A while ago we told you about Kilos, a search engine for dark web markets, placing it closely related to the now defunct Grams. Grams also once integrated Helix, its bitcoin mixing service. Now, Kilos has implemented Krumble, a service that promises to anonymize our bitcoins. Let's see if it's true!
What is krumble?
As we have already said in some occasion, All Bitcoin transactions remain tracked and accessible to anyone forever. Using mixing services allows you to combine the activities of multiple parties and create several seemingly superfluous transactions, thus preventing or making it difficult to link them to their respective authors.
Kilos administrators claim they created Krumble to protect users' security more effectively than previously existing services. Specifically, they apparently developed it to use fee random to avoid associating transactions with the mixer, and random intervals between transactions. In fact, by always using the same fee For each transaction (expressed in sat/byte), it will be easy to label transactions likely related to the mixing service.
Kilos administrators also point out that the service is most effective when mixing a large number of coins.
How does it work?
Let's see how to use the Krumble mixer. First, we'll be asked to enter one or more Bitcoin addresses, where the bitcoins will be transferred once the mixing process is complete.
So, let's get an address where we'll receive the bitcoins we're entrusting to Krumble to "clean" them. We'll use our own address, created specifically for this purpose., 1osiNtqFFr3vi2iJMF9RtR9PtS2MLZf6B.
To create it we used the tool VanityGen, so you can get a personalized one. We also point out a project, derived from VanityGen, VanityGen Plus, capable of creating personalized addresses for many virtual currencies. Furthermore, we would like to point out a item which explains in detail how VanityGen works.
Once you've entered your Bitcoin address, click the "Clean my coins!" button to receive further instructions.
First of all, our mixing request is assigned an identifier that, if inserted appropriately in the URL, will allow us to know its status even if we close the page.
We are then given deposit addresses to which we can send the bitcoins we want to clean, which we will ultimately receive at the address we provided in the previous step.
We must be careful not to send amounts less than 0.05 bitcoin as they may not be considered.
Let's clean up the bitcoins!
To test how the mixer works, let's send some bitcoin to one of the addresses provided. We chose the second one., 36Tjmat2YqhrmHFxWY2dZhjg611iUhKEm6 and we sent a transaction of 0.005 bitcoin.
At this point, after waiting for the transaction to receive at least one confirmation, we refresh the Krumble page to verify that our mixing request is being processed.
We find the hash of the transaction we initiated earlier. At this point, Krumble hasn't started clearing our bitcoins yet, but is waiting until a timeout expires, which is displayed each time we refresh the page. Only after this time has elapsed will our bitcoins be moved.
How are our bitcoins mixed?
Once the expected time has passed, we see that our address 1osiNtqFFr3vi2iJMF9RtR9PtS2MLZf6B received the sum of 0.00463294 bitcoin, with a transaction placed just moments after Krumble's expected waiting time expired. We immediately notice that the amount received is slightly less than the expected 0.00483755 bitcoin.
Let's now try to retrace the path followed by the bitcoins we received at our address back to our initial transaction. To do this, we can use blockchain.info transforms via the software Maltego.
The result is certainly disappointing. Krumble simply spent the bitcoins we sent along with those sent by another user to the address 3QEw8rJzLJyuJoPYWsut983zH8vxrp7YqU and send them to the destination addresses in one go transaction.
For an external observer, by observing the amounts moved, it will be extremely simple to determine the origin of the bitcoins received from our address and the origin of the bitcoins received from the address 3ADJ9FcCASuXj2U3fFvhRMCgsUhNQkH2B2.
Conclusions
Despite the excellent promise, we were quite disappointed with Krumble. Clearly, as stated on the service's description page, to maximize its effectiveness, it's best to send multiple transactions to more than one of the provided addresses and specify more than one output address.
Adopting these precautions would certainly have made the result more interesting, but its operation remains so basic that it can easily be replicated manually by any user, without the need to entrust one's bitcoins to a third party, losing access to them for several hours and risking never seeing them again.
In our case, we sent a single transaction and provided a single destination address to simplify our analysis. However, Krumble's mixing activity was essentially limited to receiving our bitcoins at one of his addresses and sending them back to one we provided.
Ultimately, Krumble doesn't seem like a great service from a privacy perspective, but perhaps it won't make life too difficult for investigators and analysts. However, there's no reason to celebrate victory, as there are now many alternatives for mixing bitcoins very effectively and reliably.
Leave a Reply