Alphabay, the current biggest market just introduced several new improvements to its withdrawal wallets system to enhance users anonymity:
We have made changes in the withdrawal system. Withdrawals will now be sent in separate transactions. This is done for better privacy, as we will be implementing a Bitcoin tumbling system in the next days. You still have the option to request a single transaction for a small fee.
We have taken additional security measures to obfuscate wallets. It is now impossible to profile our hot wallets. Deposits addresses have also been changed, please check the Balance page before depositing. You can read the full announcement in the Announcements forum.
Alphabay admins posted a more detailed explanation of these changes:
—–BEGIN PGP SIGNED MESSAGE—–
Our primary role as the biggest online marketplace is to protect our
buyers and seller in case they get arrested and we must make sure that
nothing can be proven. As a way to achieve this, Alphabay implemented
additional security measures on its wallets to prevent profiling.
– — How do we know that you are sending money to a Darknet Market? —
Some sites like Circle and Coinbase are known for their rapidity in shutting
down accounts who send coins to darknet markets. How do they know? This
is done via a technique that we call “address input clustering”. Let’s say 3
users deposit coins to Alphabay, and they use addresses A, B, C. Three
other users deposit, and use addresses D, E, F. If I make a withdrawal and
get coins from A and B, blockchain analysis can reveal that A and B are part
of the same “cluster”. The default behavior of Bitcoind is to combine inputs in
a single transaction, so it is assumed that 2 inputs used in the same transaction
are part of the same wallet. If I withdraw again and get money from D, E, F, then
we have another cluster. We now have 2 clusters: AB, and DEF. If another
withdrawal uses B and D, then we just linked the 2 clusters together, and
we have one big cluster ABDEF. The process goes on until we have a pretty
good idea on the marketplace’s holdings, which is the technique used by
WalletExplorer.com. Sites like Coinbase and Circle make their own analysis
and hold a list of addresses, updated daily, that are presumed to be part
of a Darknet Market, and shut down accounts who get involved with an
address part of those “clusters”.
– — What consequence does this have? —
Most major Bitcoin exchanges also analyze the blockchain this way, and file a
suspicious transaction report if a user is suspected to be involved in a DMN.
Although Blockchain analysis is not court-admissible evidence in the USA,
it gives the investigators a very good clue on where to start the investigation.
If you don’t use a tumbler, you can be traced. Investigators obviously won’t
bother following every transaction, but better be safe than sorry.
– — How did Alphabay mitigate the issue? —
As most of you probably noticed, in the past 3 days, withdrawals were sent in
multiple small transactions. We were still using the old wallet while testing the
new features. We are now using a brand new hot wallet with brand new
addresses. Transactions will be sent in small increments like now, with a
randomized fee and randomized time frame, and always using single inputs,
preventing all kinds of blockchain analysis. Alphabay’s wallets are now totally
secret, and no service can shut you down for “illegal use”. If you check the
“request single transaction” checkbox, your transaction will be sent like all
other withdrawals, but to a temporary address, and upon the first confirmation,
sent to your wallet, adding around 15 minutes to the process.
In addition to this new technique, we also take additional measures:
– – All addresses and transaction IDs associated with you are deleted after 7 days.
– – No more reusing of deposit address. All addresses are brand new.
– – All order notes are deleted after 30 days.
For up to 48 hours, deposits sent to old addresses belonging in the previous
wallet will be automatically added. After that, we will accept support tickets for
up to 5 days regarding missing coins (if any). Always check your Balance page
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
—–END PGP SIGNATURE—–