In this article we discuss different methods used to protect Bitcoin users' financial privacy by thwarting block chain analysis. Make sure not to miss the exclusive interview with the BitMixer.io team included at the end.
Disclaimer: Using certain services, tools, or techniques in this article may be illegal depending on where you live. Please consult your local laws and regulations before proceeding with anything mentioned in this article. The services, tools, and techniques in this article should not be used for illegal purposes, and are being discussed purely because they are essential for financial privacy when using bitcoin and because of its relevance to the stolen Bitstamp bitcoin.
Last week, one of the largest Bitcoin Exchanges in the world, Bitstamp, was compromised and a little less than 19K bitcoin were stolen from them. The thief aggregated all of the stolen bitcoin to this address: 1L2JsXHPMYuAa9ugvHGLwkdstCPUDemNCf before transferring them to other addresses. As a result, this high profile theft has brought the public nature of the block chain back to the forefront of community discussion. Analysts from around the web have been working to track the stolen bitcoin in an attempt to prevent the thief from cashing out his prize. Unfortunately, as long as the thief is patient, thorough, and willing to sacrifice some of his spoils, attempts to track his movements will be in vain. Although all bitcoin transactions are public, using tools readily available on the internet users can essentially operate on a sliding scale of anonymity.
The ability to control your level of anonymity is essential not only for criminals, but also for legitimate law-abiding users. All bitcoin transactions are publicly broadcast on a global public ledger called the block chain, which presents a serious financial privacy concern for users. Without privacy tools, if you are able to link Bitcoin addresses with an individual, you can then proceed to track all of their transactions. At the same time, the public nature of the block chain enables many useful features such as decentralized proof of payment, proof of existence, and financial transparency. The ability to choose your level of anonymity gives Bitcoin users flexibility, and is a fundamental requirement for Bitcoin to be successful on a global scale.
Arguably the most important Bitcoin privacy tool currently under development is DarkWallet. The team behind DarkWallet aim to create an open source free-to-use wallet with privacy as its focus. DarkWallet implements a combination of stealth addresses and a decentralized implementation of CoinJoin which in combination make it much more difficult to conduct block chain analysis. DarkWallet is funded purely by donations and is still under development. You can donate bitcoin to the DarkWallet project here: https://www.darkwallet.is/donate/. DarkWallet is unique because it is one of the only Bitcoin privacy options under development that will not require any change in the Bitcoin Protocol to implement. The Bitstamp thief will not be using DarkWallet to cover his tracks because it is still in testing phase.
DarkWallet is compelling but isn't finished yet, so users are forced to use alternatives in the mean time. The most common method of mixing is to use unrelated Bitcoin services to interrupt the flow of your coins on the block chain. Most Bitcoin Services pool user funds once deposits happen, so the process involves depositing your bitcoin and then withdrawing at a later time. In theory the bitcoin you receive when you withdraw should be different coins than the ones you deposited, with no way for block chain analysis to link the flow of bitcoin. Even though this method can prevent block chain analysis, the owners of the service you use could still theoretically connect you, the deposited coins, and the withdrawn coins. To solve this issue, subscribers to this method advise you to repeat this method multiple times with multiple different services, so the owners of all the services would have to collude in order to connect your transactions. Similarily, users can go onto exchanges and convert bitcoin to an altcoin, transfer the altcoin to a different exchange, and then convert back to bitcoin. In this way, an outside observer cannot follow your transactions on the bitcoin block chain because some of them occurred on an altcoin block chain. These methods are more effective when combined with internet privacy tools such as TOR and VPNs so the service owners know less identifiable information about the user. Using these techniques can be overwhelming to users and is not exactly straightforward, that being said, it is probably the most effective method to prevent block chain analysis when executed properly.
The team behind BitMixer aims to strike a happy medium between convoluted mixing methods using existing services and the unfinished DarkWallet. BitMixer provides a straight forward simple process to thwart block chain analysis and has been operating successfully for a year. It is important to remember that unlike DarkWallet, BitMixer is centralized and closed source so the operators of the service could theoretically be keeping logs of all bitcoin being mixed through their service. For what it's worth, the BitMixer team says they delete all data every 12 hours, as you will see in the interview below, but that promise should be taken with a grain of salt. You can reduce the risk of them potentially keeping logs if you use internet privacy tools such as TOR and VPNs so BitMixer has less info to potentially identify you with. The approximate amount of bitcoin that goes through their service every month is roughly 25k BTC.
Using BitMixer is Simple and Easy
1) Go to https://bitmixer.io or bitmixer2whesjgj.onion if you are using TOR.
2) Put in the address you want your bitcoin to be sent to and press mix my coins.
NOTE: BitMixer allows you to add additional addresses, a time delay, and adjust the default fee, which makes the process harder for outsiders to track using block chain analysis. If you choose to add multiple addresses, a slide scale appears that lets you customize what percentage of bitcoin go to each address. If you have already used BitMixer previously, make sure to put the BitMixer code they supplied you during your last transaction .
3) A new bitcoin address is generated and a QR Code is shown. Send your bitcoin to that address and after one confirmation, different bitcoin are sent to the address(es) supplied to BitMixer in step 2.
When was BitMixer launched?
BitMixer: January, 2014
We understand maintaining anonymity is essential to the BitMixer team but is there any background information you can provide us on yourself and the rest of your team?
BitMixer: I'm bitcoin enthusiast since 2011. After analysing my own spends and other bitcoin-related businesses I decided to create the instrument for guard my own privacy. I don't like the idea that any merchant or exchange may track all my previous and further transactions. With a small team we have created the service, in a week we found investors (more precisely they found us).
Why should users choose your service over better known competitors such as BitcoinFog and Blockchain.info's SharedCoin?
BitMixer: We solve the main problem of many mixers - the problem of trust. If mixer decided to steal your bitcoins, there would be no way to prove that it did. To solve this problem we made a public address 1BitmixerEiyyp3eTLaCpgBbhYERs48qza which is used for signing a special Letter of Guarantee. This Letter is generated for every transaction. It contains incoming/outgoing addresses and the timeframe when order will be completed. The customer downloads the Letter before sending us the coins. So he has a digitally signed proof of our obligations, the proof that incoming address has been truly generated by our server. Anyone can verify the digital signature using a pc or web-based bitcoin wallet.
We also use advanced features, like time delay, custom fee and multiply outgoing addresses. In combination those methods make transactions practically untraceable. Furthermore, we are using TOR to broadcast transactions to prevent ip-based block chain analysis.
And we already have a huge reserve for instant mixing. So users don't need to wait for other customers.
With regards to SharedCoin, it appears to not be as secure as our service. Read more here: http://www.coindesk.com/blockchains-sharedcoin-users-can-identified-says-security-expert/. Also seems it is exposed to time-value block chain analysis.
We noticed that you have recently added a dedicated TOR .Onion portal to the site. Do you advise users seeking the best anonymity/privacy protection to use that site rather than your regular website? What advantages does the dedicated TOR site provide?
BitMixer: Many of our users have been scammed by hacker's TOR exit nodes when using TOR to connect to the regular site. This is a known issue with TOR that has led many companies, including ourselves, to create a dedicated TOR address. In addition to preventing that type of scam, using our service directly through TOR is more secure for our customers because data is encrypted and identifiable info is hidden. It is also a good solution if we experience pressure from any official agency.
What country/region is BitMixer based? We understand if you cannot answer this question, but if possible could you explain what precautions you guys have taken to prevent government intervention/seizure of your servers? What logs/information do you keep?
BitMixer: Our servers are located in a country where US authorities can't get access to the server without a local court order. Bitcoin is not considered as money here, so we can't be a money-laundering service. We use encrypted disks. We delete all order data after 12 hours. We completely erase old bitcoin addresses from our wallet after coins are sent out. Even if the server is seized, they will find nothing.
Some members of the community have expressed concern that BitMixer may be a honeypot run by government authorities. They worry that you are collecting user data to aid future criminal investigations. Is there anything you can do/provide to us to alleviate this concern? (Editors Note: These fears are unsubstantiated but after the Snowden revelations, users are rightfully paranoid when it comes to privacy/security online.)
BitMixer: I'm afraid I don't imagine what kind of proof besides words could be presented in this case. I personally couldn't act as a public guarantor, because I probably would become the aim of authorities who believe we are doing something illegal.
Last but not least, can you provide us any usage numbers? Number of Unique Users? Amount of money that has flowed through your service? Number of unique visits per day?
BitMixer: We don't collect stats, and we automatically delete all order data in 12 hours. I can only tell the approximate amount of flowed bitcoins in the past month, based on collected profit. It is about 25k BTC.
A public thanks to the BitMixer team, we appreciate you taking the time to speak with us.
Last but not least, BitMixer explains why law abiding users should mix their bitcoin:
While using bitcoins is an excellent way to make your purchases, donations, and p2p payments, without losing money through inflated transaction fees, transactions are never truly anonymous. Bitcoin activities are recorded and available publicly via the blockchain; a comprehensive database which keeps a record of bitcoin transactions.
All exchanges require the user to scan ID documents, and large transactions must be reported to the proper governmental authority. When you use Bitcoin to pay for goods and services, you will of course need to provide your name and address to the seller for delivery purposes.
This means that a third party with an interest in tracking your activities can use your visible balance and ID information as a basis from which to track your future transactions or to study previous activity. In short, you have compromised your security and privacy.
To avoid this, we recommend using a quality mixing service such as the one we provide to periodically exchange your bitcoins for different ones which cannot be associated with the original owner. In order to further enhance the security of your transactions we provide the opportunity to use two or more forward addresses as well as convenient time delays. In addition, we immediately delete all archival logs related to your transactions.
We hope you found this piece interesting and informative. As you can see, a dedicated user can effectively thwart block chain analysis using readily available methods. It is more difficult to do if you are mixing large amounts of coins, as the BitStamp thief is doing, but as long as he is patient, thorough, and willing to sacrifice some of his spoils, attempts to track his movements will be in vain.
We do not serve ads. Tips are always appreciated: 18wJZi9JLA5xBB6xe93PKtexzZjmZc6wb6