Bitcoin Forum
March 03, 2024, 09:20:14 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 »
1  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: February 21, 2024, 11:51:09 AM
For sites I could actually never visit because of CloudFlare it helped to click around on the verify-dialog (or moving your finger around on mobile). Maybe it's just superstition, but at least it always worked for this site with Tor Browser. If it doesn't work there is not much lost.

Thank you for a tip, but due to the nature of our business, our anonymity setup requires a lot more than just a Tor Browser. We do not use Tor Browser to access the Tor network and use a bit more complex solutions such as Whonix Gateway along with multirouted and fully isolated systems.

Cloudflare actually can detect when you use the Tor Browser (yes, that browser specifically) and facilitate access for it, however, when it couldn't determine which setup is used and when it assumes your anonymity is too strong, its detection systems start to be more hostile, specially when you have a Tor exit IP but no Tor Browser detected.

We also do not use mobile devices for this project due to high risks of exposure to possible firmware backdoors implemented during manufacture (this is independently of whether you use clean AOSP builds such as Lineage OS or not). Some desktop platforms are safer in this regards.

I have however decided to use a residential proxy on top of my setup to access this forum from now. Hopefully theymos will consider some better alternative to Cloudflare within next years or at least could re-configure the current Cloudflare settings to facilitate access to users with complex Tor setups. We are also ready to provide technical assistance in Cloudflare-less DDoS protection setup if it's the case.

Is it possible to receive LN BTC from eXch to Blixt wallet? I always got an error message that was along the lines of "the expiration date is too soon" and I am also pretty sure the invoice was not zero-amount. And I found no option to change either.

It should be possible. LN is a relatively new currency added on eXch therefore there might be some issues still which are being fixed. Some wallets still have many issues as well, but that's mostly because most of them use LND instead of Core Lightning as their backend. LND is prone to feature implementation delays, because most people who standartize and implement Lightning protocol are Core Lightning developers.

With this information displayed it would be up to the user of the service to decide and to balance out their current needs (do I need immediate help that I feel comfortable using a ticketing system for? Can I wait a bit longer and use email with PGP?) in order to choose the available options. At the end of the day this would just be another layer of transparency, which is always great from my perspective.

Thank you for the suggestions! We will definitely add that information.

[...] Perhaps it would be better to hide it as well.

I have replied to your PM in this regards.

Do you provide required info (as far as I see only thing you collect is receiver wallet address tho) in such obvious hack cases?


I understand the 5% when they are giving away their XMR, but not when they are receiving xmr. I see 5% on both sides.

Maybe lowering the cost when they are receiving xmr might be a good way to acquire more xmr.

It is back to normal now.

This is really not good. With a little research, you get to the guy.
You should review that. If the image was used on TalkImg, I can try to help if I receive a PM.

Even though it is not from a client, it is still private correspondence. Exposing this email, identifying its origin, unauthorized, is condemnable. And even though we haven't exposed his email, with a little research it's possible to contact him.

I'm not saying he shouldn't share the email he received, just that he should have been more careful.

Thank you for your concerns. It's all good and the agent will be fine. Don't worry.

Yeah except he is an IRS agent, not a customer. He could post the whole email if he wanted to as its not really any sort of breach of customer confidentiality. He did the agent a favor by not leaving the email address in there.


We actually provided a proof of good work of that agent and made him a big favor so he can get promoted in the name of the god-blessed United States of America. He should be honored for making that effort and working on Saturday evening.

Moreover, we were not asked to keep this communication in secret and we have a right to disclose any communications coming from the federal agencies to the degree that we find acceptable. This was an unofficial request, but still from a federal entity we have absolutely no relations with.

I have a question about the reserves you display on your website. My apologies if it was already asked, but this thread has 16 pages, so it's quite time-consuming going through each one looking for the exact thing I want to ask. I have noticed that you always display your XRM reserves as 0, but in the 24h trading volume, we can see how much Monero was exchanged. Is the total Monero reserve a secret or can't the site display it for some other reason? 

Answered in full by paid2

Every time I visited the exchange website in the last couple of days, XMR was always at 0. But you are right. It was showing a little bit above 121 when I saw your quote. A few minutes later and it's back to 0 again. There is great demand for no-KYC monero.

Absolutely. We can load 15000 XMR right now and it will be sold in just a few hours at 5%. At 0.5% in less than 1 hour. This situation has repeated many times already.

Some time ago we were using exchanges like Binance and Kraken to acquire XMR liquidity periodically, but we stopped doing so because they became very uncomfortable with us draining so much liquidity from them, because it became an infinite process.

We are now temporarily back to our old model (customer-provided liquidity only), but expect to resume having constant XMR liquidity soon once we acquire a good and reliable source.

2  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: February 18, 2024, 11:12:24 AM
FixedFloat was hacked.

There will be some juicy revelations about how that service was handling the customer data on the upcoming week.

Update 20/FEB: At the time of this post, the FixedFloat hackers established a contact with us and offered to act as a whistleblower as there was a planned revelation of malicious FixedFloat practices concerning the customer data handling, but since we have rejected the offer, they have also decided to change their plans in regards to the public disclosure and we respect their decision. We were asked to not make any public statements this time, but we still will be able to respond some key questions via private communication to anyone interested (not via forum PM since it's not for the record). The information we have is especially important for FixedFloat customers, thus if you were one, contact us immediately.
3  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: February 10, 2024, 12:22:21 PM
You know the Captcha bypass code exists, right? Cloudflare isn't blocking me, even on Tor.

Yeah, my captcha bypass token was generated many many years ago and I am still using it. The issues I am facing are not related to the forum's login CAPTCHA. And well, lucky you if it isn't blocking you on Tor then.

4  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: February 10, 2024, 11:32:54 AM
By a lucky occasion Cloudflare isn't blocking me from accessing Bitcointalk today and I can finally reply.

Do you intend to try to submit the app to Google Play as well?

No, nor planning to. Google Play is not a safe source of Android applications.

I was hoping that you would add another possibility, which I consider to be a possibility, especially for less experienced users, which relates to transactions that occur by mistake. This means, for example, that he uses the Ethereum deposit address and deposits a token on it. These incidents are often repeated, and platform systems exempt themselves from responsibility, and it is not possible to blame them for abandoning assistance to one of their customers, especially since this possibility of error is mentioned in the terms of use.

I expect that experienced members do not care about filling all the fields because it is always obvious that the refund address is the same address from which the deposit was made. But the matter becomes more dangerous with less experienced customers, since a large percentage of them make deposits directly from other platforms, that is, from one of the addresses of that platform and not from a personal address.

Regarding wrong token deposits:

The situation you described happens from time to time and our standard procedure to handle such cases is to cancel the order and disclose a private key of the deposit address to user. Our users never had problems restoring their tokens this way.

Regarding optional refund addresses:

It's not always obvious that the refund address is the sending address because many use third-party services/exchanges to send funds as deposits to us, therefore our system offers such a flexible refunding model aimed to cover both use cases - custodial and non-custodial. From what I can tell most users are happy with it so far and there were never complaints about it, otherwise we would consider changing it.

Nothing very useful but I laughed when I saw the following list:

Cannot believe and eXch are on the same boat in his mind. "these will die off or remove priv coins" lol

Both ChangeNow and FixedFloat are puppets of chain analysis and intel platforms.

twitter/demchukvm/status/1755180697390571727 (tweet by Slava Demchuk, founder of AMLBot)


What kind of support are you using this days and is posted SimpleX chat connection link working or nor for direct communication ( ??
I am getting some network errors in eXch mobile app.

We use:

- our on-site support ticketing system
- email (both with and without PGP)
- SimpleX

For fast and secure assistance please use our ticketing system as it's monitored and attended by all of our team members. Your communications will be encrypted by our own TLS certificate on our HTTP server without any intermediary third-party servers (such as Cloudflare), since all the frontend servers belong fully to us and operate strictly on bare metal hardware that will be automatically considered compromised by a state-level attacker in case there is a single unexpected reboot to happen.

Email without PGP is also a fast option which is also attended by various people but less secure.

Email with PGP is a slower option, since the PGP key is only possessed by the core admin/founder.

SimpleX is only attended by the core admin who is not always online and doesn't have it installed on a mobile device (which might change later).

Rate increased from 0.5% to 5% ?!?!

I saw the increase to 5%/5.5% too. It seems to be however only for the Bitcoin -> Monero trading pair. XMR -> BTC and also other pairs like BTC -> LTC are not affected.

I noticed that XMR reserves are usually quite low as this seems to be the most attractive trading pair (for quite obvious reasons). This might be the reason for the fee increase, maybe to get funds to purchase new XMR reserves?

I confirm I get the same rates. It must be a shortage, or at least this is my only reasonable explanation. Don't forget that most CEXs don't trade XMR, so XMR flows in the market are limited in general.

Could this be because of the way the price is determined?
Current rate is a median value based on the latest trading data of the following markets: Binance, OKEX, Kraken
Coinmarketcap shows the 24h trading volume for Bitcoin/Monero on those echanges is about $4M. The eXch volume on this pair is almost half of that. Normally, on an exchange, if demand for a coin goes up, the price shifts to match supply and demand. Since eXch doesn't influence the price pair, that doesn't happen.

Another theory is that a large holder switched to Monero, or simply makes usage of this internal function as a mixer. eXch is really attractive for an anonymous entity. No KYC and supports Tor. It reduces some risks of de-anonymization by just sending and receiving bitcoin via Tor Browser, than to use a less reviewed, more complicated software like Bisq. (And it might be cheaper as well)

The service fee increase is a loss prevention mechanism of our exchange and usually only affects highly volatile coins, which in that case was XMR. Don't forget that we don't resell Binance like other swappers, so charging 0.5% which often causes a loss of our own reserves is not always an option.

The first service fee spike for XMR pairs was caused by OKX delisting XMR.

The second service fee spike for XMR pairs was caused by Binance attacking XMR by delisting announcement and price manipulation involving various techniques not obvious to most people (except ones who have been here enough to know how all this speculative market works and has nothing in common with tech)

As a service that provides its own liquidity for trades, we have to protect our liquidity from extreme volatily in order to prevent losing our capital.

If we increase a price by 5% 10% or 22% it means we only do it to protect ourselves from some factors currently affecting the coin's price and not to make extra gains.

We are barely able to make any profits even with a current 5% service fee but it's at least a good (and only) mean of protection against high volatility.

However, we are considering to keep 5% on selling XMR in future because our service is now used by many other services with a purpose of mixing, therefore it's absolutely inconvenient for us to work hard acquiring XMR then give it away for nothing to some other service that makes considerable gains based off our hard work acquiring XMR. Same for users who only use eXch for mixing their BTC through XMR - we don't consider it honest when some of them complain about 5% for the level anonymity they will take from our service without recurring to chaining their funds flow through different services that might cost them far more than just 5% (and who are often eXch's resellers).

I wonder why recently some pairs BTC-XMR for example charge 5% fees on eXch when just few months ago it was 0.5% fee ?
OP does all the pairs will soon be at 5% fee? or it will stay only for ETH-XMR BTC-XMR ?
It's sad this eXch was the best in the industry until it became overpriced just recently..

I understand i just hope this 5% fee will not apply to all the pairs in the future, and it is indeed for re-balancing the liquidity.

A price increase of 5% on XMR won't make us worse for sure, because first of all it's justified and secondly we are the only service offering a set of unique privacy/anonymity options and features.

And no, we do not plan to impose a 5% service fee to other pairs unless it becomes necessary, like it was/is in case of XMR.

I'd like to make a small comment / correction; Bisq has been around since December 2014, with over 200 contributors and also connects through Tor by default.
However, I confess that it feels a bit more complicated than an instant exchange running in the browser.

Bisq is one and the only truly decentralized exchange which we often recommend to our customers without any greed feelings, since our primary goal is not to make money but to defend some cypherpunk ideas instead.

However, Bisq comes with some privacy and useability issues not often convenient for some edge use cases.

  • Java has a very risky environment and is very resource-consuming
  • Bisq has no reproducible builds yet, so if you don't compile the project yourself, you have to trust its builders and pray they (or their hypothetical attackers) don't include malicious code into the builds you rely on. This is the reason many people isolate it using virtualized environments which also creates a big resource load overhead
  • Privacy issues related to reusing same identity - after a certain amount of trades a user can be tracked and even traced. Gladly you can at least change your identity fast currently, but I've heard that Bisq 2 will be based on a reputation-only model which potentially might make things worse in terms of privacy and hope that they will at least continue providing the current collateral-based model as an option

BTW,, have you tried contacting theymos about the old domain (user)name? I'm pretty confident he'll allow changing it to "".

Yeah, there were attempts to do so. Although theymos was not able to help at all, we were recently contacted by another admin who is offering some options related to username change which we are reviewing still.

I have been using L-BTC (liquid) and I would like to suggest you to add this 2nd layer solution to your services. I would certainly use it and I believe other members would use it as well.

Liquid network is a next project we will list and there is currently work ongoing.


Not that it's a serious matter at the moment, but I am just curious and thinking. Your profile is named after a one Sarah Nugent ( with probably her profile photo or perhaps a fake one. I don't know. Why Sarah Nugent? Is she a representative? I hope it's a fake.

If indeed she's a real person out there, don't you think this might endanger her, given how hell-bent law enforcement is towards services that resist their directives?


Not that it's a serious matter at the moment, but I am just curious and thinking. Your profile is named after a one Sarah Nugent ( with probably her profile photo or perhaps a fake one. I don't know. Why Sarah Nugent? Is she a representative? I hope it's a fake.

If indeed she's a real person out there, don't you think this might endanger her, given how hell-bent law enforcement is towards services that resist their directives?

The profile picture reminds me of something out of AI face generators particularly with the way it's awkwardly cropped 🤔

She was hired on Linkedin and informed about all the potential risks working with us, which she agreed to.

We checked her profile pic on and it told us she is a human:

She also has Twitter's blue check mark which means she most probably passed KYC.

However, we will for sure review all this information and let you know in the near future if there is anything wrong with that person.

Also, just a tip: take everything that happens on Twitter with a grain of salt including this particular reply in regards to her

I think and similar are way cheaper than mixers. People might be using it for privacy too.

2 facts, by the way:

1. Some people indeed use eXch as a mixer
2. Some mixers now use eXch as their backend


I've been using eXch since a few months and saw Blixt being recommended for LN usage. However I was never able to receive anything with Blixt from eXch because of expiration limit (and likely zero-amount invoice). For the record: A channel was already opened and transactions with other LN Wallets work in both directions.

Is it possible to use Blixt on eXch to receive LN BTC? If so it would be nice if someone explains how, but I understand that this is maybe too much to ask. If not, are there any good alternatives that can be used with eXch?

Thanks in advance!

We've been recommending Blixt for some time already ( mainly because they make a full LN node from a mobile device, however we will probably stop doing so temporarily because they fail to include their wallet to the main F-Droid repo nor seem to care about doing so, which is a huge security issue according to our assessment.

For now the only solid options we can recommend are Electrum or self-hosting a node.

However, for users who don't mind trusting .apk's built directly by devs there are for sure many good options available, but we don't want to take a responsibility of recommending them because of their security model not matching our high standards (Tl;DR: F-Droid or avoid). And of course, any suggestions are always welcome.

Is there scope or plans for adding any other stable coins options to eXch in the future? DAI and USDT are available on the Ethereum blockchain but are there any plans to spread out further say to TRC-20?

What d5000 answered above is still relevant and can be taken as a full answer. We are still hesitant on adding Tron or Avalanche. We don't trust both project founders and specially the latter.

5  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: December 12, 2023, 11:47:59 PM
What confuses me is entering the Refund address, which is not mandatory, but can be added later. However, during the process, I did not have the opportunity to enter it afterwards. Did I overlook it and why is it not mandatory? If a refund of the address was required, would I have to request a refund from support and what does that process look like?

The way it's designed is just a question of convenience and flexibility.

I will try to describe how it works in full in this brief FAQ:

How it works?

If you don't provide a refund address during the order creation process, you will be able to provide it later *if* and *when* it's needed.

The posterior refund address insertion can be only made when the page asks for it and it's a fully automatic process that doesn't require an operator intervention.

When a refund may be required?

A refund request state can be triggered in some situations such as:

a) your deposit took too much time to confirm and the amount you planned to receive was sent to some order that was quicker and drained the necessary reserve required by your order, since our system does not reserve output amounts in the "CONFIRMING INPUT" state for coins that may take a lot of time to confirm and are prone to double-spending *
b) your BTCLN invoice is unpayable
c) race condition with other order(s) that took your planned amount of reserve at the same time *
d) a node/wallet responsible for payout suddenly crashed or is not responsive *
and any other unforeseen situations.

* refund is optional in these cases and offered to a user in-order, since under these circumstances the order will turn into a backorder and await for a necessary reserves to be executed

Why is it optional during the order creation?

Some users prefer not to bother providing the refund address during the address creation, since mostly it's not required. Doing this extra step for providing a refund address during the order creation is viewed as time-consuming for some people. This is however their responsibility to keep their order's URL in secret and monitor the order to avoid a scenario when someone who they shared the order ID with would take a refund on their behalf, since any refund address can be entered if it wasn't defined during the order creation process.

Some users don't mind taking all the steps to fill all the fields during the order creation, which is a most safe mode of creating an order.

Every user has its individual views on the order creation process, therefore we try to cover all possible situations.

I always thought that Refund addresses were used only when exchanging XMR.

A refund can be provided for any currency.

What confuses me is entering the Refund address, which is not mandatory, but can be added later. However, during the process, I did not have the opportunity to enter it afterwards. Did I overlook it and why is it not mandatory? If a refund of the address was required, would I have to request a refund from support and what does that process look like?
If you did not include a refund address during the transaction process and there is a need for eXch to refund you, it would be sent to the address that you used to deposit the funds. In other words, if you fail to include a refund address, your deposit address becomes your refund address.

Your answer is mostly correct, except we do not detect origin addresses but instead offer a user to input it by themselves. However what you said still can be done under some marginal circumstances when a user needs to be refunded but we do not have any refund address on file and the user is not reachable for a long time, which in a such case would be a manual refund operation (except for Monero and LN deposits).

Is there some shortage of xmr at the moment?

Yes, there was for some days due to the amount of backorders totalling over 8000 XMR

Quote from: aliveNFT
Yesterday i translated exch ANN into Russian local board but it was deleted.. No idea why
Of course i left every single link and mentioned that this is only translate.
Perhaps because I did not coordinate with you, but I apologize in advance.
screenshot of guys that's sent me merit for translate.

We are very grateful to you that you have spent some time translating our topic to Russian, since a Russian translation is a very important asset that was lacking over there for a long time.

However we have no information on why your topic was deleted. Perhaps this should be addressed to moderators of the local board you have posted it in.


Turned out there is a whole thread in the Russian local board existing for some time already:

Special thanks to safar1980, klarki, Symmetrick and others for active participation in that thread. We have a very large russian-speaking audience across our customers and this is for sure a very valuable asset on this forum. Added it to the original post.
6  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: December 09, 2023, 03:30:23 PM
Service announcement: eXch Android app is there!

We are glad to announce the release of our fully open-source app for Android on the F-Droid main repository.

This is in fact the first app ever included into the F-Droid main repository that permits swapping cryptocurrencies.

Automatic reproducible builds permit making sure the build you run on your phone from F-Droid was compiled from the source code of the current release at Github:

While we call it a communnity app, this app was developed under official supervision of IT security specialists from eXch to ensure it corresponds to high standards in security.

Main features:

- Switching between our clearnet and Tor domains
- Custom native SOCKS5 proxy support for both clearnet and Tor domains (set to by default which is one provided by the Tor-enabling app called OrBot)
- HTTPS support and TLS fingerprint verification (both SHA256 and SHA1) for our .onion
- Written using the same framework as the official F-Droid app with minimal library dependency chain
- Ability to import orders created externally
- Ability to keep the orders history (including letters of guarantee)
- In-order support chat
- Supports most of the features available via website and API
- Fully open-source

You can support the main dev by donating:
BTC: bc1qv0klzuy8y50sq3u44dv96u5fyxdwz7pv08hxrd
ETH: 0x883a0cb1ffc22beec2840ec8650d3d297c05aaa4
XMR: 82r6JAbRCELbv11DBrfC29HsiXHQMe1QEZW3HYzhSTinhpSJTniVxPai2XFHCKfaiCMASm37EJeZq6v vE3U1B72M81Z4AW9

7  Economy / Service Announcements / Re: - a maintained list of mixers for backup and lookup purposes on: December 08, 2023, 02:11:00 AM
Vouching for OP and their project. A trustworthy person.

[irrelevant part deleted just because PrivacyIsImportant asked me to]
8  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: December 02, 2023, 06:48:53 PM
It looks like the fees are back to normal but that aside, it's probably best to support Polygon zkEVM rather than the POS chain at this point, this is where all the team's efforts seem to be going to. But I'm not sure if that's something you would want to do (now), since it's not really supported by CEXes right now.

Then there are news like that again make things complicated to be included in eXch, since we can't afford losing money to some scam network and because we are not some reseller of WhiteBit or Binance that wouldn't care which coins to accept by adding just another trading symbol to some API call. Decentralization in these PoS chains is subject to a strict review in our case, since we actually run a node for each network we work with.

Maybe it's possible to request for change name just for that one character 'c' into 'x'. Just a thought though.
[...] If they don't mind, i would like to know what Theymos' response to the request was, is it something he considers doing later or was the PM ignored.

The first request we sent to him asking to change our username was ignored.

The second request to unlock an inactive account (eXch) was granted, but it seems to me that it happened only due to icopress's close involvement to this question.

He seems pretty reluctant to grant them that wish. If he wanted, I think he would have done it by now, since OP had a genuine reason for the name change. They even gave them back control of the old account, but it has no activity.

We are planning to start a new topic in the Exchanges section (since we are a cryptocurrency exchange by a definition) by the end of this month using that brand new account.

I hope that, as you say, it's OP that owns this domain.

We don't. We obviously wouldn't let this page you showed in a screenshot to persist there. There are still ongoing attempts to get that domain back though.
9  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 30, 2023, 06:50:41 PM

I believe that in regards to the case you are talking about, everything that could've answered was answered already. There is little or no point to start a new round of questions that were answered previously.

The reason why I have mentioned that forum member yesterday's news related to a mixing service listed on this forum.

Also I have my own reasons to believe that account belongs to the actual agency, taking into consideration the same cybercrime investigation team behind that arrest not only works for FIOD, but also Dutch police which is known for communicating with end-users via various community channels, including spinning up dedicated .onion links for their operations. I am aware of every single operation that was performed by these two agencies and how exactly they performed, because all of that was publicly available during the past events and I witnessed everything myself.

For example:

[original at] [ mirror]

When the event that this screenshot represents happened, similar accounts were registered across some darknet forums throwing similar messages what FIODNederland left on Bitcointalk yesterday. These agencies are known for their non-standard community communication practices.

There is a live version of that site still: http://tcecdnp2fhyxlcrjoyc2eimdjosr65hweut6y7r2u6b5y75yuvbkvfyd.onion which is an actual site that belongs to Team Cyber Enabled Crime and Dutch National Police with valid PGP signatures.

I also believe that FIOD's department responsible for yesterday's takedown consists of the same members who were/are working for back in time, so it's all just different branding from the same entity, because the methodology involved is identical and they already have a circle of famous people working in this field. You can find many of them on Linkedin.

And by the way:

Are you against Tor?

No, the Dutch police and judicial authorities are not against the anonymous use of the internet, encryption or TOR. We only act when these techniques are being used for committing criminal offences.

This indicates that they are quite open-minded, therefore it wouldn't surprise me at all if FIODNederland is legit. The only thing that actually disappoints me in that quote is Tor written erroneously. Guys, it's Tor, not TOR, ffs.
10  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 29, 2023, 10:29:29 PM
And speaking of new coins/networks, are you thinking of one day adding the Polygon-MATIC network on eXch?
It could be a good addition, especially for USDT and DAI, the fees on ERC20 are just crazy.

We were planning to, but the recent gas spike events on Polygon ( made us reconsider adding it. What is the point of an Ethereum alternative if it's prone to high gas fees like Ethereum? Adding more Ethereum-alike chains for us add nothing but more risks. However, it's still possible to have it added soon or later.

I would rather see TRX and the Tron network in general, USDT (TRC20). It is quite fast and transaction fees are really low, also almost all services use it and have it implemented, I'm of the opinion that it could be useful.

We are generally skeptical in regards to any Justin Sun's projects, including Tron, but we will probably add USDT, USDC and ETH on Tron just for diversity.

Hey eXch, given the fact that it is almost end of the month, thus the date of November 16th passed for a while, I was wondering if you have a heads-up about what happened on that day?

However, did they address this issue? Or everything is still in limbo?

In regards to what happened on that day - I woke up and had some delicious coffee early morning then the rest of that day was great. Besides that I don't remember anything important happening that day.

We weren't contacted by any officials concerning this case at all. We have also added some extra security layers to our backend server's networking topology just in case ([insert "behind seven proxies" meme here]) and also added a failover backend server, since the income we had from fees last month permitted us to expand our infrastructure significantly. Therefore, in any case, if you see our clearnet site suddenly defaced by FIODNederland or some other agency, then I assure that our onion will continue working and we will announce a new domain here the same day.

11  Bitcoin / Bitcoin Technical Support / Re: Need advice on building a secure Bitcoin Node at motherboard foundation level on: November 27, 2023, 06:08:01 PM
Has anybody out there disabled the IME and if yes what motherboard model did you apply the Coreboot to? I ask just in case I end up bricking my Supermicro motherboard.
Haven't tried this specific board but I have experience disabling IME on a considerable variety of both desktop and server motherboards and the rule of thumb that applies generally is checking for two conditions:

(a) you need IPMI or any other OOB management options enabled, because disabling IME will break them since they depend on it
(b) your current ROM has Intel Boot Guard fully enabled by a combination of both Measured Boot and Verified Boot modes, which may result into a bricked board after removing IME unless it was done by toggling the HAP/AltMeDisable bit (which will still prevent you from flashing Coreboot)
(c) measuring whether you need Coreboot or running the vendor's BIOS with IME disabled is enough depending on the amount of closed-source firmware blobs Coreboot will require for your board to run (

It seems Coreboot lists your MB in which means they have found a workaround to bypass chipset's protection and properly sign the ROM, making it an exception for (b) and meaning it should work. Apparently they also report it as an officially supported board here therefore everything should work fine. The only question here is whether BMC will continue working or not if you disable Intel ME. It seems, disabling Intel ME doesn't affect BMC on Supermicro boards, according to, which is not the case for most boards from other manufacturers, according to my experience.

For devices not listed as supported by Coreboot, I recommend checking me_cleaner's report thread where most of the reported boards where ME can be fully disabled supposedly will allow you to flash Coreboot .

Does disabling the IME with Coreboot really make a Bitcoin Hub more secure? Or are there tradeoffs that actually make the Bitcoin Hub less secure after installing Coreboot?

1) Yes, if your threat model includes law enforcement or hypothetical 0-days targeting IME or your BIOS ROM. 2) No

Other questions were already fully answered by others.

Great points on considering RISC-V and ARM instead, although, in some cases efforts to disable IME and flash Coreboot on an Intel board might be advantageous. In your specific case, not sure if it's very advantageous considering CPUs your board supports are not extraordinarily performant (Intel® Xeon® Processor E3 v6 Family, 7th Generation Intel® Core™ i3 Processors), however if you don't plan to use virtualization and plan to run everything you mentioned within the same kernel space, it might be enough.

Also take into a consideration that most Coreboot-supported boards depend on a variety of closed-source firmware blobs which might be not less dangerous than Intel ME. For example, originally, Coreboot is a downstream of GNU Libreboot that had a very strict binary blob inclusion policy (none allowed), which changed some time after the RMS-related drama that lead Libreboot to become a downstream of Coreboot.
12  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 20, 2023, 05:28:19 PM
Recently we have launched an experimental feature of ETH/BTC swaps via the Avalanche Bridge...
Is there any chance for coins to get seized with AVAX bridge even if amount is lower than 5 BTC?

We performed a lot of testing sending our own high-risk coins in random amounts from 1 to 5 BTC multiple times and no funds were frozen. But this doesn't mean it won't change any soon. We are planning to remove Avalanche/ETH bridging bot once Thorchain/ETH bot and integration is fully deployed.

Please note that Thorswap doesn't make part of Thorchain at all and as it's just a privacy-hostile frontend for Thorchain, thus, eXch could be used as an alternative frontend to Thorswap (however, for now, limited only to the coins and tokens that we support).
This means we can expect support for more coins when Thorchain is added?


We also don't agree with the general idea that it's exchanges fault if "dirty" money flows through them. We think the root problem is that users who lose their crypto for some reason don't treat their crypto as cash. Someone losing 27$M in cash (or in crypto)
I don't know if this is connected but I heard from our local board that someone from Binance was kidnapped and robbed for millions of USDT in Montenegro.
This incident was later confirmed by CZ, but we know that someone tried to sell this USDT for cash  Cool

CZ's Tweet ( regarding the Montenegro incident is on 10th November. They talk about ~$12.5M in losses and USDT in the Tron network.

The 27$m incident seem to be happened  on 11th November and ocurred in the Ethereum network -

It doesn't seem they are connected, even that the second incident happened to the Binance's customer too. Here is also a communication we received from the Binance Security Team regarding the stolen 27$M:

One of our customers was victimized for $27m yesterday. The proceeds have been converted to BTC and some appears to have made its way to eXch. Could you provide data on the following to deposit addresses?


Please also blacklist these BTC addresses associated with the $27m theft. Thanks. @jwright100


The Binance's customer who lost 27$M had these funds withdrawn from Binance 6 days prior to the heist. The only way these two events may be connected (27$M from hack and ~$12.5M from kidnapping) is in case CZ lied regarding the Tron network and the overall amount. CZ lying publicly is not something rare though.

Hey and thanks for an excellent service. I have used your website to exchange BTC to ETH a couple of times! Cheesy May I ask a question tho? Do you think you will add Solana to your coin list at your website anytime soon?
(maybe this have already been said if so then I missed it sorry)

It is possible that Solana and some more popular currencies will be added, but we will await till the end of some hype trends first, because currently it's hard to tell whether Solana's popularity increase is natural or made up, but of course Visa's adoption is a serious step for it (but let's see if they don't change their mind?). We are also awaiting for more audits in regards to their code and network decentralization.
13  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 14, 2023, 06:37:12 PM
Your detailed response is great, as usual. I just wanted to point out that Trust Wallet is no longer open source, but closed source, and they have been closed source for a long time now. Their Github repositories are archived, and they have not be updated in years:


Good to know. Last time I visited their official website it was mentioning they were *fully open-source* but this wording was removed from their site recently it seems, however I wasn't up-to-date on this since I don't personally use such wallets.

Them stopping being open-source adds even more weight to my previous words about bad coding practices in Trust Wallet. I've mentioned Trust Wallet in a negative context because we were recently called to assist some investigation of a user who *trusted* that wallet and got their funds drained in the way that even a notorious security firm who investigated their case wasn't able to tell how exactly the private key was leaked. We have pointed out that they shouldn've used that wallet in a first place because it has a bad track history of its security, exposing users to funds drain.

Here is some quote from our response sent to them in regards to Trust Wallet:

Quote from: eXch


I would argue you weren't following the best security practices in this case, considering the wallet you are/were using has a history of critical security incidents in the past: (search for "Trust" on this page)

Normally, it's best to change your wallet provider immediately in a such event, to avoid any further incidents of a software with such bad security practices, because the team behind that wallet has proven they couldn't provide adequate security to their users.


And of course the funds trace was lost right after it reached eXch.

Ironically, I learnt about eXCH from a reply on that tweet indicate that eXCH is been using to launder money (

This is surprising, indeed. Good to know.
14  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 13, 2023, 11:22:12 PM

I am not saying that every trx should be monitored or logged, they can see if a crypto is coming from illegal source like hacked exchange assets or ponzi scheme address and if such crypto enter eXCH platform, least eXCH can do is refuse to process the trade and send the crypto to where it came from (-% fee). Or better to just donate the assets for a good cause.

All customers are equal for us as well as their cryptocurrency, since there is no way to tell whether someone is criminal on the Internet in the same way there is no way to tell whether a random person you see on the street is a criminal or not. We won't ever participate in the attack on Bitcoin's fungibility lead by taint-proclaiming services like Bestchange and their chain analysis friends. Due to a pseudonymous nature of cryptocurrencies like Bitcoin, there is no certain way to determine a source of some UTXO. One single hop of some UTXO to another address can be a sign that the UTXO has participated in some private (P2P) trade on this forum or any other place on the Internet. Same like cash. Once you receive a cash from someone, it turns into your cash and its source do not represent any importance anymore. Unfortunately chain intelligence companies don't do their job properly which results into unreliable data and misinformation across cryptocurrency communities. eXch don't trust chain intelligence companies and won't ever rely on their data nor discriminate users.

We also don't agree with the general idea that it's exchanges fault if "dirty" money flows through them. We think the root problem is that users who lose their crypto for some reason don't treat their crypto as cash. Someone losing 27$M in cash (or in crypto) apparently made a mistake of not securing their funds enough - same applies to crypto. We live in a reality where thieves exist and many times LE won't be able to help recovering a loss, so why making an easy target from yourself if you care about your money?

There are many ways to get your crypto stolen:

you use Windows OS for a crypto wallet and frequently install random .exe's - you are an easy target for malware
you use Google Play for installing apps on your Android that manages your wallet - you are an easy target for malware
you use closed-source wallets - you are an easy target for your wallet developers
you use open-source wallets that rely on bad coding practices (e.g. Trust Wallet) - you are an easy target for all kind of attack surfaces due to developers not caring about their users enough
you use SMS for 2FA - you are an easy target for SIM swappers
you pre-approve USDT for airdrops - you are a potential target for Pink Drainer and others
you are a NodeJS (or similar language) developer and don't verify what you install from NPM - you are an easy target for dependency supply chain attacks
you use and believe hardware wallets are ultimate security solution but forget to check if your OS has a clipper malware - you are still an easy target
you brag about your crypto wealth to strangers - you are an easy target for a 5$ wrench attack
and so on and on... List of bad security practiced by at least 50% of crypto users don't stop here at all. I can also elaborate on literally *any* of the above with real-world examples - just point me out any subject.

Please just treat your crypto as cash and think twice about its security, then the obsession with AML/KYC for crypto should calm down a bit. Don't listen to the governments that tell you "crypto isn't a financial instrument" but at the same time are trying hard to eliminate it from their way. Crypto is a financial instrument and it should be taken seriously like any other financial instrument.

And to be honest - you ask too much from a small exchange like eXch. Why not ask the same from other major CEX if you seek justice so much?

The presumed attacker 0x03C401...37E3 swapped the stolen $USDT for $ETH and bridged ~11.6K $ETH (worth ~$23M) to #Bitcoin via #Thorchain, and transferred a portion of these funds to various #CEXs, including #FixedFloat, #ChangeNow, #SideShift, #OKX, #WhiteBit, #Binance, #Kucoin and #HitBTC

As you can see, even major exchanges don't care about "dirty" crypto, so demanding this kind of "justice" from services like ours is unfair.
15  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 12, 2023, 01:58:39 PM
200 BTC throughput mark surpassed in our aggregation wallet pool just in ~1 month after its launch!

Add another 300 BTC monthly throughput in our mixed wallet pool (that can't be tracked publicly) making it ~500 BTC throughput in last 30 days. And this is without counting other currencies!
16  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 10, 2023, 02:53:50 PM
Isn't this an incorrect, even carelessly drafted statement, and therefore it is possible not to give an official answer at all and not to go to court on completely legal grounds? I mean, if they were interested in this, they should have made it clear, whom exactly the addressed to.

That's correct. We have already requested clarifications from them but no reply was provided to us. I must also mention that going to any court physically is out of question for us since our team is currently located on a desert island which was the closest habitable location after a boating accident and there are currently no transportation options available for getting to the mainland. Thanks satellite broadband and autonomous energy sources we will be able to remain here for some time. It's a nice place after all.
17  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 09, 2023, 10:27:50 PM
Oh -- I understand. Perhaps after November 16th you can share some more details about how things took course at the Court? (Obviously, only if the situation will allow you to do it).

In that particular case it should become available publicly after conclusion, but if we have anything earlier from our lawyer we'll share it. At this time it's not even clear whether they addressed their request correctly, since our legal company name isn't specified in the request. They have addressed a court order to a string "" which makes unclear whether it was addressed to a domain name, a website, a host or someone wearing a T-shirt with "" written on it.
18  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 07, 2023, 03:08:08 AM
What happened during previous Court orders? Did you present there? Did you come with a lawyer...? Did a lawyer go there in your name...? Care to share more details about what happened in the previous situations?
Similar, now... are you going to user a lawyer's services for this order?

Answering all your questions would reveal some business details containing information that should remain off-the-record at least till the current subpoena is cleared. However, I would gladly answer your questions via private E2EE communication channels.

I'm curious as to what's the motive behind adding RUNE? Are you planning to implement Thorchain for cross-chain trading for all pairs? or just RUNE ones? I also want to know, if you're going to use Thorchain directly, or simply use Thorswap?

We consider Thorchain's native token (RUNE) a reliable coin since its network brings a lot of benefits to the cryptocurrency ecosystem.

Recently we have launched an experimental feature of ETH/BTC swaps via the Avalanche Bridge, since we had some requests from users who have volumetric ETH/BTC swap requirements that eXch couldn't satisfy and since the Avalanche's Bridge can only be used from a privacy-hostile app called 'Core', we have enabled this optional functionality for them to provide 'rails' that automate the whole process of swapping between native BTC and ETH via Avalanche Bridge. During the development of that feature, we have found out that the Avalanche Bridge is far from being decentralized and that their nodes responsible for bridging BTC and ETH are closed-source and are fully controlled by Ava Labs. We have found that Ava Labs have implemented AML screening ( in their BTC and ETH bridging mechanisms that are used to selectively stop certain coins from bridging in order to confiscate these funds (or traditionally speaking - to scam their users). We have also found that they have already confiscated 85 BTC from someone without returning it ( and out of curiosity reached that victim and chatted with them about this, confirming that their 85 BTC are still being held by Ava Labs without any reason. After creating a disposable Discord account just for research purposes since such communities reside there, we have found that there are more victims who lost their funds to Ava Labs selective scamming. This made us wonder whether providing Avalanche Bridge on our service was a good decision and afterwards found out that their AML screening mechanisms do not affect amounts below 5 BTC, which we have implemented as a limit for these. However, later we have found that there is another network that provides native BTC/ETH swaps with considerable liquidity - Thorchain. After a rigorous research performed by us, we have concluded that it's truly decentralized and makes Avalanche Bridge obsolete, since Thorchain's native swap functionality makes part of the network consensus and its code is fully open-source. We have since decided to replace the Avalanche Bridge rails we provide with Thorchain which will be released this week. We have also found Thorchain useful to rebalance our own liquidity when needed without relying on unsafe and unreliable Web3 ecosystem and codebase that is constantly exposed to dependency supply chain attacks.

Please note that Thorswap doesn't make part of Thorchain at all and as it's just a privacy-hostile frontend for Thorchain, thus, eXch could be used as an alternative frontend to Thorswap (however, for now, limited only to the coins and tokens that we support).

Maybe, unless you have some weak link and leaks from inside your team Wink
I hope nearly impossible is good enough, since we know you are facing powers with unlimited financial sources on the other side.

Our opsec is much better than Bestmixer's, Chipmixer's or Whirlwind's altogether and we haven't made any mistakes in our opsec any close to such were made by them, apparently from the beginning of their existence, as some court data and other events revealed about some of them afterwards. eXch is run by people specializing in infosec since around 2000 that are also cypherpunk culture adepts that follow military-grade standards and guidance to protect their projects digitally and physically, therefore, it's very unlikely that our platform will be smashed due to rookie mistakes similar happened to the platforms I mentioned and some others I didn't. There is always a lot to learn from every privacy-oriented service shutdown (including darknet markets) and we are certainly not next.
19  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 05, 2023, 01:29:51 AM
Have some of the previous processes already been concluded or are they still open?
If they were linked for similar charges, can we know the epilogue? Guilty, innocent, some specific penalty or what?

eXch was not charged with anything up to this date. We got one subpoena from a court in Germany 3 months ago and another one from U.S. Secret Service delegated by a court 7 months ago. We weren't notified about any outcome. It indicates that the cases were either archived or are still being elaborated. In any case, these orders assume requesting data from us in a role of a service provider, not the heist originator, therefore it's doubtful they will come with any enforcement action addressed to our service at all since our service is not even USA/Germany based, nor we have any entities that could be exposed to extradition risks.

Apart from that, we had many other requests this year coming from different police departments around the world related to cybercrime investigations.

No data was disclosed from our end to any of these.

We are also working on creating a /transparency section at our website that should be live this month where we will publish each received LE request.

We are very proud to be able to fight for the cryptocurrency neutrality and provide resilient services aiming to countermeasure censorship.
20  Economy / Exchanges / Re: eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20 on: November 03, 2023, 11:32:20 AM
I don't know why the sensation is that the subpoena is not such a big deal but I am worried about eXch. What will you do? Are you going to face them on November 16th...? Or... are you going to be absent and see what happens...?

Besides, I see in that paper that it's stated that it should not be made public... What if they will find about the post from the forum?

Is it a big deal for mixers who certainly received many of them already but without a public disclosure? You know the answer, therefore the same applies here. I have purposely linked this post in the subpoena post to demonstrate that it's an ordinary situation for us to handle, however, I will quote the relevant part from that post here:

Now, in regards to law enforcement requests:

eXch was built with an idea to make operators identity disclosure practically impossible so the service can be resistant to law enforcement. Operational security was our priority #1 from the first steps of the project creation.

We have very strict data retention policies that can be compared to most mixers on this forum. We do not log IP addresses (having .onion domain is a proof for that) or any other user metadata and delete order database records 15 days after order completion. We also provide users with an option to request data deletion immediately after order completion which can be done by pressing the "Delete data" button at the order's page (you can find more information at

Keep in mind that we don't differ from any mixer on this forum in regards to risks associated with unwanted data disclosure, since any mixer is also a centralized entity that uses the same database technology as we do and a single database can become a weak point of any service anytime, independently of how many times their marketing speech repeats the words "privacy" and "anonymity". We don't use these words much and instead we use full disk encryption on all our servers to prevent any unwanted situations as much as possible. An unexplained reboot of some server is a sign that a server was compromised and it's a clear attempt to compromise our LUKS keys with a modified bootloader.

We do not cooperate with law enforcement nor have to do so, since we are an anonymous entity that works with cryptocurrency only. A few events that could serve as a proof:

In the first half of 2023, users deposited a total of 9,983 ETH (approximately $17.72 million) into eXch, and deposited a total of 6,608,354 ERC20 stablecoins (approximately $6.6 million) into eXch.

(Note: they were only able to gather these statistics on the Ethereum blockchain, since we use a single aggregation address 0xf1da173228fcf015f43f3ea15abbb51f0d8f1123 for all Ethereum & ERC-20 exchange operations)

Note that it's not the first subpoena we have received and published, nor it it will be the last, since we know how to handle such situations. You shouldn't worry about eXch, but should worry about mixers instead.
Note also that Twitter discloses subpoenas to their affected users independently whether there is a gag order or not, because it's their company policy:

[Twitter link] [Nitter link]

Our policy is to do the same, except producing information related to exchanges since we don't have it nor obligated to have it, because we do not operate with any financial instrument according to the current legal definitions of cryptocurrency.

Other than that, eXch please don't forget about my previous post, in case you missed it.

I am fine with all kind of translations in case there is some interest in doing so. This is a community after all.

Pages: [1] 2 3 4 5 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!