Topic: JokerChange - Exchange your cryptocurrencies quickly and easily (Read 709 times)

Small update to the discussion thread.
We will add a sponsorship system in the future.

Our winning number was 77 and the winner was user snipie. Reward has been sent already. Details will be found on this post.

4th campaign RAFFLE https://bitcointalksearch.org/topic/jokerchange-presents-free-raffle-receive-50-btc-round-4-5501526

I know that, and i was never asking them to post anything 'sensitive', i wasn't just clear on what they said earlier, but now i am.
Glad you were able to clarify what actually happened. Yeah, building trust is difficult, but if you and your team continue to work on your service and be open to queries and customer complaints, you'll grow faster. Goodluck.

At the moment, we haven't received any emails yet.
The email address is only for help and support requests related to order numbers, transaction numbers, and cryptocurrency addresses.
Additionally, once the issue is resolved, we will delete the emails after 2 days.

Documents should not be sent to this email address as we do not handle AML/KYC procedures.
If a user accidentally sends documents to the email address, they will be deleted.

• Rules 📜 : https://jokerchange.com/rules
• AML/KYC ⚖️ : https://jokerchange.com/aml

We understand that gaining user trust is challenging, but we assure you that this situation will not happen again.

FREE raffle round # 3 is live!
JokerChange Presents FREE RAFFLE - Receive $50 BTC Round # 3

JOIN fast to be eligible to receive the reward.
Don't forget to user JokerChange to increase the chance of winning.

They will certainly not publicly present here the details of how their email server was hacked. This would probably only bring more complications in the future. We, as observers from the side, do not have to know everything that happens in the background.

Things like this are one of the reasons why many refrain from providing KYC everywhere. Data can easily fall into the wrong hands. We have seen similar cases even with much more reputable (at least at that moment) services, so it is very difficult to trust some beginners.

Yes the mailbox has been hijacked 🫤.

I am having a hard time understanding what you mean here, what happened to your 'main mailbox'. Were you hacked or something? Can you try to be more explicit about what happened, you might even get better suggestions from members here, to avoid a repeat in the future.

The main mailbox we use, we have decided to close the topic to avoid a major problem and take the domain offline.
We contacted the email provider and retrieved the mailbox.
Regarding the data, no theft was committed.

I also could not find any information on this anywhere online. For transparency the public should be giving info on what type of attack that warranted suspending the entire service and deleting the op (which suggests they did not expect to recover from it) and also what measures were put in place to prevent it from happening again.
More importantly, if there was any security breach users should be aware of.

- Jay -

Especially to a newly-launched exchange, transparency is very important. That's a matter of integrity. To just say you were under attack but it has since been contained keeps the users guessing. That's treating them poorly. It's as if you don't owe your users any explanation at all. It might be a small thing to you but it's a big thing to those who've entrusted their money on your platform.

Users are left hanging as to what really happened. They're confused. And it makes them question how solid your security is, as to whether their funds are secure under your custody.

I was about asking why you deleted the op, changed it to 'removed' and now it is back up again, but i found my answer in your edited op:
Sorry, can you share with us what kind of attack it was, and what measures you have taken to ensure such a thing does not happen again. It takes time to build customer trust, but it would be faster if there are no issues such as this. Welcome again.

JokerChange second FREE RAFFLE ended a few days ago. Sorry I was not well last two days to post update. User malcovi2 is our winner for round#2.

Stay connected and support JokerChange. The next FREE RAFFLE will be launched on the next Sunday!

So you use third party services to conduct transactions, you take 0.9% as a fee, you may ask for KYC, there is no a refund guarantee if  user fails the identity verification, you prohibit users from using any technology to hide the IP, however you can share the data with a third party ?
Isn't this a lot of requirements when there are competitors, especially since ~1% additional fees + exchange API fees may not make exchange rates attractive?

We take note of your opinions ✍️ and we try to correct them as best we can to enlighten users.
Yes, we use an external API.

All your suggestions help us if you wish to share any correction please let us know 😊.

Maybe they are using other centralized exchanges, not just Gate.io, but they should clearly write that information in their ToS.
There is nothing wrong in offering such services and charge fees for that, if people are willing to take the risk of being asked for kyc verification from those exchanges.
I think that most quick swap exchanges are operating in similar way, with few exceptions.

Not only that, but the exchange fees are more expensive than Gate.io. exchanging 1 Bitcoin is equal to 18.39840927 Ethereum, while in Gate.io you get 18.66. It may pose a problem as Gate.io prevents any transfers without completing identity verification, so if the service depends on the Gate.io API, it may be blocked.

All these exchanges are not exactly the best role models. How is it not exch.cx exchange that is your role model?
Or, for example, Zeusmex's method



Based on @xtests' experience, you don't have much influence, as a re-seller, on the AML check and eventual confiscation of funds, so maybe that explains why you stick to these conditions.

You have literally just mentioned one same exchange and its direct resellers and here is why mentioning them is a worst example ever:

1. ChangeNow and Changelly are operated by the same actors that have a huge track record of selective scamming.

2. ChangeHero and StealthEX are ChangeNow's API resellers.

3. None of them has a money transmitter license nor any regulatory approval.

Since you don't even have a company registered and operate anonymously, there is no reason for you to even try being compliant. Not even mentioning that asking KYC from your customers while not being a registered entity is unlawful.

Meanwhile, in a process of writing of this message, I decided to check what service you resell (since it's extremely easy given you operate with Ethereum) and created an order on your service. After the order completion, I have received coins from Gate.io in this transaction ID: https://etherscan.io/tx/0x089a801a71a8e9350eda4f92617d47d4629d29bf7cc2747e7d0b0cf55b2b5619



I have also verified that the Litecoin deposit address I was given by your system (LUh62sJo91y2VFdBdwq22gFTi3jPfnkEdu) belongs to Gate.io, since it is assigned to some Gate.io customer (which is you) and all its incoming payments are aggregated by Gate.io's Litecoin address LaH52f9sspcacPMf2Z7mU5tkhKcWJxvAgA.

You should actually update your service description and ToS to mention the fact you don't represent your own liquidity and instead resell a third-party exchange Gate.io and rely on their AML/KYC policies to avoid misleading people.