Take a look in my comment history and you'll see some time back I posted about some strange behavior I saw with the coins I sent to PAYSHIELDs DEPOSIT address. A quick summary, I sent coins to be mixed using PAYSHIELD and saw odd behavior from the start. The coins hit the required confirmations for the transactions but they sat in the DEPOSIT address for a day before any movement.
Then they finally moved and were mixed. But the coins were outputted to an address I did not specify. After many many attempts to contact support, I got the "final" response, which sums up to be "idk you must of screwed something up but you're out of your coins sorry better luck next time". Here's their official response and my notes are provided in bold.
A couple things to start:
1. You are dealing with the same person abuse & support go to the same place. - never contacted abuse@sigaint.org, dont know what hes refering to
2. You aren't getting 'more silence' from us. We've answered your question - my question was to show me objective proof other than "take our word for it". They dodged and ignored the question over and over.
and spent considerable time explaining to you and outlining what happened. - 4 perfunctory responses is considerable time?
3. The entire point of mixing your coins in a mixer is to anonymize the
coins. The OUTPUT address isn't going to line up in any way with the DEPOSIT
address for obvious reasons. - does this really escape you??
Is he saying SIGAINT can move coins without in/out records on the BLOCKCHAIN? That would be quite the achievement.
I am going to reiterate one more time what happened with your mix, after
which I am not wasting anymore time on it as I have tons of other work to
attend to.
You supplied us with the PayShield status URL claiming you never received
the coins on the OUTPUT address you specified.We look up your mix with the PayShield status URL you supplied:
- We see the full payment to the DEPOSIT address.
- We see the mix completed successfully and the coins were sent to the
OUTPUT address. - We see the OUTPUT address DOES NOT MATCH what you gave us.
- We see the full payment to the DEPOSIT address.
We supplied you with the BTC txid showing the payment out of the mixed
coins to the OUTPUT address.(because you had the PayShield status URL and
could prove you owned the mix)
This means one of three things:
1. You inputed a different OUTPUT address by accident(although after giving
you the BTC txid and you seeing the actual OUTPUT address this seems
unlikely) - I didn't put the wrong address in, I triple check everything before broadcasting any transaction.
2. You went to a clone of PayShield that replaces the OUTPUT address people
paste in with their own OUTPUT address through a transparent proxy.(this
seems most likely to us)
- HOW COULD HE POSSIBLY THINK I WENT TO A CLONE SITE WHEN HE JUST SAID I PROVIDED HIM WITH A VALID PAYSHIELD URL AND TRANSACTION ID!? This just screams of smoke-screen and user blaming. SImple logic would have ruled this out as a possibility and yet SIGAINT support thinks this is the most likely thing that happened... SIGAINT's org lost any credibility with this statement alone. If their team members are that stupid and unable to apply the simplest of logic, I can't imagine what other security/process problems they have waiting to be found.
3. Your endpoint is compromised and something in your browser is replacing
content as you submit it.(substantially less likely) - A temporary environment used in special conditions, tunneled and obfs to TOR. No, my endpoint is not compromised.
Also for clarity's sake we divulged the BTC txid with the OUTPUT address ONLY
because you had the PayShield status URL. This proves the mix belonged to
you. If you hadn't had the PayShield status URL we would not have provided
you with the OUTPUT address/BTC txid as that would have potentially
deanonymized another person's mix.
I understand why you are frustrasted, but there is nothing more we can do for
you in this case - the coins were mixed out to the address given to us. All I
can suggest is you use this loss as motivation to adjust your processes.
Learn PGP and bookmark our site after verifying our .onion declaration here:
http://payshld6oxbu5eft.onion/payshield-declaration.txt
Again I'm sorry you lost money but we didn't take it. If you decide to scream
scam there is nothing we can do - all I ask is you quote this email as our
response. I've intentionally left the amount, BTC txids and addresses out of
this email so there is no sensitive information that could deanonymize you.
We have signed this message with PGP we suggest you verify the signature is
good. If the signature is bad do not trust the links shown above.
We wish you better luck in the future on the DN.
SIGAINT
So this is a warning to the rest of the DNM community. I've used tumblers 100s of times, and PAYSHIELD maybe 20 times. Never any trouble before. This one time something got fucked on their end and they are unwilling to admit it because they dont want to lose credibility or have to reimburse a user some coins.
So to recap, dont be surprised if PAYSHIELD suddenly eats your coins. You'll get blamed with no explanation other than "take our word for it". You've been warned.
I say think payshield is in the right (a little) here, because if they are mixing correctly there is no way to trace the coins. We have this happen with users on helix sometimes. Usually we tell them where the coins did go based off they helix address they sent to and they realize they pasted the wrong address in to helix and the coins went to an older address they had in their clipboard and forgot about.