A case of mistaken identity; or: bitmix.io is a CON!!!

TL;DR: Bitmixer.io is legit; bitmix.io is the con.

I've been conned. Scammed out of $700 on last check. (The fixed value is exactly Ƀ0.59877194)
I've really gotten into this whole "bitcoin thing" and why not, it's fascinating, and if you have the time, knowledge and knack, you could even make money if the market is falling.

But that's not the story here. This story is how I was taught an expensive lesson.

You see, it's a myth that bitcoin is anonymous. The truth is, even an amateur data scientist can track bitcoins. From the moment you buy them until the moment they leave your possession, every transaction is recorded publicly. But, if you're smart, you CAN achieve differing levels of anonymity depending on how paranoid you are. The easiest way is to use a "mixing" or "tumbling" service such as https://bitmixer.io, to combine your coins with those of many others, and pay them out from random accounts such that you leave with the same amount that you started with, but it can't be traced to you.

This is where our story starts.

I'm learning about bitcoin, so it only seems reasonable to try out one of these services. So, I got a link to bitmixer.io from a friend, and send some Ƀ through it, and I wait. I wait, and wait. TWO DAYS I wait, and I don't get my Ƀ back. (To be fair, I was foolish to have started with so many bitcoin; but I trusted my contact)
I start digging. I discover they have a support email address, so I email them the unique "Letter of Guarantee" I had received from them to see if they can help me in any way. I get a prompt reply back that the LoG could not be verified, and asking me to check my browser history to see if I had really used bitmixer.io
Wierd, I know the site said "bitmixer.io" but ok. I check my history; and lo and behold, I had visited "bitmix.io"! It looks EXACTLY like bitmixer.io.

See for yourself:

Here's the fraudulent page:bitmix.io

Here's the legit page:bitmixer.io

Can you tell the difference?
I can't.

Let me show you the only visible differences:url highlight

Yes, the facsimile is identical, save for operator, and url. It even processes your input in the exact same manner. If they were not in the business of fleecing unwary customers out of their BitCoin, I'd commend them on a job well done.

Full disclosure: there is one other point at which you could tell something is amiss. The Contacts page. on the legit site, it brings up a page showing how to get in touch with the operators; on the fake, it just 404's.

Once you start in on the mixing process, you get one more chance to check the legitimacy. That is the signed Letter of Guarantee that bitmixer provides to assure you that they will take appropriate steps

Here's a legit one:

-----START SIGNING BITCOIN ADDRESS-----
1BitmixerEiyyp3eTLaCpgBbhYERs48qza  
-----END SIGNING BITCOIN ADDRESS-----

-----START LETTER OF GUARANTEE-----
We hereby confirm that BITMIXER.IO has generated the address 1QFE5oAUnWrmsfAnduLcnTBgaFncoqmN6A in order to transfer incoming amount (minus fee) to the following addresses:

100% to 1DrHeptmYmgSpLg6yh8kYcnzQiPy7mRSC8

This service will be only available for all bitcoins received from February 24, 2017, 2:15 to February 25, 2017, 2:15 GMT with minimum amount of 0.01 BTC. Our fee is 1.1384% + 0.0005 BTC for every forward address.  
This letter is digitally signed by our main account: 1BitmixerEiyyp3eTLaCpgBbhYERs48qza. Stay protected and thank you for your services.  
-----END LETTER OF GUARANTEE-----

-----START DIGITAL SIGNATURE-----
HII0pVKu9C2RgyIwuf2/6X2dfXMORr1qr8zXZFKSfPgeTfQyU4dkANoo6EANfepS5FD0pqFL5uDj8wawq/2ypL8=  
-----END DIGITAL SIGNATURE-----

You will notice that the signing bitcoin address matches the address provided by the legit site (and, for now, the fake site too. Weird, seems they overlooked that when they copied the site.)
signing address

Also, if you copy and paste the supplied fields into a message verifier, it works. (I like https://tools.bitcoin.com/verify-message/) Verified legit

However, if you just merely copy and paste the message fields, it will ALWAYS verify. Here's the results with my faked LoG:

Fake LoG:

-----START SIGNING BITCOIN ADDRESS-----
1BitmixUUEGGACPeKciTkxr6TaLUnYgekM  
-----END SIGNING BITCOIN ADDRESS-----

-----START LETTER OF GUARANTEE-----
We hereby confirm that BITMIXER.IO has generated the address 1LPT7iWHcbw7nbzPkuU1iipKkjtprUEXZK in order to transfer incoming amount (minus fee) to the following addresses:

100% to 1DrHeptmYmgSpLg6yh8kYcnzQiPy7mRSC8 after 10 hours

This service will be only available for all bitcoins received from February 23, 2017, 07:08 to February 22, 2017, 07:08 GMT with minimum amount of 0.01 BTC. Our fee is 0.8087% + 0.0005 BTC for every forward address.  
This letter is digitally signed by our main account: 1BitmixUUEGGACPeKciTkxr6TaLUnYgekM. Stay protected and thank you for your services.  
-----END LETTER OF GUARANTEE-----

-----START DIGITAL SIGNATURE-----
HKKrFKwW5aINTbipycqSfOJLUfuWuBU2+njyjxh8dD7bOUUqrxq+j3iZ3YNuB52Yk77wjIJ3m6UbsORsQT5RtGI=  
-----END DIGITAL SIGNATURE-----

Verification with cut and paste:Verified fraud

However, if you follow the instructions given in both sites* to verify with account given as main account; before you make the final transaction:

*Here's where the recommend verifying.