Bitcoin buyer beware: One of the most popular guides for mixing bitcoin on the internet leads users to phishing sites that will steal your bitcoin and leave you with no recourse to get it back.
Darknetmarkets[dot]org–we won’t link to it here to avoid giving it any further SEO boost–appears at or near the top of Google results when searching for phrases similar to “how to mix/tumble/launder bitcoin”. The article, “A simple guide to safely and effectively tumbling (mixing) bitcoins”, offers a straightforward but informative tutorial.
But the onion links it gives to two popular mixing services on the DarkNet: Helix by Grams and Bitcoin Blender, are forgeries. They lead to near-identical copies of the real Helix and BitBlender websites. They look and function the same way. But as soon as the victim sends them bitcoin, that money is gone forever.
An effective scam with help from Google
Update: Helix by Grams was officially shut down in December by its administrator. Any website claiming to be Helix at this point is almost certainly a phishing scam. That includes the link that’s still active in the Darknet Markets article. The exodus of users from Helix will likely be viewed as opportunity for scammers to phish new victims, so it’s now more imperative than ever to make sure you’re on the correct site. Comparitech has reported Darknet Markets as a phishing site to Google on two occasions, but the page still ranks near the top of search results. We contacted Google for comment but did not receive a response as of January 29, 2018.
Scams surrounding bitcoin and the DarkNet abound, but this one is particularly dubious.
First off, it targets novices, including many people who have probably never visited the DarkNet before. Bitcoin mixing, also called bitcoin tumbling or bitcoin laundering, is a process by which someone can break the traceable connection between the sender and receiver. This allows users to anonymously send and receive bitcoin without anyone being able to track transactions back to them through the blockchain.
Mixing bitcoin properly is a somewhat complicated process. Many, if not most first timers, turn to Google for help. There’s a certain credibility that comes with being a top result; people tend to trust whatever Google ranks highest.
Second, the article doesn’t appear to be a scam. In fact, were it not for the phishing links, it would be a good reference. It even tells users to double check their onion links for the mixing services. It advises users to perform this check on another Darknet Markets page, which of course also points to the forged sites. The entire website somewhat resembles DeepDotWeb, a popular news and information site on the clearnet that covers similar topics.
Third, the forgeries are good. There are few discernible differences between the real Helix and Bitcoin Blender sites and the phishing sites. Someone who had never visited the real versions before wouldn’t know the difference, anyway. Even the genuine sites don’t have verified SSL certificates, so there’s no green padlock or “https://” prepending the URL. Users must simply know the real onion addresses, which for those unfamiliar with Tor hidden services, often contains strings of random letters and numbers.
So how effective is this scam? Very. Comparitech learned of the scam after an acquaintance of the author was duped out of $100. We have taken steps to verify their claim and are positive Darknet Markets is complicit. An r/grams Reddit thread (now banned by Reddit) pinned to the top of the forum is full of comments from people who each lost hundreds of dollars, and new threads are created regularly by people who get duped:
“IM SO SALTY RIGHT NOW. Just lost $150.”
“These ***holes got me for $200. Don’t fall for it.”
“RIP $900. Hope they fall into a volcano filled with needles.”
And it’s not just people who want to mix bitcoin that fall hook, line, and sinker. While the mixing tutorial was what brought our attention to the site, Darknet Markets links to forgeries of entire marketplaces where users go to purchase illicit goods. These include Dream Market, Alpha Bay, Outlaw, East India Company, and several more. These are phishing scams designed to steal login credentials for the real market sites, where they’ll clear out your account.
This racket has been running for some time. The article was published in July 2015. Google typically removes links to scam websites from its search results, but due to the nature of the subject matter, perhaps it isn’t interested. Bitcoin mixing is often associated with criminal activity, and Google has no impetus to rescue who it sees as criminals from other criminals stealing from each other on the DarkNet.
The author has filed an official complaint with the FTC regarding the matter.
Mixing bitcoin is not just for criminals
As privacy advocates, we encourage Google to remove any and all links to Darknet Marets[dot]org. There are plenty of legitimate reasons for people to spend money anonymously, and they deserve to be protected. A few examples include:
- To make an anonymous purchase, such as a VPN subscription, without giving up identifying payment details or allowing ecommerce companies to sell your purchase history to advertising networks
- To make an anonymous donation, such as to a charity, nonprofit, or person in need
- Hiding money in an account during economic turmoil when assets are in danger of being seized by a corrupt government, such as the current situation in Venezuela
- If you unknowingly receive bitcoins that have been tainted, mixing them can make the bitcoin usable again. For example, Coinbase has rejected bitcoins awarded from gambling sites
Finally, it all comes down to privacy. No matter how you use your bitcoin, you have the right to do so anonymously. It is no one’s business but your own how you spend your money.
Where are the real links?
Without verified SSL certificates, it can be difficult to distinguish between phishing scams and the real deal on the DarkNet. We recommend corroborating onion links at multiple, distinct sources around the web to ensure the site you interact with is legitimate. We give a link to Grams’ Helix Light tumbler in our bitcoin mixing tutorial.
But don’t take our word for it. Triple and quadruple check your links at other reputable sites as well.
Choose mixers with plenty of good feedback from multiple sources on the web. Mixers that offer PGP-encrypted guarantees are a definite bonus, but the forged Bitcoin Blender site has this as well, so don’t rely solely on that. If you plan to mix a large sum of bitcoin, start with the minimum amount as a test to ensure that your deposit goes through.
Once you’ve got a working link, save it in an encrypted, password-protected note on your computer or external drive. You never know if a site that pointed you to the correct URL in the past has been compromised in some way, so rely on yourself first when possible.
This might be off-topic… but how do coinBase know the origin of a bitcoin?
i.e. how do they know if its coming from gambling?
Specially if my receiving address is receiving BTC from various sources.
I know BTC is not anonymous… but tracing the origin of a btc is hard for me to understand?! would appreciate any ideas in that regard, thanks.
Coinbase can trace back any amount of bitcoin through the blockchain to see the transactions and wallets it’s been through. You can test this yourself using blockchain.info.