Marian Muller's recent article for Caudena presents a strong critique of eXch, labeling it a crypto mixer and accusing it of enabling large-scale money laundering, particularly in connection with the Bybit hack and North Korea’s Lazarus Group.
Marian Muller from Caudena (
https://caudena.com/exch-analysing-the-infrastructure-of-north-koreas-favourite-mixing-service)
While her investigation is detailed, several of her arguments are misleading or based on misunderstandings about how privacy services and exchanges actually operate. Let’s break down her main points and where her reasoning goes astray.
Mislabeling eXch as a Mixer
Muller repeatedly refers to eXch as a “mixing service,” arguing that because a significant share of its users swap funds between chains and back, this is evidence of deliberate obfuscation. However, simply accepting funds from mixers or facilitating cross-chain swaps does not, by itself, make a service a mixer. Mixers, by definition, pool and shuffle funds to obscure origins and destinations
Exchanges—especially those focused on privacy—may process funds from a wide range of sources, including mixers, but that does not mean they themselves are operating as mixers.
Moreover, privacy protocols and mixing services are not illegal in many jurisdictions outside the United States. Many users rely on these tools for legitimate privacy reasons, not just to hide illicit activity. Muller’s analysis overlooks this nuance and unfairly paints all privacy-centric platforms with the same brush.
Overstating eXch’s Role in the Bybit Hack
Muller claims eXch actively facilitated laundering of the Bybit hack proceeds and refused to cooperate with Bybit or law enforcement. While it’s true eXch processed some of the stolen funds, the actual share was a small fraction of the total—about 90,000 ETH out of 401,346 ETH stolen.
The majority of the funds moved through a complex web of centralized and decentralized services, not just eXch.
Further, Bybit CEO Ben Zhou confirmed that eXch was just one of many platforms used by Lazarus, with most funds laundered through decentralized protocols and bridges. Muller’s focus on eXch ignores the broader reality: Lazarus Group leverages dozens of services, including Thorchain and cross-chain bridges, to obscure funds. It’s also important to note that eXch’s refusal to cooperate stemmed from previous disputes with Bybit, not necessarily from a desire to protect criminals.
While one can criticize eXch’s lack of KYC and transparency, labeling it as the primary enabler of the hack is an exaggeration.
Misunderstanding Privacy and Regulation
Muller’s article frames eXch’s adversarial stance toward regulators as proof of criminal intent. In reality, debates around privacy, regulation, and user rights are ongoing in the crypto industry. Many privacy-focused platforms push back against what they see as overreaching surveillance or “elitist” industry practices
This is not the same as openly supporting criminal activity.
Her argument that eXch’s use of Thorchain and refusal to implement compliance controls is unique or especially dangerous also ignores the fact that many decentralized protocols struggle with the same issues. Even centralized exchanges have been used by hackers and launderers in the past.
Questionable Use of On-Chain Analysis
Muller’s team claims to have tracked and clustered eXch’s transactions across several blockchains, concluding that most activity is mixing rather than legitimate swaps. However, on-chain analysis is not always definitive, especially when it comes to distinguishing between privacy-seeking users and criminals.
The same patterns she identifies—swapping funds across chains and back—are used by both regular users and bad actors. Without additional context, it’s misleading to claim that most eXch activity is illicit.
Ignoring the Broader Context
Finally, Muller points to other privacy tools like Railgun, Chainflip, and Wasabi Wallet as examples of platforms that have implemented compliance controls. While it’s true some have taken steps to block illicit funds, this is not universal, and the debate over privacy versus compliance is far from settled. Suggesting that there is “no room” for platforms like eXch ignores the legitimate privacy needs of many users and oversimplifies a complex issue.
In summary, while Marian Muller raises important questions about privacy and accountability in crypto, her article overstates eXch’s role in laundering, mislabels its core business, and fails to appreciate the broader debate around privacy tools. Not all privacy-focused platforms are criminal enterprises, and not all cross-chain swaps are mixing. We need more nuanced, fact-based discussion—otherwise, we risk undermining both user privacy and the integrity of the industry.
Key Takeaways:
eXch operated as a privacy-focused exchange, not a mixer.
Its role in the Bybit hack was minor and isolated.
The shutdown resulted from regulatory pressure, not proven misconduct.
Critics like Muller risk stifling innovation by equating privacy tools with criminal enterprises. As eXch stated, “good journalism is about high standards of source verification”
—a standard Muller’s article fails to meet.
Thank you,
Trêvoid
