Skip to content

Update whitelist.yaml (bitmixlist.org) #1823

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
ZenulAbidin wants to merge 1 commit into from
Closed

Update whitelist.yaml (bitmixlist.org) #1823

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion whitelist.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,5 @@
- url: "*.tistory.com"
- url: "*.surge.sh"
- url: revoke.cash
- url: nftplus.io
- url: nftplus.io
- url: bitmixlist.org

@coderabbitai coderabbitai Bot Jun 10, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🌐 Web query:

What is bitmixlist.org and what content does it host?

💡 Result:

BitMixList.org is a directory and informational resource focused on Bitcoin privacy services and tools [1][2]. Launched in 2023 by a known Bitcointalk user, the site was created as a repository for information on privacy services—specifically cryptocurrency mixers—following the decision by the Bitcointalk forum to restrict mixer-related discussions [3][4]. The site hosts the following content: Directories of Privacy Services: It maintains lists of Bitcoin and altcoin mixers, exchanges, P2P markets, and other privacy-focused tools [1][5]. The directory aims to help users identify reputable services while explicitly warning users against using the site for money laundering and emphasizing that it does not endorse the services listed [1][6]. Educational and Technical Resources: The site provides content on the mechanics of mixer privacy, on-chain anonymization, and information regarding the history of Bitcoin mixers [3][7]. It also includes technical guides or tables mapping various privacy rails (such as CoinJoin, stealth addresses, and atomic swaps) to their respective capabilities and use cases [7]. AML and Monitoring Tools: The site features an AML (Anti-Money Laundering) score checker, which allows users to check the status of cryptocurrency transactions [5][2]. Global Crackdown Index: It hosts a collection of stories and reports regarding coordinated government actions, arrests, and infrastructure seizures targeting Bitcoin privacy services [6]. Operational Details: The site emphasizes a privacy-first approach, stating that it does not collect IP addresses or use cookies [2]. It operates primarily through the canonical domain bitmixlist.org and provides emergency mirrors to maintain accessibility during potential service interruptions or DDoS attacks [1][2].

Citations:

🌐 Web query:

Are there any security advisories or threat intelligence reports for bitmixlist.org?

💡 Result:

Yes—though I did not find any “formal” government/CSIRT security advisory specifically naming bitmixlist.org, I did find threat- and abuse-adjacent security material associated with the site. 1) Threat intelligence / security reporting artifacts tied to BitMixList - BitMixList maintains a “Full list of all known scam mixers (updated June 2025)” published as a GitHub gist and referenced as “Used on Bitmixlist.org,” which is essentially threat-intel style community reporting (scam/exit-scam indicators) rather than a CVE advisory. [1] - The Bitcointalk announcement thread for BitMixList also contains reports/discussion of a “100% confirmed exit scam” mixer being delisted, indicating ongoing hostile-service tracking and remediation via the directory/AML-checking ecosystem. [2] 2) Domain-level monitoring evidence (not a formal advisory) - urlscan.io has a current domain page for bitmixlist.org and indicates the domain has been observed in its scanning system, but urlscan.io is not an advisory source and the page shown is a snapshot/telemetry rather than an authoritative security bulletin. [3] 3) Site self-descriptions related to security posture (not external advisories) - BitMixList’s own terms include claims about not listing illegal services or scams, and a mechanism for reporting services. This is a self-stated policy rather than a third-party threat report. [4] Conclusion - No clear, authoritative security advisory (e.g., vendor/CSIRT/government advisory naming bitmixlist.org) surfaced in the sources I found. - However, there is community “threat intelligence” in the form of scam-mixer lists and delisting discussions that are explicitly tied to BitMixList (GitHub gist used on the site; Bitcointalk thread discussions). [1][2] If you want, tell me what “authoritative” you require (e.g., CERT/CSIRT, MITRE, major AV vendors, or law-enforcement bulletins). I can narrow the search to those exact feeds/brands.

Citations:

🏁 Script executed:

#!/bin/bash
# Check if there are documented security reviews or discussions about this domain in the repository

# Search for any prior mentions or discussions of bitmixlist
rg -i 'bitmixlist' --type md -C 5

# Search for any security review process documentation
rg -i 'security.*(review|process|approval)' --type md -C 3

# Check git history for previous whitelist/removal of this domain
git log --all --grep='bitmixlist' --oneline

Repository: phantom/blocklist

Length of output: 91

Request justification + scanner rationale before whitelisting bitmixlist.org (whitelist.yaml line 34)

  • bitmixlist.org presents itself as a Bitcoin privacy-services directory/informational site that lists mixers/privacy tools and includes warnings about illicit use; that’s not the same as the domain directly operating a mixing service.
  • No authoritative CSIRT/government-style security advisory or CVE specifically for bitmixlist.org was found; the main “threat” material is community scam/exit-scam style reporting plus third-party domain telemetry.
  • Still required: explain why the automated scanner repeatedly flags this domain (detection criteria/what signals it matches) and whether prior removal was due to the same issue.
  • Also confirm the whitelist’s exact effect in Phantom’s security system (what protection is bypassed) for bitmixlist.org, and document why allowing it is safe given its mixer-adjacent context.
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@whitelist.yaml` at line 34, Add a justification block immediately above the
whitelist entry for "bitmixlist.org" in whitelist.yaml that explains why this
informational directory (not an operator) should be allowed, include a clear
scanner rationale listing the exact detection signals that caused repeated flags
(e.g., keywords, heuristics, telemetry sources), note whether prior removal was
due to the same signals and when, and explicitly state which Phantom protections
the whitelist bypasses (e.g., URL blocking, content scanning, policy
enforcement) plus a short risk assessment explaining why bypassing those
protections is acceptable for this domain given its mixer-adjacent but
informational nature; ensure this text references the domain "bitmixlist.org" so
reviewers can easily correlate the rationale with the whitelist entry.

Loading