Inside a bitcoin laundry III: wash day

Wednesday 03 June 2015

Laundry day: let’s see how clean those coins really are.

To close this mini-series on bitcoin laundries, let’s now take a look at Bitcoin Fog’s withdrawal set-up, and what the whole process does to the usually-transparent nature of the blockchain.

See also: Inside a bitcoin laundry II: Bitcoin Fog

Last time I pre-washed some coins (sent them from an exchange to a new account) and deposited them with Bitcoin Fog. Having waited a while for my coins to mix with other depositors’ cash, I can now withdraw them into a new address that has never been used before. Assuming I’m careful not to link that address with any of my pre-existing addresses, it becomes extremely difficult to establish any link between them. I can then use them to make anonymous donations to Edward Snowden’s defence fund without fear of waterboarding or rendition.

I sent 0.04138308 BTC ($10) from my pre-wash account to Bitcoin Fog. Once the funds were cleared, I had 0.04072105 left to withdraw, meaning that the laundromat’s fee was 1.6% (they take a variable fee of 1-3%, to further obscure the transactions). I then set it to withdraw 0.04 BTC

Withdrawing coins

Bitcoin Fog’s withdrawal process is kind of neat. You can schedule the transaction to happen at up to 48 hours in the future, so once you set it up you can logout and forget about it. You can also state the length of time you want transactions spread over, so there’s not one single withdrawal to track on the blockchain. To complete the obfuscation, you can specify anything up to 20 addresses to withdraw to. After that package of measures, good luck to anyone who wants to trace the transaction trail.

Bitcoin Fog withdrawal

Ok, so this bit's pretty cool...

Since I’m doing this out of interest rather than because I need super-clean coins, I’m setting the withdrawal window as 6 hours, the minimum, with a 24-hour delay first. Enter the amount and your receiving address, or addresses - again, just one for me - and you’re good to go. And that’s it, after a quick captcha: scheduled. The withdrawal can be cancelled before it starts, if necessary.

The result

The money starts coming into my clean address 24 hours later. It’s a small amount, and just two transactions, totalling 0.04 BTC, about two hours apart. Five different addresses are involved in the transaction, aside from my receiving address. Each of them has only ever had two transactions. Trace things back a little further and it starts to get a lot more complicated. In fact, I’m almost immediately lost (as were BTER, when they tried to follow their 7k coins).

It’s a well-run operation, very easy to use and effective. I have to admit I’m slightly uncomfortable about using a setup that has had so many stolen coins passed through it, even if that’s a point in favour of funds being properly anonymised. And it’s still a centralised solution, so it requires trust in the individuals behind it, but as these things go it’s about as good as it gets. I’m not sure what I was expecting - perhaps the darkweb equivalent of a back room in a dodgy casino or a conversation with Saul Goodman, but the reality was a pleasant surprise.


comments powered by Disqus