Topic: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 - page 53. (Read 30738 times)

Ironically, I learnt about eXCH from a reply on that tweet indicate that eXCH is been using to launder money (https://nitter.cz/fsvltt/status/1723786963247824975#m)

You're right, it's not fair to ask one exchange to police all crypto trxs.

But it seem like it wont help that much anyway since crime ppl wont risk to do direct trade.

All customers are equal for us as well as their cryptocurrency, since there is no way to tell whether someone is criminal on the Internet in the same way there is no way to tell whether a random person you see on the street is a criminal or not. We won't ever participate in the attack on Bitcoin's fungibility lead by taint-proclaiming services like Bestchange and their chain analysis friends. Due to a pseudonymous nature of cryptocurrencies like Bitcoin, there is no certain way to determine a source of some UTXO. One single hop of some UTXO to another address can be a sign that the UTXO has participated in some private (P2P) trade on this forum or any other place on the Internet. Same like cash. Once you receive a cash from someone, it turns into your cash and its source do not represent any importance anymore. Unfortunately chain intelligence companies don't do their job properly which results into unreliable data and misinformation across cryptocurrency communities. eXch don't trust chain intelligence companies and won't ever rely on their data nor discriminate users.

We also don't agree with the general idea that it's exchanges fault if "dirty" money flows through them. We think the root problem is that users who lose their crypto for some reason don't treat their crypto as cash. Someone losing 27$M in cash (or in crypto) apparently made a mistake of not securing their funds enough - same applies to crypto. We live in a reality where thieves exist and many times LE won't be able to help recovering a loss, so why making an easy target from yourself if you care about your money?

There are many ways to get your crypto stolen:

you use Windows OS for a crypto wallet and frequently install random .exe's - you are an easy target for malware
you use Google Play for installing apps on your Android that manages your wallet - you are an easy target for malware
you use closed-source wallets - you are an easy target for your wallet developers
you use open-source wallets that rely on bad coding practices (e.g. Trust Wallet) - you are an easy target for all kind of attack surfaces due to developers not caring about their users enough
you use SMS for 2FA - you are an easy target for SIM swappers
you pre-approve USDT for airdrops - you are a potential target for Pink Drainer and others
you are a NodeJS (or similar language) developer and don't verify what you install from NPM - you are an easy target for dependency supply chain attacks
you use and believe hardware wallets are ultimate security solution but forget to check if your OS has a clipper malware - you are still an easy target
you brag about your crypto wealth to strangers - you are an easy target for a 5$ wrench attack
and so on and on... List of bad security practiced by at least 50% of crypto users don't stop here at all. I can also elaborate on literally *any* of the above with real-world examples - just point me out any subject.

Please just treat your crypto as cash and think twice about its security, then the obsession with AML/KYC for crypto should calm down a bit. Don't listen to the governments that tell you "crypto isn't a financial instrument" but at the same time are trying hard to eliminate it from their way. Crypto is a financial instrument and it should be taken seriously like any other financial instrument.

And to be honest - you ask too much from a small exchange like eXch. Why not ask the same from other major CEX if you seek justice so much?

https://nitter.cz/PeckShieldAlert/status/1723910079278395658#m


As you can see, even major exchanges don't care about "dirty" crypto, so demanding this kind of "justice" from services like ours is unfair.

Haha thank you but I have no merit!   They share their donations regularly on their homepage in the top banner:

Same thing in last September, they shared a donation done to the Tor project

For funds sent to Binance, some explorers display the names of the hot wallets of the biggest CEXes and DEXes. In this case, Etherscan displays it

Just curious, how did you find out that eXch donated to SimpleX?


And how did you got to find that too?

iwantmy10000acrescourtyardpaidwithbtctoo, you are always surprising

At same time, I would like to recommend the services offered by SimpleX to any user looking for private instant communications.

On the other hand, some people think that by targeting scammers where it hurts (their wallets), you could actually create a deterrent.  It's kind of like playing a Robin Hood game – stealing from the bad guys and hopefully preventing future scams. 

But you know, it's complicated and  finding the right balance between teaching people not to get scammed and directly taking money away from the scammers themselves – Id say we should try to do both if we can.

To know if a tx is from an illicit source, you have to be spying on all tx's. Imagine if every custodial privacy tool like mixers and no-kyc instant exchanges start confiscating funds and attacking BTC's fungibility in this way, people who care about their privacy would stay away from such services, and it does not mean they use stolen funds, but because there is a possibility that their funds can be confiscated for any reason.

As a privacy tool, you shouldn't be spying on people's utxo's or rejecting their funds for mixing, or swapping if it is an instant swap exchange, the moment you start doing that you are no longer a privacy tool, but more like a centralized exchange or similar services.

I don't agree. Stealing money from thiefs is still stealing.

Any scammer/hacker will always find someone to exchange his altcoins or BTC into Monero ; or will always find a place to mix his coins if needed. This fight is lost in advance.

If, for example, scammers bother you, the only way to combat them is to educate users -as much as possible- so they can avoid to get scammed. Treating the consequences but not the roots is useless.

No, this service is the best of all.

I am not saying that every trx should be monitored or logged, they can see if a crypto is coming from illegal source like hacked exchange assets or ponzi scheme address and if such crypto enter eXCH platform, least eXCH can do is refuse to process the trade and send the crypto to where it came from (-% fee). Or better to just donate the assets for a good cause.

Obviously we all know scammers and criminals are no good, but if you call your service pro-privacy, then you cannot selectively offer privacy by hiring a blockchain analysis company to spy on people's utxo's and tell you if they should be allowed to swap their coins or not, eXch doesn't require kyc for a swap, you just swap your coins instantly after you make a deposit, they can't know how and where the coins came from, because they don't spy on you.

eXch also doesn't log ip addresses and if you don't believe that, then they are also tor-friendly, so you can use their onion link and connect to their service over tor to ensure your privacy, in that case, there is no way they can report back to LE when they are retrospectively required to provide info about a certain tx. Op, there are already enough centralized exchanges and services doing what you ask, you don't want all the remaining privacy tools and services to become honeypots for the government, do you?

In my humble opinion, the principle of a service focused on respecting the privacy and data of its users, is precisely that it doesn't arbitrarily choose to whom it offers privacy or not.

I understand and respect the need for privacy of someone OWN HARD EARNED MONEY, but when/if you know that scammers and cybercriminals use your service it would be better to report their trades back to the police requests.

Scammers and Criminals bring no good to our world.

That's great, well done!  

---

https://etherscan.io/tx/0x21f0da3982926d693c915b30a8a138db48f469989bff3e9e6434916fa2d3783f

Well done also on your donation to Simplex, I discovered this service recently thanks to a fellow bitcointalker and I'm very pleased!

However, I'm really surprised to see that the team behind Simplex uses Binance's services  

200 BTC throughput mark surpassed in our aggregation wallet pool just in ~1 month after its launch!

https://mempool.space/address/bc1qu2dq8w8lv8v3l7lr2c5tvx3yltv22r3nhkx7w0

Add another 300 BTC monthly throughput in our mixed wallet pool (that can't be tracked publicly) making it ~500 BTC throughput in last 30 days. And this is without counting other currencies!

That is also an amazing reason not to show up physically at any court, even if the terms were correct from the opposite side 

This is just one more example that bureaucracy is the same allover the world.


You are now like a modern Robinson Crusoe

That's correct. We have already requested clarifications from them but no reply was provided to us. I must also mention that going to any court physically is out of question for us since our team is currently located on a desert island which was the closest habitable location after a boating accident and there are currently no transportation options available for getting to the mainland. Thanks satellite broadband and autonomous energy sources we will be able to remain here for some time. It's a nice place after all.

Isn't this an incorrect, even carelessly drafted statement, and therefore it is possible not to give an official answer at all and not to go to court on completely legal grounds? I mean, if they were interested in this, they should have made it clear, whom exactly the addressed to.

In that particular case it should become available publicly after conclusion, but if we have anything earlier from our lawyer we'll share it. At this time it's not even clear whether they addressed their request correctly, since our legal company name isn't specified in the request. They have addressed a court order to a string "exch.cx" which makes unclear whether it was addressed to a domain name, a website, a host or someone wearing a T-shirt with "exch.cx" written on it.

Oh -- I understand. Perhaps after November 16th you can share some more details about how things took course at the Court? (Obviously, only if the situation will allow you to do it).

Answering all your questions would reveal some business details containing information that should remain off-the-record at least till the current subpoena is cleared. However, I would gladly answer your questions via private E2EE communication channels.


We consider Thorchain's native token (RUNE) a reliable coin since its network brings a lot of benefits to the cryptocurrency ecosystem.

Recently we have launched an experimental feature of ETH/BTC swaps via the Avalanche Bridge, since we had some requests from users who have volumetric ETH/BTC swap requirements that eXch couldn't satisfy and since the Avalanche's Bridge can only be used from a privacy-hostile app called 'Core', we have enabled this optional functionality for them to provide 'rails' that automate the whole process of swapping between native BTC and ETH via Avalanche Bridge. During the development of that feature, we have found out that the Avalanche Bridge is far from being decentralized and that their nodes responsible for bridging BTC and ETH are closed-source and are fully controlled by Ava Labs. We have found that Ava Labs have implemented AML screening (https://medium.com/@AvaLabsOfficial/updates-to-the-avalanche-bridge-dc0d33b1b475) in their BTC and ETH bridging mechanisms that are used to selectively stop certain coins from bridging in order to confiscate these funds (or traditionally speaking - to scam their users). We have also found that they have already confiscated 85 BTC from someone without returning it (https://forum.avax.network/t/why-i-use-core-bridge-has-been-sent-btc-but-i-didnt-received-my-btc-b/1157/3) and out of curiosity reached that victim and chatted with them about this, confirming that their 85 BTC are still being held by Ava Labs without any reason. After creating a disposable Discord account just for research purposes since such communities reside there, we have found that there are more victims who lost their funds to Ava Labs selective scamming. This made us wonder whether providing Avalanche Bridge on our service was a good decision and afterwards found out that their AML screening mechanisms do not affect amounts below 5 BTC, which we have implemented as a limit for these. However, later we have found that there is another network that provides native BTC/ETH swaps with considerable liquidity - Thorchain. After a rigorous research performed by us, we have concluded that it's truly decentralized and makes Avalanche Bridge obsolete, since Thorchain's native swap functionality makes part of the network consensus and its code is fully open-source. We have since decided to replace the Avalanche Bridge rails we provide with Thorchain which will be released this week. We have also found Thorchain useful to rebalance our own liquidity when needed without relying on unsafe and unreliable Web3 ecosystem and codebase that is constantly exposed to dependency supply chain attacks.

Please note that Thorswap doesn't make part of Thorchain at all and as it's just a privacy-hostile frontend for Thorchain, thus, eXch could be used as an alternative frontend to Thorswap (however, for now, limited only to the coins and tokens that we support).


Our opsec is much better than Bestmixer's, Chipmixer's or Whirlwind's altogether and we haven't made any mistakes in our opsec any close to such were made by them, apparently from the beginning of their existence, as some court data and other events revealed about some of them afterwards. eXch is run by people specializing in infosec since around 2000 that are also cypherpunk culture adepts that follow military-grade standards and guidance to protect their projects digitally and physically, therefore, it's very unlikely that our platform will be smashed due to rookie mistakes similar happened to the platforms I mentioned and some others I didn't. There is always a lot to learn from every privacy-oriented service shutdown (including darknet markets) and we are certainly not next.