Bitcoin mixer

From Bitcoin Wiki
Jump to navigation Jump to search

Bitcoin mixer is software (or a service like CoinJoin) that accepts Bitcoin from multiple users, mixes them so you can’t identify who sent how much, and then sends out different bitcoins to their destinations.

If you were to view such a transaction on an explorer, you’d find the address of the mixer as the recipient (in the case of an outgoing transaction from your wallet) instead of a Bitcoin address. Similarly, if you typed in a transaction recipient’s address, and looked to see where the coins came from, all you’d find would be the tumbler’s address.

It’s called a “mixer” because it mixes your coins with other holders' coins to the point that none of them can be connected back to their original wallet addresses. Hence, when you use this solution, you can send Bitcoin or receive it while remaining completely anonymous.

Most Bitcoin tumblers require you to pay service fees for mixing your coins, which are subtracted from your deposit.

Origins

Using bitcoins is a flawed way to stay anonymous while making your purchases, donations, and P2P payments. But Bitcoin transactions are never truly anonymous. Bitcoin activities are recorded and available publicly via the blockchain — a comprehensive database which keeps a record of bitcoin transactions. And when you finally use Bitcoin to pay for goods and services, you will of course need to provide your name and address to the seller for delivery purposes. You may also have to complete KYC verification in before you can purchase something. It means that a third party can trace your transactions and find ID information. To avoid this, mixers provide the ability to exchange your bitcoins for different ones which cannot be associated with the original owner.

Prior to the advent of trustless alternatives, mixing services (also called mixers or tumblers) were used to mix one's funds with other people's money, intending to confuse the trail back to the funds' original source. In traditional financial systems, the equivalent would be moving funds through banks located in countries with strict bank-secrecy laws, such as the Cayman Islands, the Bahamas and Panama.

Comparison to CoinJoins

A CoinJoin collects the inputs of many users, and broadcasts them into many outputs in a single transaction, whereas a mixer sends your bitcoins through a series of transactions with a variable number of inputs and outputs, before it is sent back to you in another address, or imported into a wallet as a private key.

A mixer additionally uses a wide variety of techniques to enhance authenticity and privacy, including onion links, PGP signatures, and letters of guarantee.

While a single CoinJoin transaction does not provide as much anonymity as a mixer, a wallet coordinator which relays funds through a series of CoinJoins may have a comparable level of anonymity as a mixer.

Anonimity

While the underlying cryptography and algorithms used by mixers are usually robust, they can be undermined if a mixer records logs of its user activity. This can be used to de-anonymize users in the event that this data is stolen during a hack or collected by law enforcement during a site take-down.

A mixer's privacy may also be undermined by its hosting provider, its domain name service (DNS) provider, telemetry data sent to analytics services, and any DDoS protection services used by the website, such as Cloudflare.

Controversy

Because of the level of anonymity provided by mixers and the nature of how these services operate, they are frequently used by criminals for money laundering. While Bitcoin mixers are not necessarily created with the intent of laundering money, hackers have used them to anonymize large sums of crypto (in some cases worth hundreds of millions of dollars) that have been stolen from exchanges, bridges, and DeFi services during hacks. This has led to an increased scrutiny of bitcoin mixers by various governments, and have in some cases resulted in bitcoin mixers getting seized.

In particular, bitcoin mixers are often abused by state-sponsored cybercrime groups such as Lazarus Group, which in at least two occasions caused the United States to place the used mixers on the OFAC sanctions list. This is despite the fact that many bitcoin mixers forbidding their use for crime in their terms of services.

Critics of bitcoin mixers say that the addresses belonging to mixers can easily be identified, that exchanges are more likely to withhold a user's funds if they deposit or withdraw to a mixer, that there are a large number of counterfeit websites impersonating mixers, and that users could lose their bitcoins if a mixer is seized by law enforcement before the mixing process is complete.

Occasionally, mixers advertise their services on other platforms, mainly on Bitcointalk. This has led to some controversy when a mixer's service is seized by governments. In order to deal with this, Bitcointalk banned mixers from operating on the site, and also forbade forum users from advertising mixers.[1]

Some mixers use a content delivery network (CDN) in order to mitigate DDoS attacks. The most common ones are Cloudflare and DDoS-Guard. The disadvantage in using a CDN is that it can read all of the information sent by users to the website, including bitcoin addresses, as well as metadata about the user's browser such as the IP address, user-agent, and device details. This could potentially lead to de-anonymization of users if this information is given to another entity such as a government[2]. This can be mitigated by accessing the mixer through its onion link on the Tor Browser.

Mixers are also targets for phishing. Scammers can register a domain name that looks similar to a real mixer's name, clone the website's design but instead of running a mixer, simply steal any bitcoins that are sent for mixing. Because users often mix bitcoins in large quantities, this has posed a serious problems for them.

Alternatives to Mixers

Several blockchain-based methods have been proposed or developed in order to solve the flaws related to mixers. Some of these are listed below.

  • Taproot addresses contain a mechanism for adding additional spend conditions to an address, enabling the hiding of payment information inside them without revealing them publicly.
  • Silent payments utilize externally-defined addresses to create a list random Bitcoin addresses which can be used to send single-use transactions between two or more parties on the blockchain.
  • Coinjoins use decentralized or centralized software that coordinates transactions made by multiple parties by placing them all in a series of combined transactions. When implemented properly, it becomes impossible for blockchain analysis to trace the source of funds. To use coinjoins, you need to use a wallet that supports this feature. One such wallet is Wasabi wallet.

See Also

References