Topic: SCAM EXCHANGE: Openchange (Openchange.cash) (PARTIALLY SOLVED) (Read 1458 times)

I could be wrong but to me it seems their justifications are pure nonsense which are designed to try to fool the user in to conceding 10% of their funds with a fear they could end up losing the other 90% if they contest what is going on.

I wonder what the "successful exchange" vs "we will return 90% to you but keep 10% for ourselves" ratio is for Open Change.

They justify it with the screenshot from a random internet webpage. This webpage (AMLBot) is neither an internationally (or nationally) recognized authority, nor is it working with one and it may not even be an actual business. Since even with access to a lot of resources (like what the FBI / CIA has access to), it's extremely hard to (1) tie a certain UTXO to a crime and (2) return the funds to the legitimate owner, all these classification attempts are subjective guesstimations at best and deliberate choices to defraud users, with large potential for corruption, at worst.
In the end, they are always used for evil: confiscating funds and keeping them for themselves; so it's a big elaborate thing to steal coins from users. There's no nice way to put it.

Yes you are pretty much spot on but there is confusion as to how they selected 10% as a figure they would confiscate in the event they believed they were dealing with stolen crypto.

Furthermore, there was no real meaningful justification given why they would return 90% of alleged stolen crypto however retain 10% for themselves. I mean, what could they say to justify it?

I do understand this now, that the coins the hacker ends up with is different. Still the issue with the mix was the consolidation of 11K mixed coins back together, given all these inputs come from Crypsty addresses consolidated together, even if they are new coins. Clearly some chainanlysis will easily point to the fact these are the proceeds of crime, based on numerous factors, even if these coins are different.


I completely agree, I was initially merely answering BlackHatCoiner's question of a connection between transactions.

Given these exact same sets of coins have been sent to all major exchanges in recent months and not frozen, instead passed onto other users and exchanges, in the case of Binance mixed together. So there is still zero reason for OpenChange to be stealing this users funds, given large amounts have already gone back into circulation without any issues it seems.


This is initially why I thought the mixes were CoinJoin, as all the inputs going into the smaller mixes (100-300 coins roughly) all came from Crypsty addresses, as highlighted, with only 1 major output. So why it's obviously common to make the mistake that all inputs come from the same owner, in the case of 2014, this clearly wasn't the case. Probably back in 2014 these addresses were listed as Cryptsy, so the hacker was completely unaware how their transactions could be easily traced (even if the coins can't).


I can see how mixing has improved over the past 8 years, that much is true. In this sense it seems that the coins were "tumbled" as you put it, by getting back exactly what you put in within the same transaction.

---

Anyway, I don't want to derail this thread any further as it's about OpenChange stealing a user's coins without any legitimate reason. For reference sake, whether these coins are considered stolen or not, I discovered most major exchanges have all transacted with these coins from the mixed set that the AML bot considers stolen (red dots are exchanges). This is Binance happily laundering them even, prior to sending some onto UpBit, long before the user made a transaction to OpenChange (the earlier circles aren't mixes, they are merely breaking down the coins to smaller quantities from single inputs).

I reference this as OpenChange claim these coins are "tainted" or outright "stolen", but it turns out that other exchanges have absolutely no issues with these coins, or at least more than willing to be transacting with them. It seems highly likely that they are simply using the AML bot as a poor excuse to steal coins when possible. Even though confiscating these coins isn't considered legal or otherwise.

True; CoinJoin is actually newer than I thought. According to Bitcoin Wiki CoinJoin page, the first mention of the idea of CoinJoins was in 2013, as quoted below.


I remember in the past mixing was actually more commonly referred to as 'tumbling'; maybe indeed better fitting for something where you throw in coins and get completely unrelated coins of equal value back out. Instead of a CoinJoin mechanism that semantically fits more to the name of a 'mix' since you throw together your inputs with other people's UTXOs, mixing them and getting something out from that same pool.
Like, to be fully honest, ChipMixer is a pretty good name. It doesn't mix UTXOs, like CoinJoin, but it mixes / exchanges these 'chips' that have no ties to each other, instead. This requires it to be a centralized, trusted service, but offers much better on-chain guarantees.

That's not how ChipMixer works.

Even before ChipMixer, "coinjoin" was never the standard: a user would simply get someone else's coins in return for their own. Coinjoin is the only form of mixing that leaves an on-chain trail to follow.

Correct, that's what I aim to do here:

Feel free to follow the topic to get notified of new additions and report other such issues with exchanges and services so they can be swiftly added.

---

Basically:
[1] hax0r sent X stolen coins to CM
[2] legit user sent Y legit coins to CM
[3] legit user got Y amount of the stolen coins from CM
[4] hax0r gets X amount of other users' coins from CM

Your confusion comes from the assuption that every mixer works like CoinJoin; whereas ChipMixer is basically an off-chain mix.

This is my point in the example above, without other participants nothing is obfuscated, even if old coins are made into new coins.


That I get. The only thing I see happening with the 2014 mix of Crypsy is the following:

Mixing wallets CrypsyA + CrypsyB + CrypsyC etc = CrypsyABCX. There is no UnknownA, B or C to adequately break the connection between stolen and non-stolen coins.

For sure it obfuscated whether the new coins were part of Cryptsy wallet A, B or C. This I don't deny. But mixing stolen coins together only results in stolen coins.


Ok, well whatever software/protocol was used, the hacker simply got back what they put in, as was responsible for all the inputs (-1) - hence got all the outputs (-1).


This is assuming it was an online mixer that was used, and that the website had 11K BTC liquidity ($5 million back then)? To me they look like simple transactions that consolidates funds.

I do see the logic of the coins not being the stolen ones however, but simply owned by the thief after blatant online mixing. Similar to how any tx makes an old coin new again, as the trail shows. This means the blacklisting could be not for stolen coins, if indeed they were able to mix it with a website (swap them as you put it), but attempting to block profiting from a theft on a somewhat permanent basis.

I'm also guessing that back in 2014 there weren't delays in receiving your coins from online mixers, at least not the one that was potentially used, hence didn't obfuscate anything either...

Correct. And correct.

It's not a coinjoin. You get different coins than the ones you started with.

Think of it this way: Alice gets Bob's coins, without knowing who Bob is, and without knowing how Bob got his coins. Alice's old coins are now owned by the mixer, and Alice's old coins can't be linked to Alice's new coins.
The coins are totally different.

Yes.

The point of a mixer is to obfuscate the direction of your money.

It's pointless as long as third parties know that all of the CoinJoin's inputs are yours.

The same origin needs to be proved it's the same. A bitcoin transaction can be consisted of inputs that are not owned from the same person.

Because you effectively end up with different coins right? Even if it doesn't break the on-chain connection with your new coins, it breaks the connection with your old coins?

Old coins mixed with different old coins = new coins (mixture of different origins)
Old coins mixed with same old coins = new coins (same origins as old coins)

I had thought the point of a mixer was to mix your coins with other peoples, not just your own. Surely this defeats the point of a mixer if you're just running CoinJoin with yourself?

I get that the coins would still technically be new, but it doesn't do anything to break the connection between old and new coins if you're only mixing coins from the same origin...

The point of using a mixer is to break the on-chain connection between your old coins and your new coins. It can't break the on-chain connection to the origin of the actual coins.

That's because he didn't steal them.

Did I understand this correctly? Some obscure cryptocurrency exchange gives itself the right to confiscate the funds from their customers based of an analysis of some self-proclaimed blockchain (anti)analysts who, incidentally, have absolutely no legal weight whatsoever? It is unacceptable for the exchange to make such a decision and, more importantly, to retain control over customer's assets.

The only thing I think should be done in this case is to flag the Openchange.cash exchange as malicious and warn any traders away from it.

Ok, bare with me, I'll try and explain this one after discovering OXT. The summary is: the coins weren't mixed between those two txs you reference for starters.



On the left: 1e7c498469369e90dfdd0c8258c6aa5325661553f441a2c6897d93b210f8ef67
On the right: 1f393532c18ac21a21b17ea890579a6d071f008400b2c73ced357cd59fe194d3

   

Tx 557ddcdd1bb1380a04c52748454314aca8f9ef68b75ea678e64b74152525b3af (top right of first image) has a single input (not a mix, just a breakdown):



Hate to say it, but It simply looks like the thief has either no idea what they are doing, or got confused between their mixed outputs and "broken down" outputs.

---

As for the "original mix" in 2014, prior to "1f393532" that is considered the stolen funds, this is a good example of how not to mix your coins basically.

Were mixers even working or being used back then? There was simply a lot of "private mixing" going on in this particular case

• Numerous mainly high-value inputs are all consolidated to 1000+ outputs, apart from 1 output for 0.0961 BTC. Completely not how you mix coins if you don't want to be traced
• Notably 0.0961 BTC is the only unspent output from this "mix" which looks like it came from the input of 0.099 BTC (caught in the mix maybe and now considered "tainted").

For sure, someone else could of also decided to mix 1000+ coins, granted. Then if you trace back these so-called "mixed funds" that were consolidated, they are nearly all Cryptsy labelled addresses simply consolidated together to either single ANON outputs, with the error of what looks like a change addresses (secondary output), often interconnected between "mixes" or back to Cryptsy.

   

   

Expanding a few more inputs and it only connects together more of these addresses with same pattern, as well as secondary output going back to a Cryptsy address:

   

So in summary, this would be a completely legit mix (centered), if it didn't all come from Cryptsy in the first place (with the exception of 1 tx accounted for):



I only found one address that wasn't labelled Crypsy entering this mix, but it was with 11 BTC, so couldn't of been part of it alone (with outputs being 1000+ or <0.1). This is why you don't do DIY mixing basically.

This is what eliminates the element of doubt that these coins were originally stolen is the reality and probably why they are considered 100% stolen as opposed to 25% "tainted" (mixed) for example.

---

As for plausible deniability from the user in question, for sure, he could of received those coins in good faith from the thief.

For example in tx 557ddcdd1, the hacker could of paid for 30 nights in a hotel room costing 0.256 BTC up front, using 30 different addresses to pay. Or bought 30 different things for 0.256 BTC with the same transaction, gift cards, games, cds, who knows. The one receiving the Bitcoin likely wouldn't be checking to see if the funds were stolen or "tainted". 30 donations of 0.256 BTC sent to 30 charities? Anything is possible here.

Even before then, the thief could have purchased something for 15.6 BTC, and the user in question was the one to have broken it up into 0.256 BTC increments, or maybe even their employer did before paying their staff. Only to find out the funds were "tainted", because they were stolen 8 years ago. Gutted. Why would the user come here complaining about 0.256 BTC if they still had thousands from that 11K hack anyway? That wouldn't actually make sense either. There are still plenty of unspent outputs of much higher value from this hack I noticed.

So despite the overwhelming evidence that these coins were indeed stolen (as shown above, the coins were only mixed with each other, not with others in any effective manner), it's still not possible to prove that the user was the one who stole them. I'd like to think anyone is "innocent until proven guilty", rather than the idea of having to prove someone's innocence in order not to be considered guilty. So would providing KYC prove your innocence? Of course not. It would just guarantee police/fbi attention, whether you're the hacker or not. So of course you wouldn't want to provide it if you don't want to be caught or wrongfully accused.

Credits: https://oxt.me

I personally would not do business with them, as it is all nonsense. They are supposed to have been in business for many years? I don't know if they started implementing these rules on apparently stolen funds recently or it was the exchange they work with but the explanations they give don't make much sense.

One thing I noticed from the Open Change representative was a clear lack of understanding exactly how serious this matter is. They have not really done themselves any favours by saying they have returned the stolen 10% of the funds to OP therefore the matter is closed. Their shady business practices ensure the matter cannot be closed on whim or their say-so.

I agree, Open Change should be avoided at all costs because there is a serious risk of them users having funds stolen.

The issue with your line of thought is that you assume if we flag coins as stolen, they will be returned to the legitimate owner. These funds have moved hands so many times over so many years and evidently also gone through a mixer that it's impossible to now ask the 'last owner' of said funds to return them. It's also nothing that ever happened; instead it's used as an argument to just confiscate funds. In this case, they were sent to an exchange's main address and jumbled together with all other deposits. So they don't actually care about returning funds to victims of theft, but simply keep them to themselves.

What does opensea has to do with this case? Answer us how are the funds from criptsy hack correlated with the OpenChange depositing transaction.

But, it doesn't prove it, unless ChipMixer provide us a signed message from these outputs, stating that it does. I can create 10 outputs, each funded by 0.256 BTC, and make you believe it's theirs, by the same reasoning.

If the exchange "has no matter" for mixer usage, why does it forbid it in their terms of use?
This particular case is a good example of why taint analysis can do a lot of harm.

AMLbot is designed to do one thing; taint coins in a subjective manner. That's the real scam.

No, you both get it wrong, first you don't have to look for a direct connection between those 2. I don't say the sender has to do something with criptsy or chipmixer at all. The bitcoin is directly originated from the criptsy hack in such a way that the coins received at the end by open sea are directly originated from that hack/stolen, also the model of the txo's reflects that chipmixer was used. It goes even more complicated because the exchange has no matter if the mixer was used or not. This transaction is a clear example why mixers can do a lot of harm.
But, I won't trust this exchange only because it uses that AMLbot (btw russians) which is a scam.

The only proof which should be needed is to point out that the coins are very clearly from ChipMixer, which anyone who spends two seconds looking at the transaction can clearly see due to their unique chip funding transactions. To still state the coins are "stolen 100%" after you know they have been mixed means you either don't understand bitcoin at all or you are actively trying to scam.

What are you saying? That OP, who withdrew that chip from ChipMixer, also made the deposit which created that chip? Despite the chip being created almost 3 months before OP used it? And your proof of that is what?

---

Also worth pointing out that AMLBot is also used by Antinalysis, which as I've pointed out in another thread, flags lots of coins from large centralized exchanges such as Binance as similarly tainted. Its analysis is worthless. This is also evidenced by the fact that it thinks coins which were stolen 8 years ago, have moved 5 times, and have been mixed, are still "100%" in possession of the same user, which is utter nonsense.