Topic: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 - page 57. (Read 30738 times)

Our DDoS mitigation techniques don't involve IP blocking at all, since we operate a Tor HS and relying on IP blocking to stop attacks there is not possible. We use same techniques to protect our clearnet infrastructure, also because DDoS attacks we get come from Tor exit IP ranges and we don't block Tor IPs just to stop these attacks, unlike many other services do.

I can't go in details publicly on what we do exactly because we get DDoS attacks almost everyday by someone who reads this thread and they could use this information to bypass our protection. I say this with a full confidence because we had a very powerful DDoS targeting our systems some minutes after posting the Lightning Network announcement.

Please open a ticket or write an email at support@exch[at]cx to resolve reachability issues. We won't leave anyone without a proper resolution.

Rest assured that someone using VPN is not a reason for their reachability issues with us.


This was our QR imager truncating large strings which was the case for LN invoices, which got a fix already. Thank you for reporting this.


It's great you have highlighted most important points of our service that are often forgotten in reviews. In fact, we are a unique service that has its own liquidity and is Tor-friendly, doesn't cooperate with LE and has a zero logs policy. All our closest competitors (these who actually own their liquidity and are not resellers) attack Bitcoin's fungibility by using third-party coin scoring services and carelessly feeding LE on illicit^[1] data disclosure requests.

^[1] I use the term 'illicit' because when LE send data disclosure requests to exchanges, they almost never rely on court decisions and instead make direct pressure forgetting that governments they work for forgot to denominate crypto as a financial instrument and provide proper legislation, which makes all these requests illicit.

I just tried to exchange BTC to BTC LN and successfully created an order.
I used my wallet of Satoshi to receive BTC LN with Zero-amount invoices.

*just note if we need eXch node ID just to exchange BTC LN to BTC (or another coin).
We don't need that to receive BTC LN (just invoice with 0 amount)

I understand, but what happens if someone is trying to ddos attack your website? Do you block them or not?
It is possible this guy I know was using some vpn and this could be the reason he couldn't access eXch website.

Good move, this will be very useful, especially when btc transaction fees on mainnet go crazy, and I think LN can also be better for privacy.

I think it could have more to do with phoenix wallet rather than the generated deposit QR code you are trying to scan
Last year, there was a similar issue with Phoenix wallet, which was fixed when they added support for the LNURL fallback scheme

Review
Exch.cx is a very cool, simple and easy to use swap exchange, if the coins you want to swap is on their list of supported coins, i don't see a reason not to use it: They don't collect kyc, they don't aggregate utxo's for LTC and BTC, they don't cooperate with LE, they also don't log ip addresses, good for privacy and can even stand in as a mixer, etc. Take note anyway that you lose control of your coins during the swapping process, as it isn't a non custodial service, but that is the same risk majority of crypto users bear when they use centralized exchanges, mixers and other centralized services.

One thing that's great about eXch is its simplicity, it is newbie-friendly and even a crypto newbie would not have a problem using this service, i swapped my dash for Litecoin for the purpose of this review:

So you just input all the necessary info, and you can either click on 'calculate' to see the amount you will be receiving based on the current exchange rates of the coins you want to swap and the service fee (1% for flat rate and 0.5 for dynamic rate), or you can just directly start exchanging without calculating and you'll see the rates on your receipt. Take note that refund address is optional, but if there is any need for a refund it will be sent back to your sending address, so for better privacy, add a refund address. Before swapping it is good to check what eXch has in their reserves, and if they have enough of the coins you want.

Once you click 'exchange', your order is created with the unique address you should send your coins to, once sent and received by eXch, you will get the coins you swapped to immediately. It is fast and easy, downloading your signed letter of guarantee is also important as it contains all the details of the swap and can be used as proof in cases of disputes. It is to eXch's advantage that they have kept their site very simple, it is very difficult to make a mistake and easy to get your swap done in minutes. Cheers guys!

When I scan the deposit QR code with Phoenix Wallet, it shows: "Invalid data. Please try again. OKE". This wallet works fine with other LN services.

We are happy to announce Lightning support starting today.

eXch node ID is 02cd546a60230b5d5c603bf79ff344afaf071cd42438bdd7846a5de4595c1ef304 (1ML explorer link)

Our system supports automatic channel opening that can be selected during order creation, therefore eXch can also provide inbound liquidity and be an alternative to submarine swaps and helpful for rebalancing schemes.

We welcome everyone to try the newly added network, report bugs and provide sugestions.

We don't have a possibility to ban IP addresses because our system and servers don't process nor log them. It's explained very well in our ToS.

Errors like one you reported could happen for many reasons, but mostly they are temporary and some retries fix them. We will add more reverse-proxy bandwidth capacity soon and request fail rates should reduce.

Please try another browser to see if the issue persists.


This is not an issue and that error is a clear indication that the same coin direction is not available, therefore I am not sure how it affects users "quality of life" at all.
Avoiding selecting same coin direction can only be fixed by enabling JavaScript and monitoring user's selections. We don't plan to provide a JavaScript version of the site yet.

If you are from Brazil/Portugal, I wrote a review in Portuguese here: https://bitcointalksearch.org/topic/review-da-exch-5465288

Very happy with eXch speed and fees.. I'll use it again in the future.

Hi team, this is my review for eXch, I have been a signature campaign member from the beginning and wanted to share my opinion on your service.


The design of the website is very basic and to the point, I like it how there are less color usage which helps users to focus on the main point which is to exchange crypto automatically.
The best part is that you are providing an API with it and also no Cloudflare so if someone wants to build something on top of it directly, they can surely look into that without getting blocked by the network.

While debugging the website, I see you are getting this issue where when you select BTC for both options, it's shown No pair for this found. That is correct however user shouldn't be able to do this on the first hand and you can use client-side form validation to fix this issue, it will surely improve the Quality of life and experience of the users.


Everything else is to the point and looks great, cheers!

It could be a number of factors including a browser related problem. Have them try a different browser using the same IP address to see if it works?
Maybe an extension causing this? They could disable the extensions or also run the browser in incognito mode to rule out the browser extension, as probably cause.

Another cause could be the ISP in their jurisdiction trying to block access to eXch.cx rather than the other way round.

@eXch.cc is it possible that some IP addresses are banned by eXch exchange or it could be something browser related?
Some people told me that they can't access eXch website with clearnet domain, and they receive message like this in Chrome browser:


It is all explained in Affiliation page.
You receive 30% profit, and you can enter your withdrawal address when you collect 0.001 BTC (or equivalent to 0.001 BTC in other currencies).
https://exch.cx/affiliation

I paid more attention to privacy than calculate the fee, because eXch already has low fee currencies such as monero and litecoin.
Like Monero, So far the fees offered between 0.1 - 0.05 USD. if it's that amount is quite expensive for your, there is Litecoin which might be set below than Monero.

About Affiliate program, how to divide it?. because when registering the exchange didn't ask bitcoin address to receive preofit.

I am personally not a big fan of that new tendency of graphic design used in some threads where one must scroll through large images full of visual distraction to find useful information, so I prefer text-only threads mostly. However, it's true that our OP here can be improved and icopress already provided us with a reasonable thread design that we will eventually update to after some editing.

The quote in OP you are referring to was the OP itself before our service relaunch.


The PM was already sent to theymos.

I was thinking if eXch would think to revamp this thread a bit.

For example, the way post #1 is written looks oldish... Maybe a new design for the main topic would look better and, maybe, it would catch also the attention of more users?

Besides, there is a quote in OP which I am not sure from where it is taken, as it does not appear on the website (or, at least, I did not see it).

---

Other than that, I also noticed this post:


My suggestion is to contact theymos about this issue, as there are infinitesimal chances for him to see this post inside this thread. Best approach is to send him a PM and explain the situation, then kindly ask to change your name. It does not happen very often but I witnessed a few such changes within last years, so there is hope.

Here is the answer you are looking for, from the representative

The exchanger is very easy to use, which is good, low fees, fast exchange. A letter of guarantee is also a positive point, which can eliminate all controversial issues.

Among the shortcomings, I would probably note the small number of supported networks. It would not be superfluous to have TRC20, it seems to me that USDT TRC20 is used by a much larger number of users than ERC20, for those who make frequent exchanges will pay attention to fees.

Thanks, I just know that method, but there have limit maximum which can be sent like the picture below.



I am not sure if the problem is litecoin, where maybe the exchange only have a few on the storage.

"Cloudflare free" usually means that a website doesn't use Cloudflare's reverse-proxy service to prevent exposure of their users to MITM and UX issues, however this is not related to Cloudflare's NS service used by our domain name.

The main role of nameservers (NS) is to serve DNS records, which in our case is the "A" record that points users to the IP address of our web-server when they lookup our domain name. We use Cloudflare's nameservers because they are reliable and fast due to their company's considerable infrastructure available across the globe. They also provide a Tor-friendly API which we use to manage our DNS records.

The only possible attack vector in this case is DNS record hijacking. It means that Cloudflare will have to change our domain's "A" record from our IP address to another one with a working reverse-proxy in order to intercept all the network traffic of our users (MITM). This attack is very unlikely to happen because there is no point to do this in our case, since anyone on the Internet will be able to detect a such event and also because we will receive an alert from our security monitoring system about a DNS record change and will simply switch our NS to somewhere else. It is also worth to mention that a fingerprint of the website's TLS certificate will change during a such attack, since there is no way they can retrieve the private key of our TLS certificate to use it on their MITM reverse-proxy. There is a browser extension called CheckMyHTTPS (https://github.com/checkmyhttps/checkmyhttps) that is useful to detect HTTPS fingerprint changes, however not as reliable as the older Certificate Patrol (https://github.com/tg-x/certpatrol) which was storing each website's certificate fingerprints locally to detect and alert about fingerprint changes later.

Such attacks are very rare to happen, but when they happen, they're usually some LE operations with enough gathered intelligence to know what to intercept that mostly go for website's operators (i.e. admin credentials) and not their users. Our management interface is not available via clearnet at all nor located at our public Tor HS either, therefore a DNS hijacking attack on our domain name would not bring anything useful to LE.

The most famous LE operations with this technique involved that come up to my mind were mostly targeting botnets, where they intercepted operators credentials that usually represent superior value for investigations in order to obtain ultimate evidence. Nevertheless, this technique is not popular anymore compared to cooperating directly with datacenter operators and upstream network providers. I recommend searching through KrebsOnSecurity blog for the "takedown" keyword to find relevant articles and to learn more about LE methodologies and strategies.

Well here is how i do it. I do enter the amount to calculate how many coins i will get, so i can get an idea of the exchange rate that i will get.

Now, before doing the actual exchange, I will clear all fields, and write only in the "To address" my address, keep the amount filed blank and click "Exchange". On the order process window, it will ask me to send any amount of the cryptocurrency to the given address.