, not just speak in theory after few minutes of reading docs.
You can do as you like, but I also don't trust anything you say and I have your reputation to back me up on that 

These kinds of attacks against someone asking basic questions should set off red flags to anyone considering to use this wallet.

I also think it is strange that you are promoting something originally posted by a one-post newbie

Every centralized service that holds custody of your bitcoin says that you can withdraw at any time. So did most ponzis before they imploded.

I also think that Catena XXX and other defi stuff that you are advertising is also centralized junk that only have decentralized label.
Hope you also checked their ''documentation'' as well... sounds almost like a very visionary scam thing to me.

DeFi obviously has risks, and these risks are very well known. I don't think anyone is trying to hide these risks, or lying about these risks not actually existing.

[dkbit98]

These kinds of attacks against someone asking basic questions should set off red flags to anyone considering to use this wallet.

I am not fucking representative for Mercury so I don't have to answer anything to you, and those imaginary ''attacks'' against you are just facts that nobody in this forum trusts you anymore.
Deal with it defi boy.

I also think it is strange that you are promoting something originally posted by a one-post newbie

That newbie raw_avocado is a real person, bitcoin og and you can easily find him on youtube and other social media.
He obviously cares about privacy for Bitcoin, not about some shitcoins or scamming people.

[o_e_l_e_o]

As far as I can tell, there are no similar measures in place with Mercury protocol.

That seems to be the case. The fraud can be trivially proven, which would obviously result in the wallet being labelled a scam and the developers being investigated, but there is no on-chain punishment (at least, not at the moment). So from that point of view it works the same as any centralized exchange or service, any mixer, or any non-open source wallet or piece of software - reputation. Not ideal, but I'd still be willing to trust them with small amounts of coins at a time to use their service in due course, once they've proven themselves.

[DaveF]

As far as I can tell, there are no similar measures in place with Mercury protocol.

That seems to be the case. The fraud can be trivially proven, which would obviously result in the wallet being labelled a scam and the developers being investigated, but there is no on-chain punishment (at least, not at the moment). So from that point of view it works the same as any centralized exchange or service, any mixer, or any non-open source wallet or piece of software - reputation. Not ideal, but I'd still be willing to trust them with small amounts of coins at a time to use their service in due course, once they've proven themselves.

If they fix the lack of security measures then possibly, it might be good. But as of now this really looks like an answer in search of a question.
Or an answer to a question that has already been answered.
The coding I saw on gitgub, was not great. But, I really can't say I am any better since a lot of times when I do stuff the first few dozen commits are so bad when I go back and look later I wonder if I was slipped some LSD in my morning coffee when I started the project.

I use a services like Whirlpool / Wasabi / JoinMarket. But, that's just me since I run my own nodes / servers for them.

That newbie raw_avocado is a real person, bitcoin og and you can easily find him on youtube and other social media.
He obviously cares about privacy for Bitcoin, not about some shitcoins or scamming people.

Some of the things he said in the video were not 100% accurate. I had it on late last night while doing some other things, will watch it again, before commenting more.
As for OG? Only 1 post here, the youtube channel that the video he posted here is only 10 months old mostly filled with meh videos IMO and his twitter account although 5 years old is filled with a lot of crap, yet again  IMO

At 1st glance looks like someone who wants to be an 'influencer' will go dig deeper later.

-Dave

[dkbit98]

So from that point of view it works the same as any centralized exchange or service, any mixer, or any non-open source wallet or piece of software - reputation. Not ideal, but I'd still be willing to trust them with small amounts of coins at a time to use their service in due course, once they've proven themselves.

As I understand Mercury wallet is something between centralized mixer service and coinjoins, you can always restore your coins from seed words even if Mercury server is down, and nobody can seize them if something goes wrong.
Private key is split shared so nobody knows full private key including Mercury server, but I would still be careful with Mercury while it is in beta phase.
One issue I noticed is that sometimes wallet does not sync or connects to server and i watched a longer video from last month that showed some other issues are possible:
https://www.youtube.com/watch?v=pL3gQ3C-qPg

As for OG? Only 1 post here, the youtube channel that the video he posted here is only 10 months old mostly filled with meh videos IMO and his twitter account although 5 years old is filled with a lot of crap, yet again

So now we are measuring and judging people by number of posts in this forum and trash talking the newbie are we?  
Yeah one post from that account, and who knows if he has other accounts like many of people have in this forum.
I think he first heard about Bitcoin on 4chan forum and you would see him in most Bitcoin conferences and meetings, he is not hiding his face anymore behind computer like most people.
Not defending him at all, but guy is obviously interested in privacy, and that is not meh subject for me Dave, maybe it is for you idk.
Anyway if you guys want to continue talking about Alex aka raw_avocado you can open new topic about him and go full force.

[Quickseller]

As far as I can tell, there are no similar measures in place with Mercury protocol.

That seems to be the case. The fraud can be trivially proven, which would obviously result in the wallet being labelled a scam and the developers being investigated, but there is no on-chain punishment (at least, not at the moment). So from that point of view it works the same as any centralized exchange or service, any mixer, or any non-open source wallet or piece of software - reputation. Not ideal, but I'd still be willing to trust them with small amounts of coins at a time to use their service in due course, once they've proven themselves.

Not quite.

From my understanding, it is trivial to create an arbitrary number of Mercury servers, any of which could be acting evil. So Alice could create 10 Mercury servers, initially all of them honestly, then one steals all of the bitcoin it is holding, so users stop using it, but Bob has no way to know that Alice is running 9 other servers, and there does not appear to be any way to decline to use any particular Mercury server, so even if it was known that a Mercury server was dishonest, there does not appear to be any mechanism for Bob to prevent his wallet from using Alice's known dishonest server.

With CM for example, if they were to scam their customers, this would quickly become well known, and people could simply not use their services. Granted those behind CM could create a new service after they scammed under their CM name, however they would need to build up a reputation before being able to attract a lot of business.

It is no secret that CM is a centralized service, and that there is the risk that CM will scam their customers. CM does not try to hide this. With Mercury Wallet on the other hand, their documentation is misleading in that it is saying that funds in their wallet are not at risk of loss. There is also the concern that dkbit98 is shilling for this wallet while falsely saying he is not.

[o_e_l_e_o]

From my understanding, it is trivial to create an arbitrary number of Mercury servers, any of which could be acting evil.

If that's the case, then I have misunderstood their operating model. I was under the impression that everyone would be using the same centralized server being operated and maintained by the Mercury team themselves, just as you do when you use a centralized exchange or a mixer. Therefore if there was a provable scam accusation against them, then the entire project would be moot, and it is relatively easy for them to build up a good reputation over time.

If, as you say, anyone can host one or more servers and act as a statechain entity, then I agree, the security model is poor at best. With no way of punishing someone other than reporting that server to be a scam, at which time the user in question can just spin up a new server, then I would not be depositing any coins to this wallet.

dkbit - do you know the answer to this?

[suchmoon]

I was under the impression that everyone would be using the same centralized server being operated and maintained by the Mercury team themselves, just as you do when you use a centralized exchange or a mixer.

That's my understanding too. It seems to be open source so you can technically download Alice's version and use Alice's server, or maybe even configure the "original" wallet to connect to a different SE, but that's no different from using scammychipmixerclone.com.

https://github.com/layer2tech/mercury-wallet

[Quickseller]

From my understanding, it is trivial to create an arbitrary number of Mercury servers, any of which could be acting evil.

If that's the case, then I have misunderstood their operating model. I was under the impression that everyone would be using the same centralized server being operated and maintained by the Mercury team themselves, just as you do when you use a centralized exchange or a mixer. Therefore if there was a provable scam accusation against them, then the entire project would be moot, and it is relatively easy for them to build up a good reputation over time.

If, as you say, anyone can host one or more servers and act as a statechain entity, then I agree, the security model is poor at best. With no way of punishing someone other than reporting that server to be a scam, at which time the user in question can just spin up a new server, then I would not be depositing any coins to this wallet.

dkbit - do you know the answer to this?

If this is a centralized service using a protocol they designed, it would resolve most of my concerns. Although one concern that would remain would be the fact that I was attacked by a shill when I tried to ask questions.

If I was incorrect, I would ask how they are different than CM? AFAICT, they are basically the same as CM, except for the amount of time that bitcoin can be held at the mixer. Obviously CM can handle larger amounts due to their reputation.

[o_e_l_e_o]

If I was incorrect, I would ask how they are different than CM?

Swapping your coins with another user does not result in an on-chain transaction, so technically it would be invisible to blockchain analysis, provided the withdrawal transactions don't leave any unique fingerprints such as by using unusual nlocktimes or similar (I've not examined the code closely enough to know if this is the case). This could be a good or a bad thing, depending on your specific use case. If you need to hide the fact you are using ChipMixer or a coinjoin, then this wallet could do that. However, this also means that unlike ChipMixer or a coinjoin, the coins you receive are not unlinked from their history. From a blockchain analysis point of view, any coins you receive from this wallet will still have their full history attached, and will simply have gone through a single intermediary address before arriving at your wallet or the final destination you are sending the coins to.

[suchmoon]

If this is a centralized service using a protocol they designed, it would resolve most of my concerns. Although one concern that would remain would be the fact that I was attacked by a shill when I tried to ask questions.

You made up the nonsense about the wallet connecting to random fraudulent nodes, and the shill accusation. Don't expect everyone to just roll over and not talk back when you do shit like that.

~

A (potential) advantage would be the ability to withdraw your funds using the backup locktime TX even if the centralized service goes down, is seized by the FBI etc.

Also lower transaction costs and liquidity provided by third parties, but that benefits the service more than the users.

[Quickseller]

If I was incorrect, I would ask how they are different than CM?

Swapping your coins with another user does not result in an on-chain transaction, so technically it would be invisible to blockchain analysis, provided the withdrawal transactions don't leave any unique fingerprints such as by using unusual nlocktimes or similar (I've not examined the code closely enough to know if this is the case). This could be a good or a bad thing, depending on your specific use case. If you need to hide the fact you are using ChipMixer or a coinjoin, then this wallet could do that. However, this also means that unlike ChipMixer or a coinjoin, the coins you receive are not unlinked from their history. From a blockchain analysis point of view, any coins you receive from this wallet will still have their full history attached, and will simply have gone through a single intermediary address before arriving at your wallet or the final destination you are sending the coins to.

From my perspective, this is doing the same thing that CM does.

The process flow with CM is as follows from my perspective as a customer/user:
Bob deposits bitcoin to CM
CM splits Bob's deposit into various "chips" in amounts that are similarly available via Mercury
QS deposits bitcoin to CM
QS deposit is electronically credited to CM's database, rounded down to an amount that can be split up into various "chip" sizes
QS withdraws "chips" from CM session by obtaining various private keys of "chips" and spends the bitcoin to addresses whose private keys I generated

The process flow with Mercury is as follows from my perspective as a customer/user:
Alice deposits bitcoin to a Mercury "SE" in an amount that is the same as a "chip" used by CM
QS deposits bitcoin to a Mercury "SE" in an amount that is the same as a "chip" used by CM
Alice and QS swap "statecoins" via the Mercury wallet
QS "withdraw" from my Mercury wallet by spending the statecoin

The only difference between CM and Mercury is that CM allows the flexibility of allowing multiple "chips" to be purchased in one transaction. Mercury statecoins must be spent within a certain number of blocks because the nLockTime of the transaction given to the user in the event the SE becomes uncooperative expiring means that the statecoin is at risk of theft by prior owners. There will be two distinct fingerprints of Mercury transactions, 1) outputs of the funding transactions are in exact amounts available on the Mercury platform, and 2) that UTXOs are always spent within however many blocks Mercury requires users to spend the UTXO by.

There is another issue with Mercury that will potentially result in the loss of money:
Each time a statecoin is transferred, the backup transaction used in the event the SE becomes uncooperative has the nLockTime value decline by one. A malicious user could potentially send statecoins to himself multiple times to get the nLockTime value to be very low (after waiting for required transaction fees to be high). The malicious user, Bob could swap statecoins with Alice, and unless Alice nearly immidiately spends the statecoin with a transaction with a next block confirmation transaction fee, Bob can spend the UTXO with his most recent "backup" withdrawal transactions.