De-anonimyzing Bitcoinfog (and other tumblers)

Let's give an example of bitcoinfog de-anonimization:

1DiYwzdc + wJdVzooF1H8h1h6 + wW4EV16PTjn is an Agora deposit address.

It receives 3 transactions from a tumbler on 17 nov 2014:

It's pretty obvious that the money is received from a tumbler, it doesn't make sense to send 3 deposits of those sizes to a darknetmarket on the same day.

This means that the actual deposit was 1,70324005 BTC.

Next step: Since in this example it's bitcoinfog and we know they have a 1-3% randomized fee we know that the minimum amount deposited into bitcoinfog is 1,7204 BTC(1% fee) and the maximum amount is 1,7559 BTC(3% fee). We also know that nearly all darknetmarket users think tumblers are holy and trust them blindly so they don't think to randomize deposits as well.

Next step: we look for bitcoin transactions between 1,7204 and 1,7559 within let's say 6 hours before the first transaction to 1DiYwzdc, we end up with a list of addresses that received between those amounts of btc.

Next: We take that list and use any method we have available to determine who those addresses belong to, some addresses belong to miners, some to exchanges, some to whoever else. One address raises our attention, 1QEA95T + rb6H1kn9guPy + 354M3X + wrCdvNhdX, look at the transactions....wait.......BINGO. We found the bitcoinfog deposit address.

1.7343 BTC was sent to 1QEA95T in this transaction. If you look at the originating address you see it's a change address for it's previous transaction, follow those and you end up at this transaction.

The sending addresses are operated by Localbitcoins. We now know the buyer bought his coins through LBC, if he used proper OPSEC(tor+anonymous buying method) he is probably safe. If not, LE knows who he is, imagine if he used circle or coinbase..

Repeat after me: Bitcoin is not anonymous, stop trusting anonymous services that promise you anonimity. The tumblers know their shit doesn't work, why would they care if they get 1-3% off every transaction that goes through them though? I can't even blame them for trying(and succeeding).

Inb4 Gramsadmin shows up and offers a bullshit explanation on how Grams is the ish, walletexplorer is not the only way certain services can be identified, Helix used predictable patterns in the past, Bitcoinfog used standard 13,88 BTC addresses to pay out withdrawals from in the past. Even if you randomize deposits and randomize withdrawals from tumblers you can not be safe from a method similar to this, for example if the market is compromised you could just as well have deposited into a single address.

The ONLY way tumblers can be effective is if they manually process each tumbling of coins, this is humanly not possible. Even then you are still trusting them not to be LE. This method doesn't prove anything 100%, but if the IRS can subpoena Facebook for 100s of user details and only get a 2% conviction rate you can bet your ass that the FBI can subpoena services based on the information they get from methods like these.

Finally, this is deanonimyzing tumblers from OUT to IN, the other way around is equally feasible, just slightly harder as you are now looking for an address that received between (deposit x 0.97) and (deposit x 0.99) BTC in let's say 1 to 4 transactions within about 6 hours. I am just too lazy to do try that the moment.

I am just a bored guy, imagine the tools LE has.


Comments


[27 Points] 1blockologist:

come on guys, learn to use Monero

and learn the best practices for using Monero. (use Mixin 3 or higher, know when to re-anonymize your transaction, such as when an exchange sends you a transaction with Mixin 0, 1 or 2)

Your transactions can be unlinkable in 2015.

Use www.mymonero.com for a software GUI.

Neither DARKWALLET or DARKCOIN's darksend/masternode technology, nor BITCOINDARK's telepathy nor SHADOWCOIN's technology will work as well as some good old fashioned stealthed ring signatures.

you will have to demand your markets upgrade too. Although Monero has been around for a while, it's software infrastructure is only just improving enough to be usuable. So things like multisig are still work in progress.


[15 Points] gramsadmin:

Hello


[7 Points] UDNM:

I thought that commercial tumblers were just a big joke to trick noobs into thinking you need to launder your money to buy drugs. LE doesn't trace BTC transactions because they don't give a fuck, has anyone ever been caught buying drugs IRL because LE was monitoring their bank accounts? They would only be interested in you BTC transactions if you were a fucking kingpin, just like bank accounts IRL.

I don't think that anyone who genuinely needs to tumble their coins would use a commercial tumbler anyway, and they would only be cleaning their BTC to turn it into cash not the other way around.


[9 Points] mnhty:

Interesting writeup.

...It's pretty obvious that the money is received from a tumbler...

What makes this obvious? If a tumbler uses unique addresses per transaction, there is no way to know where to start.


[5 Points] None:

What are they waiting to use Monero?


[4 Points] Vendor_BBMC:

!. Why would somebody use a tumbler to pay clean bitcoin INTO a market, then immediately hand it over for drugs? Its the opposite of money laundering

  1. How do LE know that the address with the 3 deposits is a darknet marketplace?
  2. And even if they did, how do they know that you bought some drugs with it?
  3. But police all do money laundering courses, so they assume that bitcoin is TUMBLED INTO AN EXCHANGE.

Money laundering is used to clean drug money so that it can buy cars, houses and other legal things. I'm sure people just tumble money INTO markets to help us vendors to escape to the exchange with suitcases of bitcoin, by pretending to be drug dealers acting guilty.

Because its obvious that if you don't want to look dodgy, you deposit straight to the market.

bitcoin wallet to bitcoin wallet, half a bitcoin. No tumblers.

And anyway, you're not even vendors. Too many bitcoins isn't a problem. JUST THE OPPOSITE - your bitcoin all gets spent on drugs YOU HAVE TO GET CAUGHT WITH DRUGS IN YOUR POSESSION


[6 Points] Simcom:

Why doesn't the user generate three different addresses to receive the funds? Is this not possible on agora? I can't imagine they would provide only one deposit address to people, if so that is a huge oversight as makes it much easier to link the coins through the tumble as you point out. The coins become truly untraceable via taint analysis alone if multiple deposit addresses are used.

Also your analysis doesn't draw any definitive links, you just found one possible connection (likely one of many). Plausible deniability is still intact. I was also under the assumption that the tumblers add more temporal randomization than what you suggest (~6 hours), but I can't tell for sure because I've never used a tumbler.


[6 Points] None:

[removed]


[2 Points] jadedsynk:

So what your saying is i should be burning my house.


[3 Points] tetralogy:

Thats why its best to hop blockchains e.g. wallet to shapeshift (convert to LTC) and then convert the LTC back to BTC on another anonymous exchange.

Boom. no trace to your BTC wallet


[4 Points] Right_In-The-Pussy:

Next step: we look for bitcoin transactions between 1,7204 and 1,7559 within let's say 6 hours before the first transaction to 1DiYwzdc, we end up with a list of addresses that received between those amounts of btc.

This is your problem right here you are using a simplified example to prove your point,

and what if I chose 2 days to spin the coins and broke the output into 6/7 or more transactions.

The point is the whole system is random so it's impossible to know who is who and as long as a specific tumbler is popular there will always be similar sized inputs over your chosen time period to leave who owns he original transaction in doubt


[3 Points] IDBitch:

Someone much smarter than but correct me if I am wrong,

Why can't we use middle wallets? Don't send from tumblers straight to DNMs. Use a electrum based or some shit.

Plausible deniability?


[4 Points] gramsadmin:

OK first, All tumbler do exactly what they advertise. The break the block chain so there is no trace of the begining address and the end address in the taint analysis. That is the proof and tumblers remove the proof.

Itis like if you went to take your car to a cheap car wash and are now complaining because they didn't wax and shine it too.

Second this method uses a lot of asumptions. What if the person used an intermediate wallet? or just waited a few days before withdrawing the bitcoins? or sent them to multiple address? Yes using this method a person coudl be deanomized but only if everything happened exactly liek you said. Even then is just speculation, no proof.

Third, Thank you. Everyone always says I should randomize my fees, and I am being greedy for not doing it. You just proved it doesn't matter if you randomize the fee because with that small of a percentage it is still easily detectable. I don't randmize for the user. I want them to know exactly how much they are going to be getting back before the traction is started. Also even if I did randomize the fee I would still make the same about of money , so I really don't understand how people can call it greedy.

Like I always said be for you should use an intermediate wallet like electrum and keep a reserve of already tumbled coins. Then send them to the markets days or even weeks later then when you originally tumbled them.

GramsAdmin


[3 Points] ShulginsCat:

This is true. Hopefully now, after the 3rd time someone proves this point, people on this sub will stop tumbling and find a better way to hide their tracks. It might take coinbase closing someone's account for tumbling to Agora before a mass behavioral shift happens.

BTW, I've seen that Nucleus supports altcoins - has anyone tried that yet?


[3 Points] Kazaa99:

Just a thought. A tumbler working by having only a few large pools with thousands of btc in them (instead of throwing the money back and forth between 1000 addresses), and then only sending out money in chunks of 0.2, 0.5 or 1.0 btc. Would that be effective? Then of course next step is to have several deposit addresses at the darknet market or the exchange you use. - Is this a totally bad idea? (I'm not building a tumbler, just speculating)


[3 Points] sapiophile:

CoinShuffle may fix these problems for good. True, trustless coin mixing.

That, or Monero.


[3 Points] fuckoffplsthankyou:

I agree, tumblers don't do shit. Best way to launder bitcoins is to transfer between cryptocoins like bitcoin -> litecoin or darkcoin or monero and then back to bitcoin.


[2 Points] totes_meta_bot:

This thread has been linked to from elsewhere on reddit.

If you follow any of the above links, respect the rules of reddit and don't vote or comment. Questions? Abuse? Message me here.


[3 Points] bitblender:

This method does not work if you follow the "Best-Practice for Top-Level Anonymity" guide that is available on Bitcoin Blender. The analysis method you are writing about here is described shortly on Blender too and the guide is to teach users to avoid exactly that. "If someone is watching the blockchain, and they notice a transaction for 100 BTC at 4:30, followed by another transaction of 98 BTC at 5:00, they might suspect this is a part of the same trail - even if there is no hardcore evidence.". This kind of blockchain analysis is exactly what im preventing.

This is a shortened version of the Best-Practice guide on Blender:

Your analysis method uses a lot of assumptions, you cant know if the user deposited coins into Fog exactly 6 hours before the first coins arrived at the market, the user could have waited for days before doing the withdraw from the mixer and could have used multiple deposit addresses too. As most users do on Blender because of the guide i have written.


[1 Points] TronicTonic:

Why not use stealth addresses?


[1 Points] None:

[removed]


[1 Points] None:

[deleted]


[1 Points] Darft:

I never understand why people need someone else to tumble their coins?


[1 Points] polvb:

Yeah, but most of us use this to avoid LE. It's not that fun to trace where BTC moved, and is moving.


[1 Points] christmasdelays:

how do u use lbc with tor safely? they reccomend not to because of middle man attacks


[1 Points] None:

[deleted]


[1 Points] n1nj4_v5_p1r4t3:

Dude, your using partially decimal notation and partially comma notation, that's distracting, are you american or euro?

0.12345678 american

0,12345678 euro


[1 Points] None:

CHUP


[1 Points] futilerebel:

How do you know that's an Agora deposit address, and why doesn't Agora use a different address for each deposit? Plus, there's legal stuff being sold on the darknet, LE would need way more evidence than this to convict someone.


[-2 Points] MasterMined710:

Darkcoin


[-5 Points] ghhomabaaa21:

Yo op you didnt prove anything, you claimed you found agora deposit addresses all belonging to the same account then followed them back through what you believe is a mixer and then to what you believe is an address belonging to lbc. Have you proof that any of these addresses belong to any of these services spit it out, but you cant because i believe this post belongs to what should have been a cum stain on your mothers leg. That my friend is an example of true detective work.