If you've used Exolix via Edge, Monerujo, Exodus, or BTCPay in the last year and a half, your swaps are probably in someone's database
A serious broken access control in the Exolix API was discovered. Partners who integrate Exolix receive API keys, which are often hardcoded in applications or public repositories, and are not scoped, giving full access to the history of all transactions of that partner.
By using these keys, anyone can dump the complete swap data via the endpoint
That's what happened, 355,944 transactions (January 2025 – May 2026), total value ~39.5 million USD
Dominant currencies:
Monero (XMR) is by far the most represented, especially in pairs with BTC, USDT, ETH, and LTC.
Source:
https://www.rastersec.com/blog/exolix-swapper-dump
