Topic: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 - page 37. (Read 27792 times)

what will happen if someone sends stolen money to this USDT ETH address, and then it goes to the client from this address?

Yeah and if I remember correctly OP already stated earlier in this topic that they send frequently coins to some big CEXes without any problem/red flag

I don't think there is any case of usdt or any other coin from exch.cx getting blocked by centralized

They even have a known address in etherscan
https://etherscan.io/address/0xf1da173228fcf015f43f3ea15abbb51f0d8f1123

Remember that your privacy is your responsibility. You can send small amounts to exchanges to test, before acquiring large amounts.

Personally, I have send LTC that I acquired in exch.cx to another cex and didn't have any problems.

Have there been any cases of USDT wallet blocking by the issuer(Tether) after an exchange on your exchange?
What guarantees do you give when exchanging my BTC for your USDT?

I hope you do. I don't see how it can harm your business. At the same time, you'll surely increase your client base, which brings more profit.

Excellent! So, that option was there all along, we just didn't know about it.

I have two follow up questions.

1. If my order becomes a backorder, will eXch use the exchange rate applicable at the time the reserves fill up and my order gets processed or the rate from when my deposit transaction confirmed? I am pretty sure it's the former, but let's see.

2. What are the possible reasons why a backorder gets refunded from your side? Is it fee related? If I began the exchange at a time when the mining fees for the coin I wanted were low, but then they doubled, would eXch process the order, request more for mining fees, or return the initial deposit?

I checked your FAQ section, but it doesn't mention any of this regarding backorders you just discussed. Perhaps you should add it, so your clients know such an option exists.


It depends on how soon someone will come and deposit DASH to eXch in exchange for a different cryptocurrency. eXch doesn't fill its own reserves. As soon as someone sends some DASH their way, the reserves will fill up.

This exchange is good and fees are okay, sometimes better compared to others and sometimes worse, but overall, fees are good, especially if we keep in mind that it's a non-kyc exchange. But OP, I think, it will be good if you take care of visual aspect. I am not going to teach you anything but if it's okay to give you advice, let me tell you that if I didn't know this exchange from Bitcointalk, I would never exchange here because website looks like a basic website written by a fresh graduate. I think that modern CSS gives us many possibilities without the use of javascript, so I'll be glad if you take care of visual side of this exchange.
Otherwise, wish you good luck and all the best. Also, how often do reserves get filled? I wanted to do BTC - Dash exchange but at the moment there is only 6.21 DASH available for exchange (not enough for me).

It is and is not a mistake.
It's not a mistake because previously, the official domain for this exchange was exch.cc, but due to certain problems, everything was later moved to exch.cx. you can see by the account name that opened this thread.
The mistake is probably that it has not been changed, the old domain should not be mentioned, it only introduces additional confusion.

I have a question about lightning

I see you need "Zero-amount invoices only"



I am using Aqua wallet, which has LN integrated. The minimum invoice is 1000 sats.

Will my 1000 sats invoice work?

Sorry if it is a dumb question, I have little experience with LN.

My first experience with you about the exchanger.
After this, I will no longer return to regular exchange offices. Thanks for your work.

I don't know if this is a typo. But you need to replace one letter

I was certainly not discussing what's better or worse for mobile, but since you have mentioned Graphene OS, I will comment on that.

We have stopped using Graphene OS some years ago after its founder strcat aka Daniel Micay revealed his conflictive and hostile personality against people who disagree with him.

He bans anyone on IRC and Matrix who asks questions that he doesn't feel comfortable with instead of addressing them appropriately. He also admitted to have schizophrenia, which creates certain risks for a such project and its users given that he is still a main core maintainer. This doesn't mean he should step down and it's absolutely fine that someone has a mental disease, but the project should at least review its structure and make a bit more balanced maintainance.

Finally, Micay promotes and defends the opinion that Google Pixel phones are 100% free of hardware/firmware backdoors, which he can't know for sure, but instead of taking the neutral stance on this question he actually bans people from his communities who have different opinion. Our opinion is completely the opposite to his. You can find a lot of chat logs with many people he confronted on various security aspects that ended in a long-term conflict between them and even between projects. For example they are still "enemies" with CalyxOS and Micay accuses Calyx devs to run "propaganda" against Graphene.

You can find some of the logs of his conflictive behaviour on this site https://opinionplatform.org/grapheneos/ and I like how one of the subheadings is titled:


There is still a chance we will add TRC-20 USDT, just no ETA yet.


1. Then the order will convert itself into a backorder and offer you either an instant automatic refund or waiting indefinitely till sufficient reserve appears, on which event your order will be completed automatically. This order will be prioritized once there is reserves.

2. It was always possible since our system supports backordering. To create a backorder even when there is no balance on some coin, these are correct steps: 1. Go to our main page 2. Select a pair and enter a destination address 3. Click 'Exchange' without clicking 'Calculate'. This way the system will let you bypass reserves checks. Make sure you don't click 'Calculate' anywhere since it will define amounts and the system won't let you create the order anymore. After your order is created, you can send any amount then wait. The order will have exactly same behaviour as in the previous point "1" of this answer.

This is mainly why we have the message "You can start exchange without calculating and send any amount (calculation will be performed on receipt)" right to the "Exchange" button.

The only downside of such backorders is that we might force-refund your order any time without any prior notice, but this happens rarely.


Answered here by paid2: https://bitcointalksearch.org/topic/m.63763206

The app can store your created and imported order's history but you have an ability to wipe them. Other than that there is nothing that app collects and F-Droid's page describes everything in a very transparent way.


I believe your issue was solved via our support channels.


Awesome, thanks!


By the way, FixedFloat had no license nor a registered company in Seychelles. They are lying to their customers when they say they have a registered company. We have personally spoke with their hackers and were provided with a lot of evidence (along with some files from their server and a few database table dumps). FixedFloat is run by 3 anonymous russian carders and I will take a full responsibility for this accusation as I understand how serious it is. Check the update in my earlier post here: https://bitcointalksearch.org/topic/m.63681724

We are still providing full information to interested users on that hack via private communication channels.

Moreover, we were mentioned in a Forbes article on that matter and even provided an interview to their journalist: https://www.forbes.com/sites/digital-assets/2024/02/20/decentralized-and-non-kyc-crypto-exchange-hacked-for-26-million/


This background is temporary but I am glad you liked it. Once we deal with phishers (check my previous post) we will improve the previous background. There is also planned an optional JS version of site in the same way it is done on LocalMonero and some other similar sites (by adding an 'enable JS' toggle).

The Ethereum network has long since become unusable for small transactions (I hope Bitcoin will not follow the same path). It's good that there are alternatives.

A few days ago I also used exch exchange, but because of the transaction cost, I chose LTC with a dynamic fee rate as an option. Like you, it was a great experience, everything was done very smoothly and quickly

btw. I like the new blue background, it suits me more than black.

Here is my brief feedback after using eXch the first time. I used it via TOR with the browser security settings set at the highest level.

After the coin I wanted had enough in the reserves, I sent my BTC. The system picked it up quickly. After the first blockchain confirmation, eXch already sent my coins. Quick and simple.
Regarding the fees:
When you consider how expensive the Ethereum network is to work with, you understand that you will pay more than the 0.5% in fees advertised on the site. Of course, this isn't a fault of eXch, as they can't be blamed or praised for the state of any blockchain network. I ended up paying closer to 1.4% when I count the Ether fees.

Overall, it was a good experience, but one that could have been better if I could have used Tron for my USDT instead of the Ethereum network. I'd much rather pay $2 in fees than $20. 

Keep up the good work eXch!

Thank you for this paid2 and eXch! That is very nice from you.

I announced the contest in the Romanian translation of OP and it was also announced (by NeuroticFish) in another Romanian topic, dedicated only to forum contests.

Other than this, it was nice to see the new rule, which allows users with 1000 merits to have 2 slots. I see it as a way to fill the spots faster but, at same time, as a nice gesture for those which managed to obtain 1000 merits -- which is not easy at all.

Feel free to join the second Raffle and try to win a Custom eXch Cryptosteel Capsule!  

[FREE RAFFLE] - Custom eXch Cryptosteel Capsule (#2)!

---

---

---

Offtopic, but I really like the new design of the website:

ALERT! PHISHING!

We have found that a known .onion directory "dark.fail" currently lists an URL impersonating our service.

The domain "SWP[dot]CX" has been registered less than 30 days ago and somehow managed to get listed by DARK.FAIL - a popular .onion URL monitor that only lists well-known and reputable resources (perhaps not anymore).

This is an unusual phishing attempt when the scammer has ripped off our original design and HTML template assets used by us in the past along with our current template performing a slight "rebranding". Meanwhile it's still a confirmed phishing since this website got to our knowledge from some scammed user who thought it was our original website and explained to us how they found it.

As a preventive measure we have decided to use the same background image that was in our assets some years ago which the current scammer also uses, as well as restoring our previous "light" text-only logo version, which the scammer is also trying to impersonate.

Our current website design changes will remain while we are dealing with that scammer and till the situation is resolved.

However, during investigation of this issue we have also got very interesting findings where we were able to trace back this domain to someone who have made the first ever eXch phishing vanity-generated .onion domain and managed to scam a few of our users in the past, that caused the phishing alert at our original .onion domain: hszyoqnysrl7lpyfms2o5xonhelz2qrz36zrogi2jhnzvpxdzbvzimqd[dot]onion (WARNING: THE LINK ON THE LEFT IS A PHISHING LINK FOR DEMONSTRATION PURPOSES ONLY - DO NOT USE)

We were able to find hszyoqnysrl7...onion on some Tor listing directories earlier that we have managed to wipe by contacting admins of such resources directly, which apparently worked because we stopped receiving complaints of scammed users who accidently used phishing links.

However it seems this actor has returned under a new "brand", since after performing some brief OSINT we have found that the only other place on the Internet where both SWP[dot]CX and hszyoqnysrl7...onion are listed are here: github[dot]com/tarpetra/welcome-to-darknet  (WARNING: THE LINK ON THE LEFT IS A MALICIOUS GITHUB REPO FOR DEMONSTRATION PURPOSES ONLY - DO NOT USE)

What's even more interesting is that the username tarpetra behind that Github repo have managed to get ~1500 Github stars by supposedly using bots/fake accounts to create visibility and the fact he/she lists both scam resources (SWP[dot]CX and hszyoqnysrl7...onion) confirms that he/she is the operator of both resources (main indicator here is how recent SWP[dot]CX is and how fast it was added to a repo with "1500" [fake] stars)

We have tried to contact the DARK.FAIL admin regarding this incident but got no reply and hope other concerned users will have better luck on that in case they want to try.

We also suspect that DARK.FAIL admin might be involved in this scam scheme because we don't believe that such an experienced Tor user might have overlooked our service and .onion, since our actual onion link hszyoqwrcp7cxlxnqmovp6vjvmnwj33g4wviuxqzq47emieaxjaperyd.onion is listed at least on the following popular resources: kycnot.me, monerica.com, tor.taxi, darknet-bible[.]net, darknetdaily[.]net, darkweblink[.]com

Another few important points:

- the scammer is reverse-proxying their domain via Cloudflare - something that eXch would never do, since we genuinely care about customers privacy.

- the scammer is using a third-party email provider (Protonmail) as their email server - something that eXch would never do, since we genuinely care about customers privacy.

This was an important announcement to make today but there is still work ongoing which we will update on during next days, depending on how long this issue will persist.

P.S. will communicate on other subjects later since this announcement had to be prioritized.



UPDATE:

We have managed to obtain ultimate confirmation that the SWP[dot]CX website belongs to and operated by the person behind the malicious Github repo containing phishing links to popular services.

We have compared server headers of the HSv3 addresses linked on the clearnet version of SWP[dot]CX (uicrmrl3...onion) and Github repo one (uicrmrtwpfy4y5...onion) and both domains appeared to be served by the same web-server.

There are at least 8 identical headers including "LINK" one containing the persistent data ";" and another one containing the same ETAG between 2 different hosts indicating that it's the same server responding on both domains. Anyone can replicate this and confirm themselves. We have also managed to find the real IP address behind the Cloudflare. Further work still in course.


UPDATE #2:

Turned out this scammer has created some considerable "ecosystem" of phishing cross-referencing system that apparently works very well in terms of SEO.

Just by googling the vanity-generated .onion they had for us, you will be able to find at least 7 other sites that appear like "legitimate" directories of .onion URLs representing dedicated phishing sites carefully built for each separate project.

We don't want their server shutdown yet because we are curious about their domain registrar's stance on this matter (sarek.fi / [email protected]) as well as DARK.FAIL's admin stance to understand the level of their involvement into this scheme. Given that today is a celebration day approximating a weekend, we'll give them 48 hours to answer before proceeding with action.


UPDATE #3:

Following up with the investigation, we have found there is a big probability of https://anir0y.in being a real scammer's personal website exposing himself as Animesh Roy from India, based on one of his blog posts named "Blog Tor Darknet Links" where he claims that "all the sites listed have been verified by DarkNetEye as being legitimate operations", where he links to some fake DarkNetEye copy with a domain registered only a few months ago, which on purpose provides phishing links of at least 3 known services mixed with other links that are valid onions of some other services.

- That list from both his blog and that fake DarkNetEye copy targets 3 specific legitimate resources related to crypto swaps and mixing with phishing: eXch, Majestic Bank and Coinomize mixer.
- The list provides a valid onion link to Infinity Exchanger which also raises another question - is Infinity is behind that or he listed it just to setup Infinity to look behind that in case all this scheme is exposed (which is happening right now), since we already know that the person behind this scam scheme is quite smart.
- All other links on the list are valid links.

The reason why we believe Animesh Roy might be behind all this is that in his blog post he lists at least 3 malicious resources in the same way they are advertised on other websites that make part of his quite sophisticated phishing infrastructure that targets eXch, Majestic Bank and Coinomize mixer:


All 5 domains (or 6 including SWP[dot]CX) above are registered with Sarek.fi (aka Njalla). Sarek resells Tucows for domain zones unreachable for him directly (I say "him" because Njalla is a one-man operation by Peter Sunde) so you might see WHOIS of those on Tucows to show KN as a country of registrant and the company named "1337 services" which is Njalla aka Sarek.

Abuse mail boxes to report all domains: [email protected], [email protected] (except for SWP[dot]CX)

We invite everyone to contribute by emailing abuse reports to the above mailboxes. Additionally, in case you got a Github account, you can also contribute by reporting 2 repos mentioned above.

https://i.gifer.com/B6NA.mp4

Fixefloat can't be compared with this exchange and they had a license like so many other centralized exchanges and it didn't help them a bit.
By your logic you can consider any exchange to be a mixer, and that is simply not the case.

You can get much faster reply from eXch support by creating support ticket or by email address:
https://exch.cx/support

I think this applies:

@OP: In your Bitcointalk Profile > Personal Message Options, you can allow Newbies to send you PMs.

Hello there some hours ago I sent ethereum on arbitrum instead of erc20 to your address, i cant send a dm to you, please ive been a long time customer

If I am not wrong, you can find these information and which permissions are necessary on the following link: https://f-droid.org/en/packages/io.github.pitonite.exch_cx/

I am coming back on this thread after a small discussion had with NeuroticFish in the Romanian translation of this topic. Among others, were wondering what information is using (and storing) the eXch app for Android. We understand that some information are forced to be accessed by the Android system itself, but other than that what information does the app collect and store (if any)?

If OP could come with such details it would be very nice.