Hello eXch mod - please refer to this post. I’ve had $211,000 of my funds stolen yesterday and the scammers sent it to your exchange
[...]
Our email is
support@exch.cx but I recommend contacting the "SEAL 911" team from
https://securityalliance.org - a non-profit organization consisting of many volunteering entities and organizations specializing on blockchain analysis that have promised to provide free help and guidance for crypto heist victims. They will for sure provide you with all the necessary assistance for your case. Just a friendly tip - avoid Josh_CB from Cryptoforensic Investigators because he is toxic and incompetent.
Hm good timing ... or maybe bad dunno, but I have a question about freezing/frozen crypto because of
this (eXch being used as exchange in FixedFloat breach according to beincrypto). Even if untrue it piqued my interest in regards to frozen crypto.
1. (to anyone): How does freezing crypto even work?
2. (to anyone): How effective is it?
3. (to eXch): Did you suffer any loss, because of crypto freezing?
4. (to eXch): Is there any special treatment in place if it comes to your attention that fraudulently gained crypto goes through eXch?
These questions are out of interest and are not meant as subtle arguments for whatever (given the previous post I feel the need to clarify).
It's true (in regards to FixedFloat funds).
1. Any custodial service that holds your crypto has full control over it thus can freeze and confiscate the funds. This concerns custodial wallets, centralized exchanges, smart contracts with freezing capabilities owned by centralized entities (such as Tether's USDT and Circle's USDC), cross-chain bridges (such as Avalanche Bridge that confiscates "dirty" BTC and ETH) and even some rogue cryptocurrencies (i.e.
https://github.com/bitcoin-sv-specs/protocol/blob/master/updates/confiscation-transactions.md).
3. No, since we have never froze any crypto nor have any technical capability for doing so.
4. We have never encountered such situations before, so we currently have no protocols for such proceedings. We are also not a financial institution nor possess any money transmitting license due to the fact of operating with something called "cryptocurrency" that is not considered or recognized as a financial instrument by the most central banks, therefore not required to implement any. If Lagarde publicly admits crypto is a financial instrument, then maybe we will reconsider this, but until then we see no reason for even bothering for these concerns.
I had a problem with a swap XMR>BTCLN (order #xxxx341bcb9) and haven't got my coins, I've asked for help hours ago in your chat without any answer. I've opened a support ticket too (xxxx53f1afb56c) and I'm still waiting for an answer. Could you please tell me something? Thank you!
Yes, thank you, everything ended up fine. A refund form came up on their page without anyone contacting me previously. I've requested the refund and I have my money back now.
This *inbound* thing is exasperating. How can you prevent this from happening before doing the actual transaction?
Yes, that's right. According to this guide Electrum shows you the available capacity to receive funds. I'm using Coinos and it seems there is no clue about that value.
Coinos node doesn't appear to have the effecitve peering scheme for optimal routing and we had no routes to Coinos earlier but after this incident we have opened a direct channel with them:
https://1ml.com/channel/923451228984246272Payment of their invoices shouldn't fail anymore.
Since we got a bit more confident with LN lately and now have better understanding of its possible edge cases that might cause security risks for us, we will soon optimize LN payment response handling so customers won't need to wait for these errors to be reviewed manually by our team.
Why does the IRS ask you to provide data that you don't collect?
They haven't asked for any data type in specific: "[...] Please provide
whatever records you have for [...]"
[...] This is an ongoing war.
Can confirm.
It's quite ironic that someone with power makes a reference to Bitcointalk.
It reminded me that some time earlier, some SlowMist rep explained to us that they refer to our service as a "mixer" in their annual reports exclusively because of what we post on Bitcointalk. L. O. L.
Apart from that, I always was quite sure this forum is frequented by state officials. Take for example FIOD (NL), who even have an account here.
At this rate, I am pretty sure they might end up writing to the forum administrators to try any reveal any information about, or perhaps they have tried already
I read somewhere before of theymos' posts regarding of his thoughts if US authority asked about the details of someone (account) due to legal things. Well, he will willingly follow it since the forum is based in US and has its jurisdictions. So it's really possible.
I have decided to provide this data voluntarily in order to help flatten the investigative curve a bit so they don't have to bother theymos.
i have some issue on an ongoing order.
i have sent an amount of XMR and the status still remains " awaiting input " i cant double check as my wallet provider doesnt save private tx to proove it was sent. so i ask you to help me by checking if it arrived on your end or provide me the view key of the deposit adress so i can check where the problem is exactly
my order id is xxxxxxxxdf7ee
thank you
After communicating both via support tickets and emails today with this user, turned out they have used xmrwallet[.]com as their wallet and the destination XMR address was hijacked during sending, so their funds went to some other direction but not to the correct eXch deposit address. This was done either by the mentioned wallet itself or by the buffer clipper malware their OS is probably infected with. Also there are other users who had issues with that wallet earlier
https://github.com/monero-project/monero/issues/8440#issuecomment-1186785857We have also verified that the view key they provided didn't match the output corresponding to the correct deposit address.
Unfortunately, it's not the first time someone being a victim of such circumstances among our users. We have some wallet recommendations here that are relatively secure wallet options:
https://exch.cx/faq#wallet_security_recommendations (Blixt wallet will be removed from this list during a next engine update for ignoring our multiple requests to provide updates on F-Droid inclusion)