Topic: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 (Read 14581 times)

This is why we put a lot of effort into changing the username eXch.cc to eXch. 

The thing is, people who don't know how to differentiate the real from the fake could easily get tricked with scam social media pages as well. I see people in my Facebook friends circle share them all the time. Fake car giveaways from fake dealers presenting themselves as the real ones. I have seen people share fake cash giveaways by fake bank profiles. PlayStations, smartphones,... everything. It's usually relatively new sites with a few general posts and then a giveaway which requires the usual (like, share, comment, befriend). And people fall for that kind of thing. Logic stops as soon as people think there is something to gain for free.

I good security practice,  which I do for basic every website which I will pay something,  is to double check the address with their social media links.

In this case , bitcointalk is like a social media platform.

I would never enter my financial details or make a cryptocurrency payment without double checking the URL in other platforms such as their social media profile.

I think people who are using this exchange and are active here on Bitcointalk know how to find the official website, both the .tor and clearnet versions. I have bookmarked both a long time ago. The problem is reaching it from outside of the forum. The typical person isn't as security-conscious as a bitcoiner. If they had positive experiences with such onion site directories in the past, they will unfortunately not think twice to trust it with pointing the way to eXch. At that point, they have already taken a big step towards getting scammed. 

Warning: scammers are placing fake TOR onion site links on site directories (sites with compilations of other TOR onion links) like DarkDotFail for exchanges like Exch to take them to scam clones. Do not use onion directory websites to find any crypto exchange. Only use the official links on Bitcointalk or altt. Please stay safe everyone.

Here is the blog post I first found this information from: http://xxkdkmhcrw7mug2nhtorvsusrydoqtfxggeu3rxcxglh3jk7ltmlmeqd.onion/

Here is a screenshot for those without Tor Browser



As you can see, it is very easy to impersonate any TOR site just by generating an onion address that has the same first and last characters! So be careful!

Our email is [email protected] but I recommend contacting the "SEAL 911" team from https://securityalliance.org - a non-profit organization consisting of many volunteering entities and organizations specializing on blockchain analysis that have promised to provide free help and guidance for crypto heist victims. They will for sure provide you with all the necessary assistance for your case. Just a friendly tip - avoid Josh_CB from Cryptoforensic Investigators because he is toxic and incompetent.


It's true (in regards to FixedFloat funds).

1. Any custodial service that holds your crypto has full control over it thus can freeze and confiscate the funds. This concerns custodial wallets, centralized exchanges, smart contracts with freezing capabilities owned by centralized entities (such as Tether's USDT and Circle's USDC), cross-chain bridges (such as Avalanche Bridge that confiscates "dirty" BTC and ETH) and even some rogue cryptocurrencies (i.e. https://github.com/bitcoin-sv-specs/protocol/blob/master/updates/confiscation-transactions.md).
3. No, since we have never froze any crypto nor have any technical capability for doing so.
4. We have never encountered such situations before, so we currently have no protocols for such proceedings. We are also not a financial institution nor possess any money transmitting license due to the fact of operating with something called "cryptocurrency" that is not considered or recognized as a financial instrument by the most central banks, therefore not required to implement any. If Lagarde publicly admits crypto is a financial instrument, then maybe we will reconsider this, but until then we see no reason for even bothering for these concerns.




Coinos node doesn't appear to have the effecitve peering scheme for optimal routing and we had no routes to Coinos earlier but after this incident we have opened a direct channel with them: https://1ml.com/channel/923451228984246272

Payment of their invoices shouldn't fail anymore.

Since we got a bit more confident with LN lately and now have better understanding of its possible edge cases that might cause security risks for us, we will soon optimize LN payment response handling so customers won't need to wait for these errors to be reviewed manually by our team.


They haven't asked for any data type in specific: "[...] Please provide whatever records you have for [...]"


Can confirm.


It reminded me that some time earlier, some SlowMist rep explained to us that they refer to our service as a "mixer" in their annual reports exclusively because of what we post on Bitcointalk. L. O. L.

Apart from that, I always was quite sure this forum is frequented by state officials. Take for example FIOD (NL), who even have an account here.


I have decided to provide this data voluntarily in order to help flatten the investigative curve a bit so they don't have to bother theymos.





After communicating both via support tickets and emails today with this user, turned out they have used xmrwallet[.]com as their wallet and the destination XMR address was hijacked during sending, so their funds went to some other direction but not to the correct eXch deposit address. This was done either by the mentioned wallet itself or by the buffer clipper malware their OS is probably infected with. Also there are other users who had issues with that wallet earlier https://github.com/monero-project/monero/issues/8440#issuecomment-1186785857

We have also verified that the view key they provided didn't match the output corresponding to the correct deposit address.

Unfortunately, it's not the first time someone being a victim of such circumstances among our users. We have some wallet recommendations here that are relatively secure wallet options: https://exch.cx/faq#wallet_security_recommendations (Blixt wallet will be removed from this list during a next engine update for ignoring our multiple requests to provide updates on F-Droid inclusion)

I appreciate the concern. I'm not exactly nervous (if you knew the images they post, you would see that yours are the ones with the least private information). I just alerted you to the fact that some of the agent's personal information was exposed, which is not something that is recommended, not even for you.

In fact, the way you now explained the situation, and very well, it was much better that you managed to omit all the agent's personal information.

Keep up the good work, and I really hope you continue to operate in the best way possible.

Everything has been solved. Was fully my fault. Excellent Customer Support from eXch. Keep it up.

I suggest you better contact support on eXch website and be patient until they reply.
There was some issue a while ago related with bug in monero code, guys from eXch fixed it with some workaround, but maybe something similar happened again in your case.
They wrote more about it back in March:
https://bitcointalksearch.org/topic/m.63878048

Which wallet is that? It sounds like you should switch to a different one.

He asked for a view key.

Which wallet do you use? It seems a bit strange that you can't get a TX ID from it. If you still have the status "awaiting input", it means that exch did not recognize the transaction, that is, what you sent is still in the domain of your wallet or you sent it to the wrong address
I'm not sure what you expect here, you won't get any private key for sure.

 you will get faster response using the support ticket
https://exch.cx/support

Explain your situation there, this is recommended by exch.cx

i have some issue on an ongoing order.


i have sent an amount of XMR and the status still remains " awaiting input " i cant double check as my wallet provider doesnt save private tx to proove it was sent. so i ask you to help me by checking if it arrived on your end or provide me the view key of the deposit adress so i can check where the problem is exactly

my order id is xxxxxxxxdf7ee


thank you

I'm pretty sure that eXch's OPSEC is good, and probably one of the best managed out there.

I read somewhere before of theymos' posts regarding of his thoughts if US authority asked about the details of someone (account) due to legal things. Well, he will willingly follow it since the forum is based in US and has its jurisdictions. So it's really possible.

It's quite ironic that someone with power makes a reference to Bitcointalk. 

When you write something like this, you have to emphasize that you are being sarcastic, someone with power could seriously commit to such suggestions.

At this rate, I am pretty sure they might end up writing to the forum administrators to try any reveal any information about, or perhaps they have tried already 
After the ban of bitcoin mixers, I just hope the admin doesn't end up banning all services that are privacy-oriented in this forum. The situation is bad already. This is an ongoing war.

This made my day. Justin got a little carried away with his demands.
Now we have confirmed that the IRS still monitors the discussions on this forum.

They expect that the statement that exch does not collect data is only declarative. I guess they conclude that according to themselves and their habits.

Why does the IRS ask you to provide data that you don't collect?