Almost all of you know that eXch started as a project aimed at demonstrating to the community that alternatives can exist during times when there were none. We have never had any financial goals with this project and rather, we conducted an experiment that was unexpectedly successful.

Recently, we received confirmation of information we had previously, thanks to some friends we have even in the state intelligence sector, that our project is the subject of an active transatlantic operation aimed at forcibly shutting our project down and prosecuting us for "money laundering and terrorism."

Even though we have been able to operate despite some failed attempts to shutdown our infrastructure (attempts that have also been confirmed to be part of this operation), we don't see any point in operating in a hostile environment where we are the target of SIGINT simply because some people misinterpret our goals. Starting from the date of the merger with a new management team this month, and as a result of some urgent meetings, the majority of us voted to cease and retreat instead of going against strong winds, because none of us want to cause any harm to innocent people or this forum.

The goals we certainly never had in mind were to enable illicit activities such as money laundering or terrorism, as we are being accused of now. We also have absolutely no motivation to operate a project where we are viewed as criminals. This doesn't make any sense to us.

Originally, we were just a team of privacy enthusiasts with main areas of interest quite distant from cryptocurrency, where we saw the absolutely unfair happenings. This project was an attempt to restore balance in this industry.

Our project has demonstrated that an instant exchange done properly can be more effective than any centralized mixer in terms of privacy, which is why it has been referred to as "a mixer" many times by third parties, even though we have continuously rejected this label.

Our project has shown that it's possible to operate without abusing customers with nonsensical policies, unlike projects that will accept this announcement as a "weight lifted off their shoulders" that pretend to believe the false idea that confiscating crypto from customers somehow prevents "money laundering", who rely on random and unreliable scoring systems created and operated by companies that are parasites aiming to extract money from their governments by providing consulting based on the segregation of the crypto space and blockchain data. If we were to look at these projects from the perspective of "preventing money laundering and terrorism financing", any instant exchangers that screen their customer deposits using third-party APIs and appeal to nonsensical AML/KYC terms are far from preventing money laundering and terrorism. If they were serious about this, they would need to stop hiding behind shelf offshore companies and start conducting strict due diligence on every customer, which none of them do in reality. The absurdity is compounded by the absolute uselessness of the address score reporting APIs they use, as any of these screening mechanisms can be easily bypassed.

Our project will also demonstrate that even without it, this space will continue to have ways and instruments for those engaging in illicit activities to effectively "launder" their funds. Thus, the goal of stopping eXch under the belief that it may stop all money laundering in the world is ridiculous.

Meanwhile, our project effectively provided privacy to all our customers and even anonymity to most. However, there are still far more effective ways to achieve it, thanks to these flagship projects that exist nowadays:

- Monero, with its total privacy, although not without some recently discovered issues that are serious and should be fixed with the Full-Chain Membership Proofs implementation
- Litecoin, with its optional privacy (MWEB)
- Dash, with its optional privacy
- Tornado Cash
- Bitcoin CoinJoin protocols

Another distinctive project that does not betray its mission is Thorchain. Even under the immense pressure that the whole industry had to deal with due to the irresponsible actions of those at ByBit, Thorchain was the only decentralized protocol that resisted the pressure to implement screening mechanisms at the protocol level, proving itself to be absolutely reliable. Even though all Thorchain trades are transparent on-chain, privacy and even total untraceability can be easily achieved when combined with some of the privacy-enabling projects mentioned above, when used correctly. However, the Thorchain network currently has a very limited choice of good interfaces, aside from Asgardex and MMGen wallets, and none of them are privacy-preserving, but we hope this can change.

Bitcoin privacy remains, however, in the midst of a notable crisis given the collapse of all important projects and protocols that had significant liquid CoinJoin-like pools. The most interesting and convenient of them in terms of usability remains WabiSabi; however, it needs some lightweight client implementations to achieve greater popularity in order to effectively prevent serious risks associated with Sybil attacks. We certainly know that most people in this space prefer lightweight solutions to heavy software solutions, and this factor can significantly affect the popularity and usage of any good project.

Given this, we are announcing a 50 BTC open-source fund to support any FOSS projects aiming to enhance the availability of privacy solutions. We hope we can still make a difference. Here are examples of the projects we will support:

- Bitcoin wallets and protocols aiming to preserve user privacy
- Lightweight clients for WabiSabi
- Thorchain wallets aiming to preserve user privacy
- Bisq Light Client
- Ethereum wallets and smart contracts aiming to preserve user privacy (an example of such might be a "non-rigged" fork of Railgun smart contracts and wallets allowing users to operate in Tor)

Unfortunately, we will not support projects that are written in Java, NodeJS, Go, or C#, especially developers who don't take module chain supply attacks seriously and believe they're some kind of "conspiracy theory".

There will be other projects that will hopefully take our place as the industry leader in privacy-oriented centralized exchanges, and we wish them success.

Our partners will still have access to our API for a limited time, but what happens after May 1st will depend on our new management team, who will be in possession of all access to our infrastructure. Thus, we recommend launching their own liquidity pools to guarantee seamless operation. We will provide consulting and recommendations to them.

Privacy is not a crime.

[thread locked for a few days for propagation]

After the World Food Program USA (https://www.wfpusa.org) announced they accept Bitcoin (https://www.wfpusa.org/news-release/wfp-usa-now-accepts-cryptocurrencies/), we have just made a donation of 1 BTC to their organization:

https://mempool.space/tx/7874ce3009ec1b210f8b0920f696116d0dabf023f74fc52487e662e176e90ab8

[April 2025] eXch is about to merge with a company in another jurisdiction and leave the company in Belize. We will have new shareholders and new members on the management board. This merger is related to our decision to sell half of our company in order to reduce risks for our founding team and guarantee that we can continue operating without giving up our values. Our new partners are longtime Bitcoin and privacy enthusiasts whom we trust.

[April 2025] We are aware that there is an ongoing operation targeting our service by some law enforcement agencies with the goal of adding us to the OFAC sanctions list and possibly seizing our infrastructure (good luck to them, nevertheless). Since it's primarily coming from U.S.-based agencies, we will update our ToS to inform our users in the U.S. not to use our service and warn them about the risks of being prosecuted in their country for using a service like ours. Since we have no logs or any IP-detecting capabilities, we won't be able to enforce this policy; thus, we can't be held responsible for any regulatory violations. We have already developed a legal framework to ensure that the responsibility for regulatory violations is applied to our customers and not to us, which will also be outlined in the ToS. This might also apply to some countries in EU with the worst recent regulatory updates that target privacy services, however, it's not confirmed yet.

[July-August 2025] We will delist USDT and USDC from our platform in order to provide stablecoin exchanges on dynamic addresses without risks for us. Unfortunately, operating USDT and USDC is not possible on non-static addresses without the risk of them being blacklisted by Circle and Tether. Thus, the stablecoin we will provide is DAI, which is the only reliable and non-custodial stablecoin currently available that has no address blacklist functionality in its smart contract. Since many of you may have already noticed, we have stopped operating our ETH liquidity on our old aggregation address (0xf1da173228fcf015f43f3ea15abbb51f0d8f1123) because the transparency we provided was not valued but instead abused. Therefore, we see no reason to continue operating on our static addresses given the high level of toxicity from the whitehat industry directed at our service. The same applies to our BTC aggregation address - the pool now uses one-time change addresses, as per the default Bitcoin Core configuration, so nobody can associate the outputs with eXch as easily as before.

Marian Muller from Caudena: "There is no room in our industry for bad actors such as eXch that undermine the integrity of the crypto ecosystem and knowingly process transactions known to fund North Korea’s regime."

https://caudena.com/exch-analysing-the-infrastructure-of-north-koreas-favourite-mixing-service/

So it seems now random people like Marian Muller from Caudena decide who can be in the industry and who can't; thus, next time you think of opening an exchange, don't forget to ask for Marian Muller's permission.

But in reality, we would like to address Marian's lies, as he seems to be a very incompetent researcher content writer who constructs his opinion based on the opinions of other, even more incompetent researchers, and prefers to throw dirt at our service instead of doing his own research and appealing to facts.


On calling us a mixer:

Marian argued in his article that just because we accept money from mixers, it makes us a mixer, which is a very common fallacy that newbies in this industry take.

We would like to remind Marian that the fact a service accepts funds from mixers doesn't make it a mixer at all.

eXch is an exchange that doesn't consider mixing services and privacy protocols illegal and has the full right to process money from them.

We accept funds from non-banned (that translates to non-OFAC-listed) centralized mixers and CoinJoin protocols that are totally legal outside the U.S., where we don't operate.

We also accept funds from Tornado Cash because it's not illegal anymore.

We accept Monero after all.

If you think mixers are illegal or have any problem with us accepting money from mixers, it's merely your problem, and you should seek medical help from your psychiatrist, instead of trying to speak on behalf of the whole industry.


On counting our deposit addresses that go into the thousands:

Yes, we are an exchange. Exchanges use individual and unique deposit addresses per customer. We have thousands of customers. It's surprising that the author didn't know how exchanges work prior to publishing his article.

However, you were only able to count them because we allowed you to. We were using static aggregation addresses for transparency reasons without trying to hide anything (and in order to not be called a mixer), but it seems in this industry the more transparent and honest you are, the more scrutiny you will get.


On us "heavily" depending on Thorchain:

Marian's infographics that falsely misrepresent eXch as the originator of some Thorchain transactions do not represent the truth at all. There are many lesser-known other services that use Thorchain as well, and some people, like Marian, thinking all transactions in the network that don't use affiliation handles belong to eXch is a common fallacy.

Our Thorchain usage is really minor in comparison to our own assets' daily movements, and there are some exceptions when we move 30-50 BTC between our wallets to rebalance our liquidity that happen 1-2 times a month.


On the lack of evidence in Marian's article:

The article doesn't represent any factual appeals, instead relying on some screenshots of his custom NodeJS site that is built to represent eXch in a bad light for the purposes of writing that article.

We have analyzed the information represented in these screenshots against our own statistics and found nothing nearly comparable to what it says about us.

With this exact approach used by that writer, you can take Binance or ByBit's addresses, grab their volume numbers, and divide them into blocks of good and bad transactions, which actually proves nothing.


On eXch being North Korea’s favorite mixing service:

With this toddler-level of statements, Marian could as well call us fascists and burn some Teslas, similar to what people who hate Elon Musk do.

The fact we processed a very low amount of the total ByBit hack doesn't make us anyone's favorite service. The fact that Elliptic has refused us as a customer due to their elitist policies when a year ago we tried to adopt the policy of rejecting stolen funds by refunding them to the sender should concern him more than us processing some small portion of hacked funds from ByBit, which we admitted already in our previous publications.

But honestly we don't need to, because we don't consider opinion of people such as Marian Muller or his peers any coherent and will continue to do what we find best for the industry, which is shielding people seeking some privacy on-chain from people like Marian.


Conclusion:

The article published on Caudena about eXch was written by an unprofessional blogger whose intention was rather to represent eXch in a bad light than to provide facts.

We at eXch believe there is no room in our industry for such bad researchers and liars as Caudena, which allows scum like Marian Muller to write accusatory articles without foundation, like he wrote about us in an attempt to sell himself to federal agencies as an investigator.

Such misrepresentations can seriously harm the ecosystem and mislead law enforcement authorities, which can be dangerous for the industry.

We are excited to announce our donation of 2 BTC to the developer of the MMGen multicurrency wallet in the transaction ID b97638e1c0de516e99689034fa303ca205b5dffbd67848beb3f01bf9b3829d59

This wallet is being actively developed since 2014 and received almost no donations or community attention since that it deserves. This donation is to express our appreciation to its author for their continuous work for past 11 years. We have also added it to the wallet recommendation section on our website.

Official thread: https://bitcointalk.org/index.php?topic=567069.0
Official website: https://mmgen-wallet.cc
Github: https://github.com/mmgen/mmgen-wallet

- On Decrypt and ethical journalism

We would like to extend our gratitude to Decrypt.co and other media who interviewed us for not only sourcing Twitter posts as credible information but also for seeking insights from sources outside of Twitter, unlike some other media companies. This highlights a concerning trend within the crypto media landscape, where random Twitter posts are often treated as credible sources of information. Good journalism is about high standards of source verification.

- On the Bybit hack

The recent Bybit hack, like previous incidents of this nature, underscores a significant lack of well-trained work force within the cryptocurrency security sector. If a billion-dollar exchange can lose such a substantial amount of money due to a rookie smart contract deployments, it raises serious questions about the overall security practices in the industry.

The Ethereum developer ecosystem has long been one of the worst due its preference for languages like Node.js, which allow for easy intrusion into developer machines through malicious NPM packages. A recent incident involving North Korean Lazarus hackers demonstrates this vulnerability, as they successfully infected hundreds of systems via compromised NPM packages (https://www.bleepingcomputer.com/news/security/north-korean-lazarus-hackers-infect-hundreds-via-npm-packages/). This is precisely how the machine of the developer of Safe Wallet (who hopefully will consider renaming its brand) was hacked, permitting altering ByBit's smart contracts after. What is even more concerning is the continued negligence among developers who ignore the security threats associated with their chosen languages. Many still mindlessly execute `npm install` on every random repository they download from GitHub, exposing themselves and their projects to significant risks.

Now ByBit desperately offers a total $140M reward to people who helps to recover stolen funds, meanwhile with a such large amount you could afford a few well-trained CISOs outside crypto industry (since inside it it's hard to find somebody competent) making sure you wouldn't lose money this way anymore. Their campaign's website also lists misinformation about eXch on purpose, which proves that ByBit was always hostile to eXch.

- On ZachXBT's tasseographic blockchain analysis

Given Zach's apparent lack of professional education and training in practical information security, it is unsurprising that he and other amateur, anonymous, and pseudonymous researchers, who rely solely on Twitter presence, often make mistakes in their superficial blockchain analyses. Experts from eXch, with professional backgrounds in both blockchain analysis and information security, have conducted their own research into the ByBit exploiter's funds flow, focusing on a specific batch of ~10000 ETH and uncovered the reasons behind the erroneous allegations of eXch's involvement outside its official Ethereum address.

Our investigation revealed a relatively new Bitcoin privacy service that advertises exclusively on Tor-only forums, utilizing Thorchain to process user funds. The transactions from this service closely resemble our rebalance operations through Thorchain, leading to confusion due to the shared parameters, which default to a very old and customized version of ThorSwapKit dropped by its dev to their Discord chat by request of a few users, that we also started to use back in time (this version uses parameters of when this software was in an experimental development stage and is not available anymore). The ByBit exploiter's funds were diverted to a wide variety of bridges, centralized/decentralized exchanges and mixers in an extremely short time frame, and given that some mixers use eXch as one of their backends, this explains how some funds ended in our mixed pool later. Zach's reliance on his favored timing analysis technique, which compares sets of blockchains to identify similar amounts and transactions making it a form of fortune-telling, which is why he and others mistakenly misattributed some ByBit exploiter's transactions to eXch in hopes of gaining financial merit from ByBit, neglecting deeper research, that is typical for this kind of researchers and this is also a reason why we always call them amateurs.

The name-calling and marginal behaviors exhibited by certain "researchers" on Twitter raise significant concerns about their professionalism and competence. It is troubling to observe that even in the event of a mistake regarding eXch, which was confused with another service, they gloat in such a manner. One must wonder how they would react if eXch were genuinely placed in a vulnerable position. Interestingly, when FixedFloat or ByBit experienced losses due to rookie mistakes, they were not subjected to ridicule or called "clowns." However, it is clear that if eXch were to face a similar situation, these individuals would undoubtedly revel in the opportunity to gloat, driven by their apparent animosity towards us.

As Zach has previously stated, "I will make sure to use all my influence to destroy you," a sentiment he has expressed regarding others in the past, we will utilize our knowledge and professionalism to deflect all cheap provocations and false allegations directed at us.

Right to the point, it's absurd how these wannabe-researchers allow the proliferation of eXch's phishing domains while doing absolutely nothing to address the issue. This inaction logically suggests a lack of capability or willingness to effectively manage their responsibilities in the realm of cybersecurity.

- On reception of eXch in the whitehat and establishment communities (and on conspiracy and malicious acts committed against eXch's infrastructure in attempts to claim the Lazarus Bounty reward)

When eXch was established, our objective was to provide a balanced solution that bridged the gap between mixers and government-regulated entities like compliant centralized exchanges (CEX). We anticipated that our approach would be appreciated, as we are neither a mixer nor a CEX that disregards user privacy. However, recent circumstances have proven that many in the whitehat community have acted with hostility towards us.

Despite our previous engagement with them, we have been met with a series of aggressive actions that raise serious concerns about their ethical standards. These include DDoS attacks on our platform, unauthorized penetration testing (SQL injection, XSS, port scanning and service exploitation attempts), and takeover efforts from individuals claiming to be whitehats*.

1. We have faced server takeover attempts from individuals identifying as whitehats** who leverage their connections within hosting companies to undermine our operations. A notable incident involved the submission of what appears to be a fraudulent subpoena to OVH or just a friend working there, making OVH to dump the hard disk from one of our frontend servers. This led to OVH shutting down the server, pulling out the disk, and dumping its contents - all within approximately one hour - before switching the server back online, according to what we were able to observe later in the BMC's IPMI SEL logs related to hardware events that they forgot to clear.
This happened on the 2nd day after ByBit announced their bounty reward. If this action was not government-authorized, it constitutes illegal unauthorized access, use, disclosure, disruption, modification, or destruction of our property, which is prosecutable under multiple federal laws, which was a pathetic and a failed attempt to disrupt our service naively thinking our core infrastructure is located there so they can steal coins from us and share ByBit's reward.

2. A few days later, we have received a few emails from Cloudflare with reports of multiple takeover attempts of our Cloudflare account, involving sophisticated social engineering techniques to try to convince Cloudflare to give up them the credentials, which was successfully identified and prevented by Cloudflare, thus many thanks to their security team. Here is one of them:



3. For two weeks and up to this date, we are experiencing a high volume of automated penetration testing attempts directed at our website, making them look to come from popular automation vulnerability testing kits that amateur hackers use. This makes obvious to us it is whitehat circle attempting to disrupt us in spite of getting ByBit's reward.

Given these experiences, we can no longer afford to be "nice" to those who have shown us such blatant disrespect. Our previous efforts to maintain a balanced relationship with the whitehat community have yielded nothing but demotivation and hostility. As a result, we will now act according to our own interests without attempting to appease those who have proven themselves unworthy of our attention and consideration. We had initially believed that the whitehat community would appreciate our commitment to privacy and blockchain security, however, the actions of certain individuals have revealed a darker side, where the line between whitehat and blackhat behavior becomes blurred. These individuals exploit their influence to shield themselves from scrutiny, allowing them to engage in malpractices without fear of accountability.

In light of these developments, we are committed to moving forward with our mission, focusing on our goals and the integrity of our platform. We will continue to uphold our standards of professionalism and ethical conduct, while remaining vigilant against those who seek to undermine our efforts.

* When we refer to "whitehats," you may already be familiar with some of their names, as they have been mentioned multiple times in this thread. However, there are additional names not previously mentioned, such as Nick Bax (aka @bax1337, where "1337" is a self-proclamation of being a "1337h4x0r" - just like many others of these false Messiahs).

** These individuals often refer to themselves as "ethical hackers" and what they actually do to us makes them the completely opposite.

- On money laundering allegations and the chinese cryptocurrency exchange mafia

According to the aforementioned whitehats, it appears acceptable for major players to launder money, as evidenced by the earlier multiple cases in which OKX, Huobi and ByBit laundered money from hacks. They conveniently ignore such news, yet when non-KYC platforms like eXch process even a small amount of dark funds, they suddenly adopt a dubious moral high ground, starting their witch hunt on platforms like ours.

https://hacked.slowmist.io (<--- a free advertisement to the one-man company who hates eXch most) lists a lot of events in the past where the hacked funds can be traced in amount of millions to many large CEX, but their addresses were never given "community notes" by Etherscan. On the other hand, Etherscan given to make the part of their mafia, of course aims to attack our reputation by putting cheap "community notes" targeting our address but never targeting addresses of those who feed them even when these addresses process even a lot more shady funds that can't be even comparable to us.

- On community and some major players support

We extend our gratitude to those who have supported eXch throughout this challenging period, including Binance and Coinbase, who have remained steadfast in their commitment to our service despite the ongoing defamation campaign against us.

- On what's next

With all these events we will have to take a lot of countermeasures to make sure our operations are not affected as well as to protect our company. There will be some significant changes in regards on how our service operates which obviously won't affect our partners and users, but will provide us with some extra protection. Some of them were already mentioned in some posts here, but some of them not and will be announced in the next posts.

Dear friends, we express our cordial gratitude to everyone who stood by us during these difficult times.

This thread has been unlocked now.

There will be a big press release posted here within a few days, covering a lot of the details related to the past events.

Dear friends, to prevent any further FUD and bad energies caused by constant attack on our exchange by a small group of people abusing their influence, we are locking this thread for next 48-72 hours to prevent further dissemination of false information about eXch.

To reiterate, we would like to highlight that:

- All funds are safe

- Our operations are not affected by the ByBit hack in any way

- We are not laundering money for Lazarus/DPRK (the opposite opinion is solely a perspective of some people that wish decentralized coins' fungibility and on-chain privacy to vanish, these are long-time haters of decentralized crypto in general)

- The insignificant part of funds that was processed by us from the ByBit hack in an isolated case will be donated to various open-source initiatives dedicated to privacy and security both inside and outside crypto space. This attack on our exchange is a perfect example why we need to stimulate and support Bisq userbase growth imminently (which will be possible with Bisq Light Client within next 1-2 months), because nobody can judge a decentralized protocol.

- Hopefully, Etherscan will reconsider the "communnity note" they put today for our address pushed as a result of misleading statements of some amateur researchers that harass us, given that ByBit exploiter funds do not enter our address anymore and it's just an obvious and proven fact, which everybody can confirm. This is basically a result of continuous witch hunting on us for being the last centralized accountless non-KYC exchange out there that doesn't scam its users, where some major hack unrelated to us is being used as a precedent to attack our reputation. For some reason, they haven't put such warnings for Thorchain Ethereum addresses, that have already processed more than 200 times the total amount we processed yesterday and will continue.

For any questions, feel free to contact us using official channels (SimpleX, email and support tickets on our website).

Love and prosperity to everyone,
Sincerely yours,
Johann from Private Project Facilitators LTD / eXch

Today, ZachXBT referred to our team as "clowns" in a post that attempted to be humorous, falsely claiming that we accidentally sent funds to an incorrect address.

For the public record, we categorically state that the information in his post is a pure lie, because (a) the transaction in question does not belong to us, and (b) any professional researcher would recognize that the only Ethereum address we operate on is 0xf1da173228fcf015f43f3ea15abbb51f0d8f1123. There are no other addresses on the Ethereum blockchain, aside from deposit addresses that interact with this address, that are associated with our exchange.

This is not the first time ZachXBT has made unfounded statements on his botted Twitter account, seemingly for the sake of gaining attention (e.g. https://bitcointalk.org/index.php?topic=577207.msg64767483#msg64767483). We have previously cautioned the public about the risks of relying on the opinions of amateur researchers like ZachXBT and his teenage peers, once again demonstrated a lack of competence and professionalism.

Our respect for ZachXBT has diminished over time due to his repeated inaccuracies, but today marks a clear point where he has proven himself to be toxic, incompetent, and generally untrustworthy. We urge the community to verify information from credible sources and to approach claims made by civilians like ZachXBT with caution.



1. eXch is NOT laundering money for Lazarus/DPRK.

2. The insignificant portion of funds from the ByBit hack eventually entered our address 0xf1da173228fcf015f43f3ea15abbb51f0d8f1123 which was an isolated case and the only part processed by our exchange, fees from which we will be donated for the public good.

3. Any claims by ZachXBT and others on Twitter regarding transactions not related to 0xf1da173228fcf015f43f3ea15abbb51f0d8f1123 that are falsely attributed to eXch are a targeted FUD attack on our exchange.

"The wheel is come full circle..."

[Image expired and removed by OP]

We have added Brume Wallet (https://github.com/brumeproject/wallet) to our recommended wallet list.

This wallet allows fast standalone private key generation and address derivation for Ethereum, setting it apart as a truly distinctive option in the market, as no other consumer-grade wallets offer this capability. Additionally, it positions itself as a privacy-focused solution designed to operate seamlessly through Tor, underscoring its uniqueness.

Meanwhile this wallet is available for other platforms, we have decided to provide it as a mobile-only recommendation available on the main F-Droid repository for safety reasons.

We do not recommend its browser version because it requires a dangerous WebAssembly technology (aka "the modern-era Flash") to be enabled in the browser, which doesn't contribute anything good to the already heavily bloated landscape of the World Wide Web. (Learn about what dangers represents WASM and how to disable it here: https://github.com/stevespringett/disable-webassembly)

We sincerely hope that the developers will reconsider their decision to require WASM-enabled browser from users and make it optional in the future.

This letter serves as a public domain demand letter to all the following entities that follow and read this Bitcointalk thread, but not limited to:

* U.S. Internal Revenue Service (IRS)
* U.S. Department of Justice (DoJ)
* U.S. Securities and Exchange Commission (SEC)
* U.S. Federal Bureau of Investigation (FBI)
* Federal Deposit Insurance Corporation (FDIC)
* Fiscal Information and Investigation Service (FIOD)
* Office of Foreign Assets Control (OFAC)
* And all other entities with institutional power that currently use it to influence on how cryptocurrency-related projects operate.

To all the relevant and entitled entities above,

Following applicable anti-monopoly market laws, you are COMMANDED to use your institutional power to force the following companies to stop discrimination and abuse against eXch:

1. ByBit exchange (artificially lowering eXch's risk score for intentional reputational influence)
2. WhiteBIT exchange (artificially lowering eXch's risk score for intentional reputational influence)
3. Elliptic (assigning a "red" risk score to eXch solely due to the fact that we do not ask users for KYC information)
4. TRM (assigning a "red" risk score to eXch solely due to the fact that we do not ask users for KYC information)
5. AMLBot (assigning a "red" risk score to eXch due to personal issues with our exchange)
6. Ciphertrace (government contractor advisory services with a biased stance against eXch and corrupt practices, blackmailing companies like ours by demanding customer data in exchange for "favorable" scores across the chain analysis ecosystem)
7. SlowMist (government contractor advisory services with a biased stance against eXch and defamatory declarations about eXch on Twitter)
8. CFInvestigators (government contractor advisory services with a biased stance against eXch)
(* this list does not reflect all the entities but contains the most abusive ones that influence the market)

All the above companies abuse their status to:

a) Prevent coins originating from our exchange (eXch) from entering their cryptocurrency wallet pools without any fair or legal ground for doing so
b) Tag eXch-known addresses as "high risk" solely because we refuse to ask our users for KYC information
c) Publish and distribute misinformation and defamatory materials about us

We expect the mentioned companies in this letter to:

1. Send a letter to our company with apologies for the intentional damage caused to us and our customers by their actions of suspending their customers' funds when they used our exchange

2. Stop immediately any discrimination against our exchange and the coins sent from addresses belonging to our exchange

3. Release immediately any frozen funds on their exchanges illegally "seized" from their customers on the basis of the wrong risk scoring of our entity (eXch)

Upon lack of a response satisfactory to us after the next ninety (90) days, counting from the date of this publication, we (eXch) will stop making it possible to identify our public cryptocurrency addresses for the Bitcoin and Ethereum blockchains, making it impossible for your contractors to trace coins entering and exiting any of our aggregation addresses in the future due to the activation of the eXch Aggregation Pool Customer Shield protocol. This protocol will prevent the association of our aggregated coins with our exchange in your partners' and contractors' blockchain analysis databases. Amateur blockchain researchers existing within the Twitter ecosystem will also be unable to link any transactions to eXch, which will make them unable to provide efficient voluntary help to your entities.

For any questions associated with this demand letter, please use our official email address support@exch.cx or SimpleX Chat handle specified at our contact page.

We have to correct ZachXBT on his recent post where he mentioned eXch:

https://twitter.com/zachxbt/status/1859233128159551691
[nitter]


For the public record, we hereby state that there are absolutely no indications of these funds exchanged through us being converted to Litecoin.

Meanwhile we couldn't extract the data to determine what currency was used exactly because we do not store any order data more than 15 days, we were still able to confirm that our node sent no identical LTC payments within that time frame, thus the affirmation about Litecoin outputs ZachXBT posted in his Tweet is 100% erroneous.

We have used the same technique ZachXBT and other investigators often use in investigations (on-chain transaction timing correlation across a set of different blockchains) to verify the veracity of ZachXBT's results and since we got more resource for that being the entity he tried to investigate, we were able to determine the absence of Litecoin transfers with more precision, confirming that the information published by ZachXBT assuming Litecoin outputs is false.

We hope amateur investigators like ZachXBT could reduce the amount of information based on assumptions in their publications, since they perfectly know that most of their audience can be easily misinformed with marketing purposes. It is also important to highlight that with mistakes like that amateur investigators like ZachXBT may put in danger innocent users who might be targeted by law enforcement by mistake because they (LE) often rely on information provided by amateur CT investigators like ZachXBT, EvilCos, Fun, SomaXBT, Tayvano and some others without additional verification or confirmation.

To be clear, we have reached ZachXBT with a correction comment before publishing this however did not receive any response.

We have noticed that one forum representative of a recently born exchanger named something like "The Change LTD" openly called us criminals and dishonest in their recent thread posts. We were actively monitoring progress of that particular exchanger during all its journey on Bitcointalk, from the launch of their marketing campaign to its end, wishing them to succeed because we don't like the fact we are the only centralized full non-KYC exchange around and we actively hope to get a decent competitors, which unfortunately didn't happen yet.

That exchanger from the neighbor subforum is a perfect example of a how to not do this business, since problems always come when such projects aiming to bring eXch some competition while failing to learn and understand the very basic keys to success in this business.

Three fundamental principles that help eXch to be what it is now are honesty, transparency and high standards in information security. We think that if a non-KYC exchanger lacks at least one of these, it shouldn't even think to join this business, because without these the project won't bring anything useful to the industry but will only make it worse because weak projects that lack or don't defend their ideologies often become victims of the regulatory pressure (i.e. corrupt practices of Ciphertrace that we will expose in one of our next posts). This is what exactly happened with that project who indirectly called us names in an apparent moment of frustration and failure.

That project adopted the strategy of relying on third-party exchanges hoping they will be able to get any significant audience/volume while deciding to team with guys that teach and indoctrinate their downstreams anti-crypto ideology.

Their new partners WhiteBit/AMLBot take dishonesty and disrespect towards crypto users as their key life principles, slowly contributing to destruction of neutral and decentralized cryptocurrency market.

WhiteBit/AMLBot while being criminals themselves with having funds sourced from russian carding projects and doing wash trading artificially pumping their WBT token to exorbitant heights using fraudulent practices, present themselves as visionaries of "clean" cryptocurrency that, in their opinion, do the good to "clean this space from cybercriminals" (that are in reality just innocent CoinJoin/privacy protocols users) by freezing its users and its partners users coins right and left without users being able even to have it back. They use various sets of AML/KYC policies to falsely accuse users of being criminals, having their partner AMLBot randomly marking addresses as high-risk up to their judgement without employing any transparency.

WhiteBit/AMLBot onboard small exchangers that need liquidity, like one the subject of this post, and start to indoctrinate them in their focused Telegram groups on what's good and what's evil consistently with their own interpretation of it, which basically consists of assuming any business/user that doesn't want to KYC their users/peers is evil criminal.

Interestingly enough, that specific small exchanger that started public hate campaign against us in their thread, has its origins on the forum called "Zelenka" where they have a public security deposit - a forum where a significant part of the russian cybercrime scene reside, sharing botnet/C2 related tools and exploits all over it. eXch has never advertised on cybercrime-oriented or darknet forums nor participated in illegal activities, but yet, that small exchanger called eXch criminals while most probably having criminal background themselves, given the nature of their origin forum.

Secondly, on calling eXch dishonest about its volumes. Anyone who thinks our volumes are exaggerated or unreal probably doesn't understand how we operate and how much effort we put into our operation, having as a return the necessary volume being made by our users which is necessary for any exchange that operates with its own liquidity. Our loyal users know very well that we were able to get from 50 BTC of base investment into 400 BTC of self-sustained liquidity just in less than 2 years (a) WITHOUT scamming a single user and (b) WITHOUT having to lie about our project operations to the general public. The only third-party we use is the decentralized Thorchain network that does not employ nonsense funds screening techniques (yet) and that is necessary for us to rebalance our liquidity. Apart from that, we do not rely on anyone but our own pools of wallets. We have provided our full proof of reserves many times. We are a cryptocurrency exchange in a full meaning of it.

Others who try to copy us or that lost their users because they now prefer eXch fail to understand what a proper business model consists of and at the end of day get blinded by their hate to us because they lack sufficient knowledge to deploy operational model like eXch has and team up with wrong guys like WhiteBit/AMLBot who make their situation even worse because of constant brainwashing and false prophecy.

Sometimes it's quite sad to see projects with potential chosing wrong path leading to their failure, which apparently still a reason we don't have any honorable competitor yet up to this date (ChangeNow and FixedFloat don't count since they are dishonest and continue to scam their users, thus many stay away from them already).

Meanwhile, we at eXch continue standing by open and neutral Internet and cryptocurrency, having honesty and transparency as our key principles.

And if anybody is curious on what we consider a big no-no, these are:

- ChatGPT for public communication
- calling your custodial wallet/exchange "non-custodial"
- having and promoting AML/KYC policies while lacking any understanding on them;
- relying on bad AML providers like AMLBot and promoting AML/KYC terrorism
- using "anonymity" and "privacy" terms in marketing and announcements without any practical realization of them
- reselling major CEX via API as a primary business model and complying to their AML/KYC policies without being transparent about it with your users
- assuming any of your customers who prefer to use coinjoin or other privacy tech are criminals
- giving a reason to other exchanges who promote AML/KYC terrorism
- bad infosec practices and lack of knowledge in the spectre
- using VPS instead of dedicated bare metal hardware to store data of your customers
- using Cloudflare without at least optimizing it to be Tor-friendly

Who knows, maybe it might be useful to somebody who will finally make a decent non-KYC exchange alternative to eXch.

God Bless neutral cryptocurrency market. Don't let the evil indoctrinate you.

Warning to all ByBit users: your funds and privacy are at risk.

The high-risk exchange ByBit misleadingly designates eXch as a "high-risk exchange". ByBit freezes funds coming from eXch and other exchanges that respect users privacy, asking customers who wish to have a right to privacy for source of funds.

By definition, eXch is a low-risk exchange, because:

• eXch users never risk to have their funds frozen, therefore there is very low risk of losing funds in this context
• eXch never asks for additional documentation that would compromise users right to privacy, representing low-risk trading environment for its users
• eXch users have very low risk of losing their identity confidentiality or funds compared to users of other exchanges because we follow high standards in information security and offer privacy-oriented options such as .onion domain and lack of clearnet infrastructure relying on data-harvesting companies like Cloudflare, also providing our users with secure and private wallet recommentations to ensure they never lose their funds or reveal their digital identify when they don't want to do so

By definition, ByBit is a high-risk exchange, because:

• ByBit users risk their deposit being frozen by ByBit and asked for documentation proving origin of their funds without a right to refund, representing a high-risk environment for trusting funds to them
• ByBit identifies any legitimate on-chain coin sources that can be used pseudonymously/privately (such as eXch, Thorchain or CoinJoin protocols) as "high-risk", by default threatening users who wish to have private on-chain with having their funds confiscated, making ByBit high-risk and dangerous for the whole cryptocurrency industry
• ByBit is abusing its users trust by marketing themselves as "safe" but doing absolutely the opposite by freezing and confiscating its users funds, which is high risk for users
• ByBit is dictating its users what exchanges/protocols they can or can't use, blatantly violating all the ethical and anti-monopoly principles aiming to create fair conditions for all industry players, acting as a high-risk player itself for the whole industry

ByBit is an anti-crypto and by definition a high-risk exchange that does not understand core cryptocurrency cultural values. Meanwhile ByBit performs disinformational campaign calling projects that promote privacy on-chain as "high-risk", which automatically takes all the credibility from them for such misinformation.

We at eXch recommend staying away from high-risk exchanges such as ByBit and others that do not respect on-chain privacy to avoid having your funds randomly lost.

Any high-risk exchanges like ByBit calling eXch "high-risk" are not threatening eXch, they are threatening the cryptocurrency industry in general, creating a dangerous precedent putting basic human rights (such as a right to privacy) at risk.

The current and up-to-date list of centralized exchanges that consider eXch a low-risk exchange equally can be found at our FAQ page.

We are also preparing some countermeasures to protect our customers from abusive practices of malicious AML screening providers and high-risk exchanges such as ByBit that do not value transparency we (eXch) provide, which will be a subject of one of our next forum posts.

We are happy to add Electrum to the recommended mobile wallets list on our wallet recommendations section at our website (https://exch.cx/faq#wallet_security_recommendations).

Electrum is now officialy on F-Droid, thanks to one of eXch team members who helped and cooperated with core Electrum developer SomberNight to make their code compatible with F-Droid standards.

It's now available at https://f-droid.org/en/packages/org.electrum.electrum/

It seems like some of our competitors are really angry and frustrated to the point of being unable to do anything useful for their own business but going here under new accounts and talk random nonsense about eXch...
Our customer base grows daily while theirs decrease due to their AML/KYC scam business model that people don't want to buy anymore in the light of having better alternatives.
Just look what have we done here by ruining long-term plans of some projects that assumed bitcoiners are obedient sheep...
Not even to mention that this guy is not of the most annoying species.
There are whole teams of angry mob on Twitter spreading negativity about us all around, but in fact the more baseless negativity they write about us, the more ridiculous they look :-)  

eXch official statement on recent 4064.37689539 BTC transfer from Genesis Trading
                            
Following two recent tweets of ZachXBT who actively reported these 4000 BTC originating from Genesis Trading as "stolen" based only on a presumption, including a statement from some exchange misleadingly branded "NonKYC" that has confirmed it selectively scams its users:                      

https://twitter.com/zachxbt/status/1825499490956231021

https://twitter.com/zachxbt/status/1830918003724103919

We (eXch) declare, that up to the date of this publication, despite of numerous completely wrong statements in regards to that event coming from both professional and amateur (Twitter-based) researchers, Genesis Trading did not officially confirm they were exploited or hacked, nor they have reached any competent authorities filing a theft complaint, which would be a first step for a supposed victim to define their funds stolen.

While eXch has received and processed a big stash (around 1500 BTC) of these funds in multiple batches, we were acknowledged that Elliptic (a company considered "industry leader" in chain analysis solutions) issued a notice to all their partners informing that the BTC originating from bc1qemvgj4vdk9l9stn4978nf3ce47jw8l9xtzm8am is a result of a theft in the following communication:
 

Since that communication was apparently targeting centralized exchanges, we (eXch) have sent an inquiry to that company (Elliptic) in order to get clarifications on that situation. The answer we received from Elliptic consisted in them not being able to provide any details on that matter nor proofs of the eventual hack which for us was a solid sign that they have none.

We then have found a lot of contacts of older and actual Genesis Trading representatives by doing some due diligence on that company and sent them a direct question asking to clarify whether the 4000 BTC transfer was a result of an exploit or not. The answer we got is a complete absence of answer, which for us was a solid sign of that company not being too much worried about that transfer suggesting this was not a hack at all.

Meanwhile, absolutely every blockchain investigation company has marked this address as a "hack reported by community" with a score of critical risk, suggesting every CEX to freeze any deposits associated with these funds.

The "hack reported by community" tag assigned to that address by every major chain intel company obviously suggest that the only source of their information was this single post on Twitter: https://twitter.com/zachxbt/status/1825499490956231021

Another key point is that eXch has never received any law enforcement request in regards to these funds which means there is no official investigation ongoing in regards to these funds.

Based on the mentioned above, we at eXch believe there is absolutely no ground to assume these funds were stolen due to lack of evidence and everyone trying to claim the otherwise is simply misleading the general public.

We at eXch will continue to defend truth and operate based on facts instead of assumptions, thus we deny any allegations targeting our project in that regards on various social media platforms.

To those curious about who Genesis Trading are, we suggest to visit their official website and a Wikipedia page about them at the following links:

https://genesistrading.com
https://en.wikipedia.org/wiki/Genesis_(cryptocurrency_company)

UPDATE: After some days from this publication, we got a confirmation from law enforcement officials that it was a heist.

Proof of ~90% of our reserves is temporarily available to be consulted at our Bitcoin aggregation address bc1qu2dq8w8lv8v3l7lr2c5tvx3yltv22r3nhkx7w0 (known as "eXch cryptocurrency exchange" by all blockchain intelligence platforms)