Abstract
The lack of fungibility in Bitcoin has forced its userbase to seek out tools that can heighten their anonymity. Third-party Bitcoin mixers use obfuscation techniques to protect participants from blockchain transaction analysis. In recent years, various centralized and decentralized Bitcoin mixing methods were proposed in academic literature (e.g., CoinJoin, CoinShuffle). Although these methods strive to create a threat-free environment for users to preserve their anonymity, public Bitcoin mixers continue to be associated with theft and poor implementation. This paper explores the public Bitcoin mixer ecosystem to identify if today’s mixing services have adopted academia’s proposed solutions. We perform real-world interactions with publicly available mixers to analyze both implementation and resistance to common threats in the mixing landscape. We present data from 21 publicly available mixing services on the deep web and clearnet.
Our results highlight a clear gap between public and proposed Bitcoin mixers in both implementation and security. We find that the majority of key security features proposed by academia are not deployed in any public Bitcoin mixers that are trusted most by Bitcoin users. Today’s mixing services focus on presenting users with a false sense of control to gain their trust rather than employing secure mixing techniques.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Protect your privacy (2013). http://bitcoin.org/en/protect-your-privacy
Cryptomixer.io fast, secure and reliable bitcoin mixer (since 2016) (2016). https://bitcointalk.org/index.php?topic=1484009.msg15350012#msg15350012
Cryptomixer.io fast, secure and reliable bitcoin mixer (since 2016) (2016). https://bitcointalk.org/index.php?topic=1484009.msg15256505#msg15256505
Cryptomixer.io fast, secure and reliable bitcoin mixer (since 2016) (2016). https://bitcointalk.org/index.php?topic=1484009.msg15428183#msg15428183
Bestmixer.io the future of bitcoin mixing! technology is here (2018). https://bitcointalk.org/index.php?topic=3140140.0
Multi-million euro cryptocurrency laundering service bestmixer.io taken down (2019). https://www.europol.europa.eu/newsroom/news
list bitcoin mixers bitcoin tumblers websites (2020). https://bitcointalk.org/index.php?topic=2827109.msg29058223#msg29058223
Bitcoin charts & graphs - blockchain (2020). https://www.blockchain.com/en/charts
Alsalami, N., Zhang, B.: Sok: a systematic study of anonymity in cryptocurrencies. In: 2019 IEEE Conference on Dependable and Secure Computing (DSC), pp. 1–9 (2019). https://doi.org/10.1109/DSC47296.2019.8937681
de Balthasar, T., Hernandez-Castro, J.: An analysis of bitcoin laundry services. In: NordSec (2017)
Bissias, G., Ozisik, A.P., Levine, B.N., Liberatore, M.: Sybil-resistant mixing for Bitcoin. In: Proceedings of the ACM Conference on Computer and Communications Security, WPES ’14, pp. 149–158. ACM (2014). https://doi.org/10.1145/2665943.2665955
Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_31
Delgado-Segura, S., et al.: Txprobe: discovering bitcoin’s network topology using orphan transactions. In: Financial Cryptography (2018)
DuPont, J., Squicciarini, A.C.: Toward de-anonymizing bitcoin by mapping users location. In: Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, CODASPY ’15, pp. 139–141. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2699026.2699128
. Maxwell, G: CoinJoin: bitcoin privacy for the real world (2013). https://bitcointalk.org/index.php?topic=279249
Heilman, E., AlShenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted bitcoin-compatible anonymous payment hub. In: NDSS. Internet Society (2017). https://doi.org/10.14722/ndss.2017.23086
Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_30
Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC ’13, pp. 127–140. Association for Computing Machinery, New York (2013). https://doi.org/10.1145/2504730.2504747
Möser, M., Böhme, R., Breuker, D.: An inquiry into money laundering tools in the bitcoin ecosystem. In: 2013 APWG eCrime Researchers Summit, pp. 1–14 (2013)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009). http://www.bitcoin.org/bitcoin.pdf
Novetta, L.: Survey of bitcoin mixing services: Tracing anonymous bitcoins. Technical repory, McLean, VA (2015). https://www.novetta.com/wp-content/uploads/2015/10/NovettaBiometrics_BitcoinCryptocurrency_WP-W_9182015.pdf
Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. Technical report (2014)
Tran, M., Luu, L., Suk Kang, M., Bentov, I., Saxena, P.: Obscuro: a bitcoin mixer using trusted execution environments. In: ACSAC ’18 (Annual Computer Security Applications Conference), ACSAC ’18, vol. 18, pp. 692–701. ACM, New York (2018). https://doi.org/10.1145/3274694.3274750
Valenta, L., Rowan, B.: Blindcoin: blinded, accountable mixes for bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 112–126. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48051-9_9
Ziegeldorf, J.H., Grossmann, F., Henze, M., Inden, N., Wehrle, K.: CoinParty: secure multi-party mixing of bitcoins. In: CODASPY 2015 - Proceedings of the 5th ACM Conference on Data and Application Security and Privacy, pp. 75–86. ACM (2015). https://doi.org/10.1145/2699026.2699100
Acknowledgement
We would like to express our gratitude to the anonymous reviewers for their valuable feedback. This work was supported in part by the National Science Foundation (NSF) in grants 2000792, 1651661, and 1703644.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Appendix 1
1.1 A.1 Public Mixer Characteristics
(See Table 5).
B Appendix 2
1.1 B.1 ChipMixer Results
Trial 1. In Trial 1, 0.001 BTC was sent in one transaction, \(I_1\), from the SegWit wallet. Within 30 s of the first confirmation on this input, we received one chip of 0.001 BTC. In Step 3, we were given the option to donate, withdraw, or receive a voucher. Options to split or merge were unavailable. We chose to withdraw our chips and proceeded to Step 4. We attempted to download the signed receipt but received an internal server error. Next, we chose to sweep the chip to the SegWit wallet with a network fee of 0.000079 BTC. The interaction resulted in 0 BTC mixing fees and our final output, \(O_1\), was 0.000921 BTC.
Trial 2. In Trial 2, 0.003 BTC was sent to ChipMixer in two separate transactions from the SegWit wallet, \(I_1\) and \(I_2\). These transactions were 0.002 BTC and 0.001 BTC. The service provided one chip of 0.002 BTC (chip 1) and one of 0.001 BTC (chip 2). We split chip 1 into two chips of 0.001 BTC. Then, we donated one of these chips to ChipMixer and did not identify any movement of funds from the input address. Next, we merged the two remaining 0.001 BTC chips into one 0.002 BTC chip. On Step 4, we attempted to access the signed receipt but received an internal server error. We chose to withdraw our final chip by importing the private key into a new wallet. Importing resulted in 0 BTC network fees and 0 BTC mixer fees. The output to our wallet, \(O_1\), was 0.002 BTC.
Trial 3. In Trial 3, two separate sessions were created. In the first session, transaction \(I_1\) of 0.001 BTC was sent to ChipMixer and withdrawn for a voucher. The service provided a 53 character alphanumeric code. In the second session, transaction \(I_2\) of 0.003 BTC was sent to the given input address. The voucher code from the first session was also redeemed. In total, the service provided two 0.001 BTC and one 0.002 BTC chips. On withdrawal, the chips were swept into the SegWit wallet. This resulted in two on-blockchain transactions with outputs of 0.00190361 BTC and 0.00190834 BTC, \(O_1\) and \(O_2\). The network fees associated with these transactions were 0.00009639 BTC and 0.00009166 BTC respectively. The total mixer fee was 0 BTC.
1.2 B.2 MixTum Results
Trial 1. In Trial 1, one legacy output address was specified. A SegWit output address was attempted but was not accepted by the service. One input transaction, \(I_1\), of 0.001 BTC was sent to a compatibility format input address provided by MixTum. Within five minutes, an output transaction, \(O_1\) of 0.001 BTC was received. The network fee on the output was 0.00024227 BTC and mixing fees were 0 BTC.
Trial 2. In Trial 2, two legacy output addresses were specified. One input transaction, \(I_1\), of 0.002 BTC was sent to a compatibility format input address provided by MixTum. The first output, \(O_1\), of 0.001 BTC was received in one hour and 14 min. The network fee on this transaction was 0.00024227 BTC. A second output, \(O_2\), of 0.000762 BTC was received in four hours and 55 min with a network fee of 0.00022843. The overall mixing fee for this interaction was equal to 4.4% of the input plus 0.00015 BTC.
Trial 3. In Trial 3, two legacy output addresses were specified. Two input transactions, \(I_1\) and \(I_2\), were sent to a compatibility format input address provided by MixTum. \(I_1\) was 0.002 BTC and \(I_2\) was 0.001 BTC. The first output address received two output transactions, \(O_1\) and \(O_2\), of 0.0004 BTC and 0.001 BTC 47 min after the input. The second output address received an output, \(O_3\), of 0.00136 BTC in 52 min. The network fees for these output transactions were 0.00017997 BTC, 0.00017305 BTC, and 0.00014536 BTC respectively. The overall mixing fee for this trial was 3% of the input amount plus 0.00015 BTC.
1.3 B.3 Bitcoin Mixer Results
Trial 1. In Trial 1, one output SegWit address was specified with rapid delay. The service provided a compatibility format input address and a mix ID. One transaction, \(I_1\), of 0.0002 BTC was sent to this address. Within 30 s of the first network confirmation, an output transaction, \(O_1\), of 0.0001985 BTC was received. Overall, the interaction had a mixing fee of 0.0000015 BTC.
Trial 2. In Trial 2, three legacy output addresses were specified. Delay and distribution among these addresses was set to be 1 h with 35%, 2 h with 35%, and 2 h with 30% respectively. The service provided one compatibility format input address. One transaction, \(I_1\), of 0.0004 BTC was sent to this address. The first output address received output \(O_1\) of 0.0001386 BTC in 43 min. The second received output \(O_2\) of 0.0001386 BTC in 1 h and 44 min. The third received output \(O_3\) of 0.0001188 BTC in 1 h and 44 min. The overall mixing fee for this trial was 0.000004 BTC.
Trial 3. In Trial 3, five SegWit output addresses were specified. Delay and distribution was set to be 1 h with 13.3%, 2 h with 5.36%, 5 h with 21.98%, 10 h with 30.72%, and 12 h with 28.64% respectively. The service provided one compatibility format input address. One transaction, \(I_1\), of 0.0006 BTC was sent to this address. Output \(O_1\) of 0.00007894 BTC was received by the first output address in 31 min. Output \(O_2\) of 0.00003181 BTC was received by the second output address in 1 h and 26 min. Output \(O_3\) of 0.00013045 BTC was received by the third output address in 4 h and 26 min. Output \(O_4\) of 0.00018232 BTC was received by the fourth output address in 9 h and 26 min. Finally, output \(O_5\) of 0.00016998 BTC was received by the fifth output address in 11 h and 26 min. The overall mixing fee for this trial was 0.0000065 BTC.
1.4 B.4 CryptoMixer Results
Trial 1. In Trial 1, one SegWit output address was specified. Additionally, the mixing service fee and delay were set to 0.5060% and 1 h and 15 min respectively. This qualified for a Standard security level. The service provided a five character alphanumeric CryptoMixer code and one legacy format input address with its corresponding letter of guarantee. One transaction, \(I_1\), of 0.001 BTC was sent to this address. The service’s calculator stated that the output would be 0.00049494 BTC. However, after one confirmation the service displayed an error stating that the “amount is less than required." The error did not disappear and the number of confirmations on our original input did not update after the first detected confirmation. Assuming the service expected an additional payment of 0.00049494 BTC, we generated a second input address and executed another input transaction, \(I_2\). However, this was ignored by the service. After 1 h and 21 min of the first input, we received output \(O_1\) of 0.00049494 BTC with a network fee 0.00007749 BTC. The overall mixing fee for this interaction was 0.00050506 BTC.
Trial 2. In Trial 2, the CryptoMixer code from Trial 1 was used and three legacy output addresses were specified. Delay and distribution for these output addresses was 3 h and 7 min with 20.05%, 9 h and 1 min with 19.96%, and 15 h and 2 min with 59.99% respectively. The mixing fee was set to 1.0176%. These parameters qualified the interaction for a Silver security level. The service provided the same CryptoMixer code from Trial 1 and we manually generated four legacy format input addresses. The letter of guarantee for each of these addresses was successfully downloaded. Input transactions \(I_1\), \(I_2\), \(I_3\), and \(I_4\) were executed with 0.001 BTC, 0.001 BTC, 0.0005 BTC, and 0.001 BTC respectively. The service’s calculator stated that 0.00039386 BTC, 0.00039209 BTC, and 0.001178 BTC would be deposited to out output addresses. However, no outputs were received.
Trial 3. In Trial 3, no CryptoMixer code was used and three legacy output addresses were specified. Delay and distribution for these output addresses was 3 h and 3 min with 20.43%, 9 h and 8 min with 19.85%, and 15 h and 4 min with 59.72% respectively. The mixing service fee was set to 1.0820%. These parameters qualified this trial for Silver security level. We received a new five character CryptoMixer code and manually generated two legacy format input addresses. The letter of guarantee for each of these addresses was successfully downloaded. Input transactions \(I_1\) and \(I_2\) were executed with 0.001 BTC each. However, we received the same error from Trial 1 stating “amount is less than required.” For both inputs the service stated 0.00051082 BTC was pending. Thus, two transactions of 0.0005 BTC and 0.00001082 BTC were sent to each input address. However, the service did not identify these transactions and no outputs were received.
1.5 B.5 Sudoku Wallet Results
Trial 1. Sudoku Wallet provided a 25 character alphanumeric wallet key. The service then presented an input address with its corresponding private key. We sent one transaction, \(I_1\), of 0.001 BTC to this input address. After the service detected three confirmations on this input, we were able to view two output addresses funded with 0.00059025 BTC and 0.00040975 BTC along with their private keys. These funds were then swept to our SegWit wallet through an on-blockchain transaction, \(O_1\). The network fee for this transaction was 0.00012739 BTC and 0.00087261 BTC was the final output. The overall mixing fee for this interaction was 0 BTC.
Trial 2. Sudoku Wallet provided a new 25 character alphanumeric wallet key. The service presented an input address with its corresponding private key. We sent one transaction, \(I_1\), of 0.002 BTC to this address. After three confirmations, we were presented three output addresses with 0.00066667 BTC, 0.00064667 BTC, and 0.00064667 BTC. These funds were then swept to our legacy wallet through an on-blockchain transaction, \(O_1\). The network fee for this transaction was 0.00024839 BTC and 0.00171162 BTC was the final output. The overall mixing fee for this interaction was 0.00003999 BTC.
Trial 3. We received a new 25 character alphanumeric wallet key. We sent one transaction, \(I_1\), of 0.003 BTC to the given input address. After three confirmations, we were presented three output addresses of 0.0001 BTC each with corresponding private keys. These funds were swept to our SegWit wallet through an on-blockchain transaction. \(O_1\). The network fee for this transaction was 0.00022310 BTC and 0.0000769 BTC was the final output. The overall mixing fee for this interaction was 0.0027 BTC.
C Appendix 3
1.1 C.1 Chip Generation Transactions
(See Table 11).
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Pakki, J., Shoshitaishvili, Y., Wang, R., Bao, T., Doupé, A. (2021). Everything You Ever Wanted to Know About Bitcoin Mixers (But Were Afraid to Ask). In: Borisov, N., Diaz, C. (eds) Financial Cryptography and Data Security. FC 2021. Lecture Notes in Computer Science(), vol 12674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-64322-8_6
Download citation
DOI: https://doi.org/10.1007/978-3-662-64322-8_6
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-64321-1
Online ISBN: 978-3-662-64322-8
eBook Packages: Computer ScienceComputer Science (R0)