Can you tell us what is going to happen with .cx domain in future?
Having .net domain as main one is a good thing, but I think you should keep alternative domains also, to avoid scammers purchasing them later.
We possess more than 50 domains in different zones for exch.* in our Namecheap account since the day exch.cx was purchased. It didn't prevent phishers from finding ways to buy other domains for typosquatting and other kinds of attacks.
It's worth mentioning that exch.cx became indexed for the "exch" request only after eXch appeared on mainstream media channels, despite having very high popularity on Bitcointalk for a constant 3 years before that. Bitcointalk is not being indexed well by the search engines for some reason, and some categories are even shadowbanned on purpose.
Additionally, the most common scam propagation vector turned out to be phishing domains in Tor search engines and mentions by darknetbible[.]info and monero[.]forex rather than other types of phishing. Thus, it's clear that just purchasing domain names wouldn't prevent successful phishing attacks, nor can many attacks be prevented by the target project either.
There is a whole industry of so-called whitehats that pretend to "make this space safer"; however, we have never seen any of them reporting eXch phishing domains.
Can you please clarify this?
Please specify what you would like to have clarified. We find the original wording clear enough already.
Are you going to add some new stablecoins instead or no?
If there are stablecoins that (1) don't contain backdoors in their smart contracts allowing seizing users assets directly AND (2) are reliable, then yes. Up to this date, we are not aware of any besides DAI; however, we are always glad to have users send recommendations and suggestions to us, so feel free to do so.
Is that enough?
I don't think so. Wouldn't it be better to only respond to legal requests from the courts? Or at least to transactions of more than 3 BTC. This way, you would protect more customers from legal repercussions.
There are a lot more issues than just court orders, and they seem to be the least of the problems we have at this moment. The actual problem, if you followed our past announcements, is a group of malicious people pretending to be security researchers, attacking our exchange with defamation and trying to convince U.S. and EU agencies to take action against us. If you haven't yet, please read our past announcements to get more into this subject.
I hold gmaxwell in high regard, although in this case the feedback doesn't look very convincing. But I'm no expert on coding, which is why I'm curious to see OP's opinion on it (which I also hold in high regard).
We take the side of the MMGen project creator on this question and agree that gmaxwell has overstepped his authority. Greg's post was highly exaggerated, as he tried to use his influence to cast a shadow on MMGen just because the guy was advertising it on IRC, and besides some minor incoherence in his statements on the README that were corrected right after receiving the critique from gmaxwell.
It's always worth mentioning that we also use IRC and have observed unfair behavior by Greg there regarding others a few times. Thus, despite his great contributions to Bitcoin and almost undebatable reputation, it's always good to do your own research before relying on any opinion.
We have reviewed the code of MMGen and see no reasons not to trust/use this project. We are also going to make use of it in our open-source project that will be released on GitHub, which will allow creating and operating exchanges like eXch without coding experience.
Your mixed and aggregated pools are for bitcoin only. What about other assets that your exchange supports? For instance, ether and USDT. What risk score is given to these coins that come out of your address now, particularly after the Bybit hack and the tag visible above your address on Ethetscan? Has it affected eXch in any way?
Yes, it affected our address score, thanks to targeted organized defamation attacks on us by a group of nefarious individuals pretending to be blockchain security researchers.
On Elliptic, TRM, Chainalysis and other reasonably reliable platforms, our Ethereum address score has changed from medium risk to high risk; however, it maintains the tag "eXch.cx" with a category of "Exchanges."
However, there was yet another factor: targeted attacks by malicious AML platforms such as AMLBot (aka PureFi), which attributed a false "stolen coins 100%" tag to our addresses even before the Bybit hack. However, the AMLBot's (PureFi's) score only affects users of: (1) WhiteBit, (2) Cryptomus, (3) Heleket, (4) Railgun (
source [uses PureFi aka AMLBot]), and (5) BestChange exchangers, because no other projects in this space currently use AMLBot for risk score monitoring.
Gladly, this won't be a problem anymore, since we have stopped sending ETH and BTC from our static addresses; thus, it won't be a problem for our users. We are only sending stablecoins from our static address on ETH; however, once we delist USDT and USDC, we will be able to operate on dynamic addresses for DAI too.
any update about last PRESS RELEASE?
We have been contacted by many mainstream media journalists who asked us to confirm our statements via email.
Has the New Jersey court notified your team that you are required to freeze part of your bitcoins?
Yes, however, it was not technically possible to satisfy their request because we had/have no Plaintiff's Bitcoin in our possession.
No.
If not, it's probably best to change the wording to "invoice" rather than address? I'm getting this is the error I'm getting when I'm trying to use a lightning address:
There is a problem with this operation:
Invalid Lightning invoice provided.
Please enter a new address:
We are not going to do that change, because the standard payment "address" for LN remains to be an invoice.
Lightning "addresses" is a non-standard part of the Lightning Network architecture that requires a wallet to make HTTP requests to get an invoice. Many users don't understand privacy risks associated with this protocol, since once a wallet makes a HTTP request to a server, their IP address becomes automatically exposed in case they are not behind a VPN or a Tor proxy/gateway.
We won't implement this specially because our server would require making GET requests to third-party HTTP servers, that are often behind Cloudflare and other Tor-hostile configurations, which may result into our HTTP client that operates through Tor to be rejected resulting into failed URL->invoice conversions.
All you need is just to ask for the normal invoice instead from your suppliers/friends in order to use it with eXch.
