Public Mixing Solutions
Bitcoin Mixing Services
Table of Mixers
To begin our analysis of the current mixing service landscape, we gathered a list of 19 centralized mixers. The majority of these mixers were posted as service an nouncements on Bitcointalk, Bitcoin’s main forum created by Satoshi Nakamoto in2 009. Initial coin offerings, new service announcements, and technical discussions of-ten originate from Bitcointalk. Next, our goal was to compile a list of characteristics that would provide insight into their implementations. Table 6.1 outlines the charac teristics we collected for each mixing service. Our findings are displayed in Table 6.2with some of these characteristics omitted for simplicity. A ‘checkmark’ signifies that the service offers the feature while an ‘x’ indicates that it is not supported. Any field marked with a dash was not found. The information is solely based on data available on each mixer’s site and does not involve any transactions.
Our next step was to identify a metric to rank mixing services based on popularity.As seen in Table 6.2, every mixing service has a highly recommended Tor mirror.These sites have a .onion extension and cannot be indexed by standard search engines.As a result, identifying the amount of traffic for each service is quite difficult. To address this obstacle, we first aimed to categorize mixers into two categories: Trusted and Untrusted. We based this categorization strictly off of service and user activity on Bitcointalk.
Mixing services labeled as Trusted displayed consistent communication with users on the forum and had zero scam accusations. Untrusted mixers displayed a lack of communication with their users and had one or more scam accusations. Any mixer without a service announcement on Bitcointalk was also marked as Untrusted due to a lack of information from its users base.After analysis of forum posts, nine of the mixers were labeled as Trusted and ten were labeled as Untrusted. We chose one Untrusted and five Trusted services to further our analysis. This includes PenguinMixer, ChipMixer, MixTum, BitcoinMixer, CryptoMixer, and Sudoku Wallet. We outline experiments conducted on the five Trusted services. In the following sections, we discuss each of the six selected mixing services.
PenguinMixer is an open-source mixing service and is only accessible via Tor.Although we categorized the service as Untrusted, an analysis of its implementationc an be used to understand more complex, black-box mixing services like the onesinteracted with in Chapter 7. Their site includes steps and necessary files to set up amixer as a hidden service. In this chapter, we present an analysis of its source code and testing done on a local version of the service. PenguinMixer offers limited user control for its obfuscation techniques. Partici-pants are able to enter up to five output addresses and set a fast or slow delay. The mixing fee for the service is randomized between 0.5% and 1%. The maximum in-put increases as the service gains participants and is currently set to 5.0 BTC. The minimum input is 0.05 BTC multiplied by the number of output addresses used. PenguinMixer’s code base is written in PHP and Python. There are four files shared with the public related to account creation, mixing technique, the SQL database and the check mix feature. In the following sections, we will discuss the contents of each file.
6.3.1 Database Structure The SQL database consists of three tables including user accounts, payments and output addresses. Figure 6.1 shows each of these tables and their attributes. In the figure, the green rows are primary keys (PK) and the yellow rows are foreign keys(FK).The account table (Figure 6.1a) stores mixing participant information. Unlike thetraditional user account, an account on PenguinMixer does not have a username and password. Instead, users are labeled with account IDs which are auto incremented and start at 1 with the mixer operator. Participants are also given an input address,a specific number of confirmations, an active flag, timestamp of account creation, andsecret mixing key.The outp utaddresses table (Figure 6.1c) consists of information related to the destinations specified by users. The primary key is an auto incremented output address ID and the foreign key is the account ID from the accounts table.The payments table (Figure 6.1b) stores information related to outgoing transactions from the mixer. The primary key is an auto incremented payment ID and the foreign key refers to the output address ID from the output addresses table. Additionally, the gross amount, net amount, transaction ID, timestamp of creation, and timestamp of each payment are stored.
An account on PenguinMixer is created after a user enters up to five output addresses and selects a fast or slow delay. The addresses are validated using the bitcoind callvalidateaddress(). When completed, the addresses are added to the database. User delay is then calculated by random number based on the selection of fast or slow delay. A fast delay results in two to five confirmations and a slow delay is six to 24 confirmations. The result is stored in the database as required confirmations in the accounts table. Next, the bitcoind callgetnewaddress()is used to generate anew input address for the mixer to which the user is expected to send their funds within 24 hours.
Before the user account is finalized, a 32-byte, randomly generated key is provided for them to note. This secret mixing key can be used when communicating with sup-port or when using the check mix feature. After entering the key onto the check mix page, the user is presented with information about the status of their mix including the account creation timestamp, input payment deadline, required confirmations,input address, and the minimum required payment to the input address.
PenguinMixer’s mixing method uses bitcoind functionality to ensure that users do not receive their own inputted funds. First the service checks which mixer ad-dresses have received payments by usinglistreceivedbyaddress(). Next, the number of confirmations for each of these payments is checked. If the required number of confirmations has been reached, a random payment amount is calculated for each corresponding output address. Eq. 6.1 is the formula used to calculate this random amount for each output address. The variable currduerefers to the total amount currently due for the participant andmin peroutput is the minimum required peroutput address. Num out put refers to the number of output addresses for the participant and currout putnumis the current output address number in the order which they were entered.
In addition, each output address receives a random amount of delay (in seconds)and a randomized mixing fee between the percentages set by the operator. All calcu-lated payment information is added to the database and the mixer begins the paymentprocess for the particular user. To do so,listunspent()is called to return all unspentinputs to the mixer. Next,listaddressgroupings()is used to group all related walletaddresses with change addresses. The most important step occurs when the mixeruseslockunspent(). This temporarily locks any addresses related to the input addressof the current participant. Thus, it is guaranteed that users will not receive their ownfunds from the mixing service. All interactions with the service are logged in separatefiles for each day. Although the service claims logs are deleted every seven days, itmust be done manually by the mixer operator.
ChipMixer was established in 2017 and operates on both the clearnet and Tor.With over 95 pages of Bitcointalk forum posts and no scam allegations, the service presents itself as the most popular of the Trusted services identified. ChipMixer presents a unique implementation with the introduction of “chips”. It generates addresses and funds them with increments of 0.001 BTC up to 8.192 BTC. These addresses are previously funded and provided to ChipMixer’s participants along with their corresponding private keys as outputs. Rather than executing on-blockchain transactions, users are expected to import the given private keys to their wallets off-blockchain. Thus, there is completely no link between funds deposited to ChipMixer and the chips given to participants. If a user deposits 0.005 BTC to ChipMixer, they should expect to receive multiple chips adding up to the total deposited. For example,they may receive two separate chips of 0.002 BTC and one chip of 0.001 BTC. Users may split, merge, bet, or donate the given chips before withdrawal. Splitting breaks one chip into two. Merging combines two same-sized chips into one. Bettin gallows users to bet a chip and receive one double the size with a 47% chance. Donatinggives the chip to the service. Finally, withdrawing presents the private keys for theselected chips to be added to a personal wallet. These features can be used multiple times, in any order, and on individual chips. For example, a user may split theirc hips and choose to donate some of the resulting chips before withdrawing the others. ChipMixer claims these features increase user privacy and change the possible output value.
While ChipMixer does not require an account, users are given a session token and an input address which last for seven days. The service also gives users the option to destroy their sessions prematurely within this seven day period. Service logs are kept for the same length, however it is unclear whether logs can be destroyed prematurely along with the session. There is no predefined maximum input and the minimum input is 0.001 BTC.
This input only requires one confirmation in the Bitcoin networ before is accepted by the service. Any input less than the minimum is treated as a donation. Mixing fees are purely donation-based and users may choose to donate any amount of their given chips. On withdrawal, users are given a cryptographically signed receipt proving that the funds are coming from ChipMixer. In addition, theyare given the option to receive a voucher code and use the non-withdrawn chips inother ChipMixer interactions.
MixTum was established in 2018 and operates on both the clearnet and Tor. It is one of 11 mixers built upon the mixing platform Jambler.io. The service claims tohave a separate pool of Bitcoin from cryptocurrency stock exchanges like Binance ,OKEex, and DigiFinex. In turn, MixTum guarantees that participant funds are not mixed within a pool of other user’s Bitcoin and instead outputs are primarily from exchanges. The service claims its implementation eliminates the possibility for usersto receive previously inputted funds. Thus, an account is not required and sessio nIDs are not provided.
The site states that the service is completely automated and requires no manual interference from the mixer operator.Like PenguinMixer, MixTum is a traditional Bitcoin mixer that sends on-blockchain transactions to return participant funds. Thus, the service implements similar obfus-cation techniques to avoid blockchain analysis. Mixing fees are up to 5% (randomized)plus 0.00015 for the output network fee. Users can specify up to two output addresses which receive multiple payments when funds are returned. They are also given one input address which remains valid for seven days. The number of payments and distribution of funds between these addresses is randomized by the service. In addition ,randomized delays of up to six hours are implemented on output transactions. Mix-Tum provides users with a PGP signed letter of guarantee with information regarding the mixing interaction.
MixTum offers a free trial with the minimum required amount of 0.001 BTC, oneoutput address, and no mixing fees. Any input less than the minimum is treated asa donation to the service. The recommended maximum input is 50 BTC. Although MixTum claims logs are not kept, they do keep data regarding participant interactions until the completion of the output transaction or until the session expires in seven days.
Bitcoin Mixer was established in 2019 and is accessible on the clearnet and via Tor.Much like PenguinMixer, the service provides its users with a Mix ID to check thes tatus of their mix. The minimum input amount accepted is 0.0002 BTC. Anything lower than this minimum is treated as a donation. The maximum input amount is 80 BTC. Registration is not required and users are able to specify up to sevenoutput addresses. When multiple output addresses are specified, users can control the distribution and delays for each. Delays for each output address range from lessthan one hour (rapid) to 12 hours. To send their funds, users are given one input address. Mixing begins immediately after one network confirmation on input amount sless than 20 BTC and six confirmations on any higher amount. The service keeps logs for up to seven days but gives users the option to manually delete their session details. Finally, the mixing fees for Bitcoin Mixer are 0.25% plus 0.000001 BTC peroutput address. The service does not offer a signed receipt or letter of guarantee.
CryptoMixer was established in 2016 and is available on both the clearnet and Tor. The service’s initial announcement on Bitcointalk stated that it has over 2000BTC in reserve. To prove this, the service gave reputable Bitcointalk members a list of their addresses with a signature from each. After verifying the signatures, each member posted a signed message on CryptoMixer’s service announcement stating that they had verified the services pool of funds [29, 30, 31]. CryptoMixer allows a minimum input of 0.001 BTC.
The maximum input changes based off of the amount of Bitcoin in the service’s reserve. Accounts are not required and instead users are given a CryptoMixer code to identify their sessions. This cod can be used in future sessions to receive discounts and ensure previous inputs are not returned. CryptoMixer’s site claims it has a 100% zero-logs policy but also state sthat transaction details are routinely deleted. The service allows users to specify upt o 10 output addresses with custom delay for each from 0 minutes to 96 hours. In addition, the service offers distribution control for each output address. Mixing fees can be set by the user and range from 0.5% to 3% plus 0.0005 per output address.Based on the fees, delays, distribution, and number of output addresses set, participants are given a security level for their mix.
The Standard security level does not provide fast output transaction confirmation, allows for up to 24 hours of delays,and supports up to two output addresses. Service fees must be set anywhere between 0.5% and 1%. Silver security level guarantees fast output transaction confirmation,up to 48 hours of configurable delays, and up to five output addresses. Fees for the Silver level are required to be greater than 1% and less than 2%. The Gold security level is the highest level and guarantees fast output transaction confirmation, up to 96 hours of configurable delays, and up to 10 output addresses. For this level, the service fee must be set to 2% or higher.Unlike the other discussed services, CryptoMixer allows users to generate an unlimited number of input addresses to send their funds. Each input address also comes with a verifiable, digitally signed letter of guarantee, proving that it was generated by the service. Each given address is only valid for 24 hours and deleted afterwards.The number of confirmations required for input transactions to be cleared for mixing varies based on the amount expected to be mixed. Less than 25 BTC, less than 250BTC, and less than 1000 BTC require one, three, and four network confirmations respectively. Any input greater than 1000 BTC requires five confirmations.
Sudoku Wallet was established in 2019 and is available on the clearnet and Tor.The service is a single-use wallet which outputs private keys rather than on-blockchaintransactions. These outputs are of two to four addresses funded from previously executed CoinJoin transactions. The distribution between these addresses is not customizable by the user. There is no minimum or maximum input enforced. SudokuWallet does not require accounts but provides users with a wallet key to access their session before it is automatically deleted in seven days. The service claims to have a strict “no logs” policy. To send funds to Sudoku Wallet, one input address is provided along with its corresponding private key. Mixing does not begin until theinput transaction has three network confirmations. The mixing fee is randomized from 0.5% to 1% plus the CoinJoin fee which is described as the number of output addresses involved in the CoinJoin times the transaction fee.