Popular Tutorial On How To Mix Bitcoin Leads To Phishing Sites
By Paul Bischoff
Those who Google "how to mix bitcoins" or similar keywords will likely be greeted with a tutorial from DarknetMarkets[dot]org at the top of their search results. The "simple guide to safely and effectively tumbling (mixing) bitcoins" instructs users on how to break the link between a bitcoin's sender and receiver, allowing them to anonymize transactions and purchases without being traced.
That guide, however, contains phishing links to forgeries of real bitcoin mixing services, Helix by Grams and Bitcoin Blender. The fake sites look and function similar to their genuine counterparts on the DarkNet, but when users send them bitcoin to be mixed, it disappears forever.
Comparitech tore the veil off of the scam in a recent article warning users to avoid the phishing links at all costs. The tutorial, published in 2015, has been regularly called out by victims on reddit and other forums, who have each lost hundreds of dollars. Comparitech independently verified that the links lead to phishing sites.
What is bitcoin mixing?
A common misconception is that bitcoin is anonymous. In fact, every transaction since the cryptocurrency's launch can be traced back to the senders' and receivers' wallets through the public ledger known as the blockchain. While those wallets might not contain any information about their owners' identities, law enforcement and other entities do their best to draw connections.
Bitcoin mixing, also called tumbling or laundering, is done by sending bitcoin to a mixing service that pools the sender's bitcoin with other people's, then sends the "mixed" amount of bitcoin to a specified wallet. This obfuscates the origin of the bitcoin and allows the owner to send or receive bitcoin with a much higher degree of anonymity. Without explicit compliance from the mixing service, it would be nearly impossible to trace mixed bitcoin back to the source.
Bitcoin mixing is often associated with criminal activity such as the sale and purchase of illicit goods and money laundering. But it also has several legitimate uses, such as anonymously making a purchase of a legal good or service, making an untraceable donation, or hiding money from corrupt officials in times of economic turmoil.
Elaborate and effective
A number of factors make the Darknet Markets scam extremely effective. Chief among them, it's rated at the top spot on Google when searching for phrases similar to "how to mix bitcoin." Many of us automatically assume that if something is ranked number one on Google, then it must be legitimate. Clearly, the search ranking helps Darknet Markets target novices who turn to Google for help.
Other than Google, the article is also the fourth result on Bing and the fifth on Yahoo for the search phrase, "how to mix bitcoin".
Furthermore, the website looks legitimate, and the tutorial itself is actually full of useful advice that's palatable for newcomers. The forged sites are convincing duplicates of the originals.
Besides the bitcoin mixing tutorial, Darknet Markets also contains several other phishing links to popular marketplaces on the dark web. These forgeries are designed to steal your login credentials, which are then used to log into the real sites and clean out the accounts.
How to avoid being scammed
Comparitech has published its own tutorial on how to mix bitcoin as an alternative to Darknet Markets, which includes a link to the real Helix by Grams mixing service. But it warns readers not to take anything for granted.
Always double and triple check onion links from multiple independent sources. Because most DarkNet sites don't have HTTPS certificates, you'll need to know the exact URL of the site you're looking for. Onion sites usually contain at least some randomized letters and numbers, so it's important to look over every character.
If you don't use Helix, pick a mixing service that has plenty of active users and strong feedback. This will not only ensure that you do not get scammed, but that your bitcoin is mixed thoroughly and quickly. A PGP-encrypted guarantee of your transaction is useful, but does not necessarily mean that the mixer is legitimate.
If you plan to mix a large amount of bitcoin, first send the minimum amount allowed as a test run to make sure you know what you're getting into. Once you've determined that a mixing service is genuine, copy the URL down onto an encrypted note. Links on websites, even seemingly reputable ones, can later be altered, so it's important to be able to depend on yourself.