[WARNING] USE PAYSHIELD AND SIGAINT SERVICES AT YOUR OWN RISK - or better yet not at all.

Take a look in my comment history and you'll see some time back I posted about some strange behavior I saw with the coins I sent to PAYSHIELDs DEPOSIT address. A quick summary, I sent coins to be mixed using PAYSHIELD and saw odd behavior from the start. The coins hit the required confirmations for the transactions but they sat in the DEPOSIT address for a day before any movement.

Then they finally moved and were mixed. But the coins were outputted to an address I did not specify. After many many attempts to contact support, I got the "final" response, which sums up to be "idk you must of screwed something up but you're out of your coins sorry better luck next time". Here's their official response and my notes are provided in bold.

A couple things to start:
1. You are dealing with the same person abuse & support go to the same place. - never contacted abuse@sigaint.org, dont know what hes refering to
2. You aren't getting 'more silence' from us. We've answered your question - my question was to show me objective proof other than "take our word for it". They dodged and ignored the question over and over.
and spent considerable time explaining to you and outlining what happened. - 4 perfunctory responses is considerable time?
3. The entire point of mixing your coins in a mixer is to anonymize the
coins. The OUTPUT address isn't going to line up in any way with the DEPOSIT
address for obvious reasons. - does this really escape you??
Is he saying SIGAINT can move coins without in/out records on the BLOCKCHAIN? That would be quite the achievement.

I am going to reiterate one more time what happened with your mix, after
which I am not wasting anymore time on it as I have tons of other work to
attend to.

  1. You supplied us with the PayShield status URL claiming you never received
    the coins on the OUTPUT address you specified.

  2. We look up your mix with the PayShield status URL you supplied:

    • We see the full payment to the DEPOSIT address.
    • We see the mix completed successfully and the coins were sent to the
      OUTPUT address.
    • We see the OUTPUT address DOES NOT MATCH what you gave us.
  3. We supplied you with the BTC txid showing the payment out of the mixed
    coins to the OUTPUT address.(because you had the PayShield status URL and
    could prove you owned the mix)

This means one of three things:
1. You inputed a different OUTPUT address by accident(although after giving
you the BTC txid and you seeing the actual OUTPUT address this seems
unlikely) - I didn't put the wrong address in, I triple check everything before broadcasting any transaction.
2. You went to a clone of PayShield that replaces the OUTPUT address people
paste in with their own OUTPUT address through a transparent proxy.(this seems most likely to us)
- HOW COULD HE POSSIBLY THINK I WENT TO A CLONE SITE WHEN HE JUST SAID I PROVIDED HIM WITH A VALID PAYSHIELD URL AND TRANSACTION ID!? This just screams of smoke-screen and user blaming. SImple logic would have ruled this out as a possibility and yet SIGAINT support thinks this is the most likely thing that happened... SIGAINT's org lost any credibility with this statement alone. If their team members are that stupid and unable to apply the simplest of logic, I can't imagine what other security/process problems they have waiting to be found.
3. Your endpoint is compromised and something in your browser is replacing
content as you submit it.(substantially less likely) - A temporary environment used in special conditions, tunneled and obfs to TOR. No, my endpoint is not compromised.

Also for clarity's sake we divulged the BTC txid with the OUTPUT address ONLY
because you had the PayShield status URL. This proves the mix belonged to
you. If you hadn't had the PayShield status URL we would not have provided
you with the OUTPUT address/BTC txid as that would have potentially
deanonymized another person's mix.

I understand why you are frustrasted, but there is nothing more we can do for
you in this case - the coins were mixed out to the address given to us. All I
can suggest is you use this loss as motivation to adjust your processes.
Learn PGP and bookmark our site after verifying our .onion declaration here:
http://payshld6oxbu5eft.onion/payshield-declaration.txt

Again I'm sorry you lost money but we didn't take it. If you decide to scream
scam there is nothing we can do - all I ask is you quote this email as our
response. I've intentionally left the amount, BTC txids and addresses out of
this email so there is no sensitive information that could deanonymize you.

We have signed this message with PGP we suggest you verify the signature is
good. If the signature is bad do not trust the links shown above.

We wish you better luck in the future on the DN.

SIGAINT


So this is a warning to the rest of the DNM community. I've used tumblers 100s of times, and PAYSHIELD maybe 20 times. Never any trouble before. This one time something got fucked on their end and they are unwilling to admit it because they dont want to lose credibility or have to reimburse a user some coins.

So to recap, dont be surprised if PAYSHIELD suddenly eats your coins. You'll get blamed with no explanation other than "take our word for it". You've been warned.


Comments


[3 Points] gramsadmin:

I say think payshield is in the right (a little) here, because if they are mixing correctly there is no way to trace the coins. We have this happen with users on helix sometimes. Usually we tell them where the coins did go based off they helix address they sent to and they realize they pasted the wrong address in to helix and the coins went to an older address they had in their clipboard and forgot about.


[2 Points] Lucyintehsky:

Nice proof i totally take your word for granted fresh account, you are the one.


[2 Points] polloppollop:

I had an issue with Payshield a few weeks ago, which got resloved by support and was my mistake, so I kind of trust them. BUT the person was kind of rude with me, which I can understand, they probably have to deal with a lot of idiots, however it doesn't inpsire confidence. If you're going to run a service like that you have to know you will need to deal with idiots, and should maintain professionalism at all times. The fact that they do not makes me nervous and I won't be using their services. I know this doesn't address your issue, and it sounds like you have a reason to be upset. Hope you get some resolution.


[2 Points] dabsofslabs:

tl;dr dude messed up and got phished or sent to wrong wallet now blaming others jk or he's totally serious either way.


[2 Points] TakeMeOver22:

It's technically possible they took your money by putting a different output address themselves.

But considering the fact that you don't seem to understand both tumbling and phishing, I'm leaning towards "you fucked up".

Allow me to briefly explain how it's very possible that you got phished. So you go to a phishing site, which acts as a proxy between you and the actual site. Everything looks legit, and everything you do and type in is forwarded to the actual site, and the sites response is presented to you.

So they give you an input addy to send the coins to, which is a legit PayShield addy, and you type in the output addy, where you want the coins to end up, right?

Well great, except that the phishing site took that output addy and insted of forwarding it to the actual site, put its own output addy and sent that.

So they get minty fresh, mixed coins right in their wallet of choice.


[1 Points] _TROLL:

I'll never understand why people use these places.

Send your coins to a gambling site, then withdraw them a short while later. Coins are tumbled. Zero cost. Done.


[1 Points] Lucia-Anil:

Just use Alpha's auto-tumbler.

Send to a wallet with no association to you and then to A.B

I can go to a corner store here and buy a Flex card- totally anonymously. I just give this guy $5 to buy it for me. Ill send it to a wallet with no association to me, then right to Alpha.


[1 Points] gogojunky910:

The fact that you think #2 is impossible proves you don't know much about computer security. It's trivial for a scammer to setup a proxy site that replaces output btc addresses with their own while relaying everything else between you and the real site. If you went to one of those then you'd still have the valid payshield url that the scam site relayed back to you. Undoubtedly many such scam sites exist for any major bitcoin service, including payshield.

Of course it's impossible for any third party to tell whether you were really scammed by payshield or just visited a scam clone site.


[1 Points] None:

When will you people learn and stop using tumblers? Convert to LTC or ETH, then back into BTC. You can even make $$$ by doing this and playing on a few market fluctuations before pulling back out your BTC. And it offers complete obfuscation.


[0 Points] AutoModerator:

Please always verify e-mails via Grams InfoDesk and also always encrypt your info with the vendors PGP-key.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.