eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20

[dkbit98]

Finally!
Bitcointalk administartion is getting older and slower, but they get things done. 

Will post on other updates/changes/answers later.

Any updates or estimates for adding Liquid network assets (L-BTC and L-USDT)?

Will you also create a vanity .onion name? Something that's easy to remember (partially) and very hard to reproduce. I think the way to do this is generate many vanity .onion domains, and hand-pick one that has "something extra" that rolls off the tongue nicely.

That's a good idea.
This could make it much harder for scammers to trick users with fake onion links.

[1714488022]

1714488022

[1714488022]

1714488022

[1714488022]

1714488022

[paid2]

You can join the third Raffle and try to win a Custom eXch Cryptosteel Capsule!  

[FREE RAFFLE] - Custom eXch Cryptosteel Capsule (#3)!

[GazetaBitcoin]

You can join the third Raffle and try to win a Custom eXch Cryptosteel Capsule!

Thank you paid2 and eXch for another raffle! For more visibility, the raffle was announced in Romanian board too, in a topic dedicated to such announcements, but also in the translation of OP.

Good luck to all participants and many thanks for these prizes!

[eXch]

We have released a publication of a full coverage on the phishing situation.

Who is Animesh Roy and how he scams people.
The journey from a sophisticated phishing scheme to bribing an anti-phishing resource DARK.FAIL.


Available at https://anir0y-scams.info


Tor mirror: http://xxkdkmhcrw7mug2nhtorvsusrydoqtfxggeu3rxcxglh3jk7ltmlmeqd.onion

(This format because it's quite a long read with many details and screenshots to make it as a forum post, but I might eventually make a mirror of it in this post later, unless somebody else wants to do it)

[sabotag3x]

unless somebody else wants to do it)

Done:

Who is Animesh Roy and how he scams people.
The journey from a sophisticated phishing scheme to bribing an anti-phishing resource DARK.FAIL.

These are summarized topics this article will talk about:

• Earlier phishing targeting eXch (a cryptocurrency exchange)
  
• Gathering information and links
• Making relational connections between the found resources
• Who is Animesh
• How and who Animesh is "pwning ⚡ at work!" and what is that work
• Reasons to believe this "security researcher" is behind this operation and his obsession with phishing in his other blog articles
• SWP[.]CX appearing at various websites belonging to Animesh - dark[.]taxi, darkneteye[.].com, 2 github repos and some others
• DARK.FAIL accepting the bribe to list SWP[.]CX
• Why DARK.FAIL will regret and what is 5 BTC for India given that this guy will scam-exit briefly

Around 5 months ago we (eXch) were contacted by a customer who lost 1 ETH to an unknown at that time phishing scam targeting eXch.

	Open in full resolution	Open in full resolution

The customer was unable to provide any details on how he ended on that URL nor he provided us with a text version of that URL, since he was very upset by the situation leaving the chat quickly after giving as little as a screenshot with some information like his OS and device. Since the screenshot contained an incomplete URL, we had hard times finding it since it was not indexed by any clearnet search engine.

After some time spent on searching that URL across various .onion indexers since it was our best guess of the most realistic attack vectors, we were eventually able to find the full malicious domain name:

hszyoqnysrl7lpyfms2o5xonhelz2qrz36zrogi2jhnzvpxdzbvzimqd[.]onion (NOTE: this is a malicious domain name, DO NOT USE IT)

which is a typosquatted .onion imitating our original HSv3 domain:

hszyoqwrcp7cxlxnqmovp6vjvmnwj33g4wviuxqzq47emieaxjaperyd.onion


Open in full resolution

We have messaged all the affected indexers and most of them removed the malicious URL from their resources and we went all happy to the new year thinking it was the end... while it was just the beginning!

From January to February we had at least other three victims scammed that was a ground to pin an announcement at our .onion domain in regards to phishing and how to reliably find our .onion URL.


Open in full resolution

Then this month the shocking event happens - dark.fail lists some "crypto swap" website with a domain registered less than 30 days ago appearing out of nothing ripping off completely the web-design of eXch and even having its clearnet domain in the .cx top-level DNS zone suggesting that this new "project" is a blatant copycat of eXch.


Open in full resolution

Many emails sent from us, our customers and just mere observers to dark.fail's admin who ignored 100% of the emails concerning this new project for at least week, since dark.fail is quite a well-known resource that is used by many people that wish to avoid ending on malicious phishing .onion URLs.

The complete lack of the official response from dark.fail surged many rumors and guesses: "dark.fail hacked" (again), "dark.fail scammer", "dark.fail bribed", etc...

Specially the "bribe" part, since dark.fail also states the following:

"[...] dark.fail is supported by our users. No sites pay for placement or advertisements, no affiliate links have or will ever be used. If this resource has helped you please consider sending a contribution. [...]

which turned to be a complete lie, but that will be covered by another part of this publication.

Back to the new-rising star SWP[.]CX listed by dark.fail, promising a bright future to many with their innovating "PGP-signatures" (or simply Letters of Guarantee), non-KYC exchanges and privacy/anonimity (while using Cloudflare and Protonmail in order to voluntarily provide all the customer data to federal agencies in an automatic way)

Just by taking a brief glance at that SWP[.]CX website that originally was a 95% copy of eXch and rebranded after their domain was suspended once, we have also discovered some obvious problems such as the website accepting invalid Bitcoin addresses for order creation without any further verification which almost always indicates that the website's objective is to take the money by any means without caring about its service quality (which is also an ideology of an average scam).

A simple Google search for their clearnet domain did not reveal anything but 3 results just a week ago:

• Their website (SWP[.]CX)
• dark.fail
• A Github repo https://github.com/tarpetra/welcome-to-darknet performing commit poisoning by commiting garbage every minute with 100000+ commits, ~1500 botted-stars and the phishing .onion targeting eXch which this article mentions earlier: (hszyoqnysrl7lpyfms2o5xonhelz2qrz36zrogi2jhnzvpxdzbvzimqd) (NOTE: this is a malicious domain name, DO NOT USE IT)

This find of a random Github repo listing SWP[.]CX was absolutely shocking and surprising because for a such freshly registered domain name as "SWP[.]CX" and poor Google results it would be already something proving the involvement of SWP.CX to the previous phishing scheme targeting eXch, but we have digged it a bit further in an attempt to link all the dots together.

After performing a Google search for some of the phishing links hosted by that repo (including one targeting eXch), we got two interesting results persistent across various searches:

• https://github.com/vtempest/dark-web
• https://classroom.anir0y.in/post/blog-tor-darknet-links/

The first github repo by `vtempest` seems to be something called "DarkNetEye" which claims to have the clearnet site https://darkneteye[.]com (registered on 2023-04-29 via Njalla/Sarek and IP behind Cloudflare) with one of the commits adding 2 phishing links targeting eXch and Majestic Bank simultaneously on Sep 1, 2023: https://github.com/vtempest/dark-web/commit/0582721f3e632a39d650bc187276a7a9d343e6b7 (they also add Coinomize phishing URL in another commit)


Open in full resolution

The second blog post from Oct 2, 2023 by someone named Animesh Roy linking to the previous github repo's website and claiming "DarkNetEye" to be the "one of the oldest and most established darknet news and link portals which is used by thousands of people every day to access the darknet safely" which is a lie since there was never a project called "DarkNetEye" ever existing before this blog article, but instead there is some project called "DarkEye" which only exists in Tor and has nothing in common with "DarkNetEye".

Right after the first quoted sentence from that blog comes another sentence "These are a selection of the most popular darknet markets and services which are currently listed on our platform:" with that "our" suggesting the "DarkNetEye" ownership belonging to the blog's author Animesh.


Open in full resolution

And of course right after all this wording comes out the famous phishing URL targeting eXch in its all glory, once again (hszyoqnysrl7lpyfms2o5xonhelz2qrz36zrogi2jhnzvpxdzbvzimqd) (NOTE: this is a malicious domain name, DO NOT USE IT).


Open in full resolution

So let's take a deep dive from here now - who is Animesh Roy (anir0y) ?

	Open in full resolution	Open in full resolution	Open in full resolution

Just from a glance at his blog and other profiles around his socials, everything suggests that this guy from India is a self-proclaimed security researcher doing lots of hacking (in a whitehat meaning of the term, but only for now), describing himself "10+ years in Infosec Domain", "Scripting in my square time, pwning ⚡ at work!" at his Github page.

Looking at that blog author's articles he seems to be fascinated by phishing which is definitely one of his main scope in his "10+ years in Infosec Domain" studies:

• https://classroom.anir0y.in/post/blog-types-of-phishing/
• https://classroom.anir0y.in/post/smshingintro/
• https://classroom.anir0y.in/post/bitly_url_shortner/ (article on favourite phishers instrument Bitly that he also uses everywhere around his blog)

	Open in full resolution	Open in full resolution	Open in full resolution

While his actual work remains unknown to us since his "work" websites and link lead to himself in a loop, his self-description of how he is "pwning ⚡ at work!" suggested to us that his actual work might be related to actual phishing. Any person with a common sense would already start noticing the following:

• his blog article claming that "DarkNetEye" being his (aka "our" as he mentioned) platform listing at least 2 phished resources
• his interest in phishing as a "security researcher" that apparently takes a big part of his attention (this is not only given the blog articles above but also some repositories in his Github repo and those who will follow this writing will definitely find them)
• his negligence as a "security researcher" to not verify the links on his "DarkNetEye" project mentioned in his blog post

Of course, anyone claiming to be a "security researcher" and specially interested in phishing would verify the links before publishing anything in their post, since making a blog post as a security researcher that contains phishing links might immediately destroy one's reputation and flag a "security researcher" incompetent for the rest of his days.

One may suggest that he was paid to publish that blog article and the guy is innocent, but then even specially here for someone having "10+ years in Infosec Domain" making a negligent mistake of including phishing in their own blog might be a reason to perform a "virtual seppuku" immediately. Very doubtful that a specialist of this kind would not verify anything prior publishing and specially not removing the "our" part for the project behind a blog advertisement to not appear as his own project (which actually happened).

If all this is not yet enough to assign the role of the actual actor behind phishing of Majestic Bank, eXch and Coinomize to Animesh, we inform you that we have contacted the blog's author immediately after a discovery suggesting to remove that blog article explaining that it contains a malicious URL was complete ignored. Now it's for sure is enough. Why? Because this "work" simply "works" for him and generating passive income. Many of our customers scammed by that person is yet another proof for that. Additionally, meanwhile ignoring our message that definitely was of importance for his own good, he had time to make another fresh blog post ridiculizing someone else who also messaged him in regards to our previous Bitcointalk post.


Open in full resolution

This given that his recent blog post comes right after the blog post advertising his malicious "DarkNetEye" and its phishing URLs.

It also appears that the guy is very persistent in everything he does and won't give up easily since it's a first time in his life he managed to get some significant (for India) income on the Internet, but in any case, the date of this publication is the day when anir0y's professional career ends and official criminal history starts, unfortunately for him, since there will be the criminal investigation on his person because we will for sure do our best to inform our affected customers by his phishing to sue the correct person and demand their money back. It's also not a joke how India's law enforcement threats their own citizens involved in criminal practices and it will be for sure hard times for Animesh.

By the way, have you ever noticed how https://darkneteye dot com/services/ is one of the few resources that also added SWP[.]CX so quickly?


Open in full resolution

Which even got update earlier today removing eXch and substituting it with SWP[.]CX so they can continue scamming, since their phishing scheme is becoming outdated.


Open in full resolution

There are also another resources sharing the same phishing links targeting Majestic Bank, eXch and Coinomize:

Code:

dark[.]taxi - yet another anir0y's work (registered via Njalla/Sarek and IP behind Cloudflare) that imitates the legitimate tor.taxi so it becomes even more confusing for newcomers in the same way anir0y imitates DarkEye with DarkNetEye.

darkweeble[.]com  - yet another anir0y's work (registered via Namecheap and IP behind Cloudflare) that lists phishing at https://darkweeble[.]com/services/ with special accent on these lovely reviews https://darkweeble[.]com/reviews/exch and https://darkweeble[.]com/reviews/majestic-bank with of course phished links again

darknetmarketlinks[.]net - anir0y's SEO optimization (registered via Njalla/Sarek and IP behind Cloudflare) listing all the same phishing links including dark[.]taxi, darkneteye[.]com and darkweeble[.]com 

tor2doormarket[.]io  - anir0y's "tutorial" (registered via Njalla/Sarek and IP behind Cloudflare) on how to use darknet with a "friendly" recommendation of eXch linking to the phishing (also in its FAQ page). Also at the footer there is a mix of legitimate links mixed with his own projects like dark[dot]taxi to confuse people and search engines

royalmarket[.]org - anir0y's another "tutorial" (registered via Njalla/Sarek and IP behind Cloudflare) on how to use darknet with a "friendly" recommendation of eXch linking to the phishing

What is also specially interesting and common for all the malicious websites above (including 2 Github repos) is that they list a valid .onion link for the Infinity exchanger - the project behind DDoSing eXch in the past and also running a stealth rogue campaign against Majestic Bank - another popular instant exchanger. It's unclear whether Animesh is also behind Infinity or not, but all this data suggests that it's a possibility.

We think it's already more than enough talking about Animesh here so let's move on to DARK.FAIL now.

We were not publishing this article just because it was incomplete without at least some sign of life from DARK.FAIL's admin (later "DFF"), of course, as it was unclear what was the reasons for listing the potential (and actual) scammer's project on DDF.

Earlier this week, the DDF admin returned back from silence with a following statement on some known deepweb platform:

"Swp is not a phishing site. I will suggest to their admin that they change their design."

which was a reply to some kind of series of replies after yet another known legitimate similar resource operator "tor[.]fish" claimed the following:

"We were approached by a site going by the name of swp[dot]cx about a week ago and offered a large amount of money to list them (which we refused as we don't operate that way). A few days later, another offer from another very suspiciously similar looking exchange. Clearly someone is creating a series of these sites."

That makes it clear that Animesh Roy who is behind SWP[.]CX has used the money he obtained from scamming eXch users by phishing to bribe the DDF admin in order to get his scam platform boosted, given the significant popularity of DDF.

What makes it even more disastrous is that even an admin of a less popular resource TOR[.]FISH (TDF) refused the bribe in order to not risk their reputation because they must be mature enough to understand that it worth a lot more than just money.

This is where also DARK.FAIL's reputation comes to end, exposing this platform as a cheap liar with non-existent ethics capable of thinking only short-term, because SWP[.]CX will eventually exit-scam and forget about the Internet after someone sends him above 5 BTC which is enough money to rebuild some small village in India, while DARK.FAIL's reputation will remain damaged forever.

To finish this article on an additional note, we would like to inform our readers that Njalla/Sarek.fi (a one-man operation domain registrar by Peter Sunde) ignored all our reports and requests to suspend malicious domains mentioned in this article belonging to this scammer. It is widely known that Njalla/Sarek widely popular many years ago but after starting suspending domains and servers purchased from him that host websites that oppose his personal views on some political and controversial topics (like COVID), his service reputation decreased significantly due to people from many privacy-centric communities advocating against using his services. This also demonstrates how Peter Sunde is actively supporting phishers on his domain registrar and hosting, while bashing free speech which he used as his marketing gimmick when he launched his platforms.

[JollyGood]

I have just seen this, thank you for the initiative. I have taken the opportunity to enter the free raffle and would like to thank those parties involved in making this happen.

You can join the third Raffle and try to win a Custom eXch Cryptosteel Capsule!  

[FREE RAFFLE] - Custom eXch Cryptosteel Capsule (#3)!

[examplens]

The domain redirection from exch.cx to exch.pw will be reverted within 2 days, leaving three separate domains operable without redirection: exch.cx, exch.pw and exch.is (TBD). We are also in a process of acquisition of some more presentable domain name which will be announced once complete.

What do you think about having a small informative banner on your website about your official pages and domains?
OK, you have such information in the footer, many people don't even get to the footer but go directly to the exchange process. I am convinced that it would be very useful to have some kind of warning at the top of the page.
Your fight against phishing sites has only just begun, the more you grow, the more people like Animesh Roy will appear.

[NeuroticFish]

Your fight against phishing sites has only just begun

Indeed. And it just occurred to me that although I've talked about this not long ago, I didn't warn eXch explicitly:
From what I've seen not so long ago on another website that became very popular and next the number of phishing sites started to grow, the next step was that the phishing sites started reporting the original site (!!) to search engines as copy/clone/fraud (!!).
Imho you (eXch) should think one more step ahead and prepare your homework well.

[eXch]

I don't know if this is a typo. But you need to replace one letter

It was not a typo before the recent display name change from eXch.cc to eXch, because the 'eXch.cc' was always our username so it was correct, since the first link actually leads to our Bitcointalk profile.

It became a typo a week ago after the display name change.

I have a question about lightning

I see you need "Zero-amount invoices only"

I am using Aqua wallet, which has LN integrated. The minimum invoice is 1000 sats.

Will my 1000 sats invoice work?

Sorry if it is a dumb question, I have little experience with LN.

There are no dumb questions.

I am personally not aware of how Aqua wallet works since I never used it, but if you provide me with the invoice I can look it up and help you.

I recommend creating a support ticket directly with us where we provide dedicated related to LN even when the issue is not related to our exchange (free of charge), since LN is still very fresh and there are many issues, but we like the tech behind it and would like to contribute to its popularization.

I have two follow up questions.

1. If my order becomes a backorder, will eXch use the exchange rate applicable at the time the reserves fill up and my order gets processed or the rate from when my deposit transaction confirmed? I am pretty sure it's the former, but let's see.

2. What are the possible reasons why a backorder gets refunded from your side? Is it fee related? If I began the exchange at a time when the mining fees for the coin I wanted were low, but then they doubled, would eXch process the order, request more for mining fees, or return the initial deposit?

I checked your FAQ section, but it doesn't mention any of this regarding backorders you just discussed. Perhaps you should add it, so your clients know such an option exists.

1. It's the former.

2. One example I could think of is when a backorder is too big and remains too long on sight we may just revert it to REFUND REQUEST. Let's say the backorder is asking for 50000 XMR. This would take for us at least 2-3 days to fulfill (if not more) and it will also make our 'Reserves' tab to show "0" if our overall balance is below 50000 XMR, since the backordered amount also affects our available reserve. This is the only reason why we ever force-refunded such orders. In regards to mining fees - we never change order details after a deposit confirmation independently of the conditions. If they doubled - we will still proceed with the payout. We also don't let the backorders remain for too long as we usually try to acquire external liquidity for them in order to execute them as fast as possible.

Thank you for the suggestion on adding it to FAQ, it's very likely we will do so.

This is mainly why we have the message "You can start exchange without calculating and send any amount (calculation will be performed on receipt)" right to the "Exchange" button.

Since the Reserves are shown on the same page, I didn't expect this functionality when there are no reserves left.

I checked your FAQ section, but it doesn't mention any of this regarding backorders you just discussed. Perhaps you should add it, so your clients know such an option exists.

I was going to suggest the same thing

Yeah, it's indeed very unobvious for now. We have many things to improve.

Have there been any cases of USDT wallet blocking by the issuer(Tether) after an exchange on your exchange?

No.

What guarantees do you give when exchanging my BTC for your USDT?

Nobody can guarantee that and I recommend using DAI if you need such a guarantee. However, as long as we are a project that operates in a legal scope and, say, not darknet, we are fine with Tether as well as the funds coming from our address. Tether is also well-aware of our exchange.

Also a good answer here by bitmover in that regards: https://bitcointalk.org/index.php?topic=577207.msg63792374#msg63792374

what will happen if someone sends stolen money to this USDT ETH address, and then it goes to the client from this address?

The client will receive clean funds from an entity called 'eXch' which is tagged as a centralized exchange by most address categorization engines.

Ethereum is a non-UTXO system and there is no way to tell which exactly part of the previously received funds is being sent forward. Chain analysis systems determine the clean/dirty ratio of an Ethereum address by the percentage of incoming funds and their origin. Our clean ratio is above 50%.

in my opinion, there is a greater chance of getting depeg dai than a random usdt block (for the previous owners of these usdts)

DAI has passed many depeg stress tests successfully already. It has proven itself as a very reliable stablecoin for last years. As for USDT blocks - they happen on a weekly basis. Please check this Twitter: @usdtblacklist

Our domain exch.cx was suspended by Lyubomir Gyundzhiev from Key-Systems who misread our abuse report resulting into suspension of the victim's domain instead of attacker's.

The new domain is not working.
Not even an hour has passed since the new domain was announced, and yet a DDoS attack? really?

502 Bad Gateway
The server returned an invalid or incomplete response.

It's most probably our service is currently under a DDoS attack.

exch.cx is now redirecting to exch.pw. I guess the issue is close to be solved. However, the Bad Gateway error remains here. Seems to be fixed as of 20h UTC. The redirect to exch.pw however remains.

There were some misconfigurations on our front-end servers that were fixed later. That day was pretty busy for us and everything was done with some significant delay.

Will you also create a vanity .onion name? Something that's easy to remember (partially) and very hard to reproduce. I think the way to do this is generate many vanity .onion domains, and hand-pick one that has "something extra" that rolls off the tongue nicely.

We thought about that, but the efficiency and usefulness of a such address is very questionable.

Having a vanity address won't protect from phishing independently of the invested power to generate it.

Standard security practices for remembering and visiting HSv3 appeal against relying on vanity-generated addresses or their recognizability. During Tor's transition to HSv3 addresses, this topic was widely discussed across Tor Project's discussion boards in regards to the new address format's increased exposure to phishing. Since we have an easy rememberable clearnet domain which lists our valid .onion and see no reason to use other sources other than our clearnet website and maybe this Bitcointalk thread to get the correct .onion.

Moreover, our clearnet website doesn't block Tor like most other projects out there so there is absolutely nothing that would prevent a Tor user from visiting our clearnet domain to get the .onion address. Additionally, there is KycNotMe - a project that is now considered to be the main anti-phishing directory for crypto-related services. Even the DarkNetBible - something that many DNM and Tor users consider a "holy" manual for using Tor - stopped listing crypto-related services and now directly recommends OrangeFren and KycNotMe only.

Given all this, it's a mystery to me how people still manage to get phished given that our genuine .onion is findable in 1 click from many legitimate sources, including our website.

We are also glad to inform you that our latest app's release (1.2.0) makes it possible to set reserve notifications and alerts, so there is no more need to check our website for certain coins reserve updates manually.

Wouldn't it be better to automate the reserve refill so that the balance is refilled every hour or two instead of doing it manually? This will be easier, as if I find that the DAI reserve is zero, this means that I need to wait for the next hour to find that the balance has been refilled.

Stablecoin refills are already automated via Thorchain, but there are people who constantly check our XMR reserves manually and it's not something we currently automate so app users makes it easy for people who look for XMR reserves to appear.

Any updates or estimates for adding Liquid network assets (L-BTC and L-USDT)?

Not yet.

Will you also create a vanity .onion name? Something that's easy to remember (partially) and very hard to reproduce. I think the way to do this is generate many vanity .onion domains, and hand-pick one that has "something extra" that rolls off the tongue nicely.

That's a good idea.
This could make it much harder for scammers to trick users with fake onion links.

Not at all - if you check some mixers who had/have vanity generated addresses, they were/are targeted even more with vanity-generated phishing. Phishing by typosquatting is something much more effective than email spam nowadays.

Let's say we manage to generate this address:

exchcxxxxxxxxxxxxxxxxxvjvmnwj33g4wviuxqzq47emieaxjaxxxxx.onion

It will still be overplayed with typosquatted addresses in the following example:

exchccxxxxxxxxxxxxxxxxvjvmnwj33g4wviuxqzq47emieaxjaxxxxx.onion
exchccxxxxxxxxxxxxxxxvxjvmnwj33g4wviuxqzq47emieaxjaxxxxx.onion
exchxxxxxxxxxxxxxxxxxxvjvmnwj33g4wviuxqzq47emieaxjaxxxxx.onion
exchxxxxxxxxxxxxxxxxnwj3vjvmnwj33g4wviuxqzq47emieacxxxxx.onion
exchxcxxxxxxxxxxxxxxnwj3vjvmnwj33g4wviuxqzq47emieacxxxxx.onion
exxchvvxxxnxxxxxxxxxnwj3vjvmnwj33g4wviuxqzq47emieacxxxxx.onion
exchcccxxxxxxxxxxxxxnwj3vjvmnwj33g4wviuxqzq47emieacxxxxx.onion

and so on...

Phishing is a very tricky business and will always be there for any resource doing money transfers. It targets people who have bad personal security practices. Just in the same way Ethereum-alike address/transaction poisoning works to expect an uncareful user to copy the destination address from his last transaction history which turned to work pretty efficiently and there were millions stolens already this way. Nobody can be blamed here but users themselves.

While people simply "doing it wrong" by copying .onion addresses from random sites and not official ones, it will always be their problem and we are refusing to take any responsibility for their actions.

Also note that it's absolutely nowhere we stated that we are an .onion-first exchange, since we operate in a legal space as an absolutely legal project with a registered company (unlike some scammers who lie about having company registered in Seychelles) and have a clearnet domain that doesn't block Tor users and doesn't use Cloudflare. Please just use it, including for a purpose of finding our .onion, since it's what clearnet sites exist for.

What do you think about having a small informative banner on your website about your official pages and domains?

There are significant upcoming changes in that regards, but it won't be done this way.

OK, you have such information in the footer, many people don't even get to the footer but go directly to the exchange process. I am convinced that it would be very useful to have some kind of warning at the top of the page.
Your fight against phishing sites has only just begun, the more you grow, the more people like Animesh Roy will appear.

The word "fight" itself doesn't scare us a little bit since this whole project is already some kind of fight itself, so we were prepared for it.

What in regards to your concerns to phishing becoming more frequent - I'll slightly disagree here.

This specific phishing campaign is not like others that existed in the past (even targeting other projects) or will exist in the future any soon. You should understand that the amount of time and effort spent only to _prepare it_ are exorbital.

If you check our recent article and dig a bit yourself, you will see that the phisher himself spent a whole 2023 year to only prepare this campaign and he had results only in the recent months. There is a LOT of work he done worth far more than a salary of a full time programmer for a whole year. Phishers like this one is very rare from our experience and this guy literally just threw a year of his hard work to the bin by making us trace him, which took only 3-5 hours of investigation to catch this guy having all the recent data that he exposed about himself and his phishing operation and additional 2 hours to write an article.

From one side he looks quite skilled and creative, but from another side he is pretty dumb to spend so much time and money on something so easily traceable, because the most of his fruits were given by his clearnet domains, where everything is pretty much traceable.

I think who will fight there are phishers like Animesh themselves, in case after our disclosure someone else dares to do it of course, since we pretty much gave the sign to anyone who wish to mess with eXch Security Team to think twice before doing so. For us it will always be a very quick task to track and expose them but for them it's for sure a lot of work to setup such an efficient scheme.

What in regards to some one-time low-effort phishing sites that will only exist within the Tor indexers and not beyond - not that we would care much about it since they are barely effective and people who generally want to use some link from them actually wish to get scammed, so we can't stop them from losing their money voluntarily. They existed before this specific phishing campaign already and will exist after and they are not something that will be on our radar. We are interested in efficient campaigns like this recent one and predict everyone who is behind one ending like that guy from India.

We also won't agree on the opinion that the phishing is a result of some our mistakes - they are not and there are none. Everything you need to not get phished is just to visit our clearnet site or this thread in order to add the correct .onion to your favorites. We also had a link to our Bitcointalk thread on our website from a very relaunch of our project. It's just some Tor users who often surf darknet under the influence of chemical substances in a hurry having 100+ tabs opened simultaneously end by getting scammed due to their own negligence and we nor anybody else can help them unfortunately. The guy who got scammed for 1 ETH was this kind of user exactly, but I'd rather not to go into personalities.

Don't forget also that if we wouldn't expose this phishing campaign and start writing about it, nobody ever would even hear about it, since victims who got scammed managed to do it out of their very uncareful behaviour.

It's really very hard to get phished being an eXch user, given that we are a clearnet-first project and not some darknet site. The investigative report we published is not a sign of sympathy to phished users by the way, since as I explained before, it's *very* and again - *VERY* hard to even find and use a phishing copy of our .onion website.

[icopress]

Have there been any cases of USDT wallet blocking by the issuer(Tether) after an exchange on your exchange?

As you can see above eXch's answer was "no".

I can say from my own experience, half a year ago, when I needed to exchange bitcoins for the dollar equivalent, I first turned my attention to Ledger Live, and after I was horrified to see a 5% commission, I realized that eXch’s commission costs of 0.5% seem simply incredible (btw, I already have Trezor). But before the exchange, I was also bothered by the same question... so I decided to turn to statistics, according to which over the past few years, a total of 1300 USDT addresses and 300 USDC addresses have been blocked.

For this reason, I chose DAI.

[JayJuanGee]

Have there been any cases of USDT wallet blocking by the issuer(Tether) after an exchange on your exchange?

As you can see above eXch's answer was "no".

I can say from my own experience, half a year ago, when I needed to exchange bitcoins for the dollar equivalent, I first turned my attention to Ledger Live, and after I was horrified to see a 5% commission, I realized that eXch’s commission costs of 0.5% seem simply incredible (btw, I already have Trezor). But before the exchange, I was also bothered by the same question... so I decided to turn to statistics, according to which over the past few years, a total of 1300 USDT addresses and 300 USDC addresses have been blocked.

For this reason, I chose DAI.

Wow!!!!  From the link I see, $1 Billion frozen on USDT.. and also there one chart that breaks down how much value per banned (frozen) address and another chart that shows almost an exponential increase in the quantity of address bannings since 2020.

[paid2]

Feel free to join our 4^th free raffle and try your luck to win a nice Custom eXch CryptoSteel Capsule 

[FREE RAFFLE] - Custom eXch Cryptosteel Capsule (#4)!

[GazetaBitcoin]

Feel free to join our 4^th free raffle and try your luck to win a nice Custom eXch CryptoSteel Capsule 

Thanks again eXch and paid2 for these raffles! I hope I will be more lucky this time And, of course, I wish good luck to all participants!

This raffle was properly highlighted in the Romanian translation of OP and also in the dedicated thread we have in our local board.

[paid2]

Thanks again eXch and paid2 for these raffles! I hope I will be more lucky this time And, of course, I wish good luck to all participants!

This raffle was properly highlighted in the Romanian translation of OP and also in the dedicated thread we have in our local board.

Thank you for the translation and for sharing!
Good luck!  


In the meantime, it looks like eXch is under DDoS attack  

[Pmalek]

<Snip>

eXch is back online now under the .cx domain. The temporary .pw domain redirects to the .cx domain. I also tested to TOR version of the exchange and it also loads fine. Whatever attack there was, it seems to have been resolved.

@eXch
Last week you made changes to your OP and pointed all links to the .pw domain. Will it remain like that from now on?

[dkbit98]

Not at all - if you check some mixers who had/have vanity generated addresses, they were/are targeted even more with vanity-generated phishing. Phishing by typosquatting is something much more effective than email spam nowadays.

I never said it's impossible, it's just a little harder for them to do it
Recent examples with Privnote and phishing Pirvnote scam website showed me that people don't even notice some obvious differences.

In the meantime, it looks like eXch is under DDoS attack  

It's back and working fine fine for me, but I would always suggest checking out and using eXch official onion link, this is harder to DDOS attack and it is better for privacy.
Better to bookmark onion link in Tor browser to avoid phishing attacks.

[Pmalek]

I would always suggest checking out and using eXch official onion link, this is harder to DDOS attack and it is better for privacy.
Better to bookmark onion link in Tor browser to avoid phishing attacks.

That's what I did. The exchange's official onion link is bookmarked on my end, but before I use it, I still check this thread and the clearnet site to see whether there was an announcement that something changed or happened to the old domain. Better late than sorry. It requires two extra steps, but I don't mind doing it.

[eXch]

The long-running campaign started by Bestchange and their affiliates in 2017-2018 aimed on attacking Bitcoin and other cryptocurrencies fungibility in attempt to favor chain analysis companies didn't end well:

https://home.treasury.gov/news/press-releases/jy2204

https://www.chainalysis.com/blog/ofac-sanctions-russia-blockchain-companies-netex24-bitpapa/

https://www.theregister.com/2024/03/26/us_sanctions_russian_entities/

It seems OFAC and their contractors like Chainalysis don't really care that Bestchange-affiliated swappers actively push AML/KYC policies, since by the end of day these don't prevent them from receiving and sending funds to OFAC-sanctioned entities independently of how much they pay to the scam company called AMLBot who successfully fooled the russian market segment for years.

The morale of this story is that the more you try to favor your enemy (state and chain analysis platforms) hoping you won't get a hit - the harder they will backstab you.

AML/KYC is not worth implementing if you are in crypto and even if you decide to play the double-faced game you will still end like Netex24, Bitpapa and KuCoin (https://www.justice.gov/usao-sdny/pr/prominent-global-cryptocurrency-exchange-kucoin-and-two-its-founders-criminally).

Here is another example of that that I have found by an occasional coincidence mistyping "exch.cx" in the web-browser: https://ech.cx - a domain belonging to some old company "Echangere" that tried to run this kind of business once who made a very heartbreaking and honest statement on their website after taking a decision to cease their operations, apparently due to constant pressure from chain analysis companies and the state.

Stay honest to yourself and your principles. Don't be hypocrites like Bestchange. Cryptocurrency key mission is not to empower chain analysis companies.

Echangere has shutdown

It is with a very heavy heart that we regret to inform you that Echangere has shutdown operations for now. As some might have noticed, we have been very quiet for the last month. The reason being that we found out, our current model for operations was unlawful. In order for Echangere to become lawful we would be required to do full KYC on our users. This means we essentially need to become eyes and ears for the government and inform them every time a user would do anything out of the “norm”. Now as most of you know, we did not require full KYC, only basic information. This is because we believe it is wrong for a private company/business to hold such sensitive information like a government ID on its users.

Acting as cops and giving into the already huge surveillance is not something we want to participate in. The way the regulation and rules are put together breaks with the principals of the western world. Instead of being innocent until proven guilty, it turns things around making everyone guilty until proven innocent. This is not something we want to support. We believe the systems we had put in place were more than enough to determine the validity of users, and the funds moving in and out of our platform. The absurd thing is, Echangere never got off the ground. We never had any money flow through our platform, but we are apparently still required to abide by the same rules as centralized exchanges. We believe it is wrong that the law does not have minimum amounts before a business needs to become regulated with full KYC on its users. With regulation acting as such on Peer-to-Peer Marketplaces we essentially lose our number one market advantage of not being full KYC. If Peer-to-Peer Marketplaces are regulated in the same way as centralized exchanges, then the end-user would almost always pick the CEX, as that removes the risk of dealing with another person. Even though the P2P has the escrow that protects the end-user, then not dealing with another person is preferred by most. Therefore it no longer makes sense for us to run Echangere, when we need to be regulated as such with full KYC. We believed that since we did not touch fiat currency in any capacity that, that would make it all be clear. Most governments do not recognize cryptocurrency in any sense of the word. But apparently, they recognize it enough to the point that if you touch it, you must follow all kinds of crazy rules… This does not make sense. As stated from the beginning we are committed to comply with rules and regulations as long as they are possible to follow. We would like to be compliant with AML and KYC, but we will not participate in the surveillance state. In order to comply with AML and KYC we had various systems put in place to prevent fraud, money laundering and other illegal activities. We believe KYC is not only looking at a government issued ID, as our approach was determining users based on the information they submitted. We live in 2023 and most people leave all kinds of digital footprints behind, that can be used to determine the validity of a user, therefore KYC.

We have spent the last month going over each and every possibility in order to keep being in operations, such as: going offshore, going decentralized, raising capital and going full KYC. Now none of these sound particularly interesting in our ears. As you know Echangere was made from scratch as a father and son project, and we intended to keep it as such. We are very sad that Echangere has not even reached the broader market, and even proven its worth. We had to shut it down before the party began.

The future of Echangere is uncertain, but since all our infrastructure is made from scratch, we will properly pursue what we already had planned such as launching a variety of bi-products like payment gateways, donation gateways, B2B custodial service, B2B escrow service and more. But all this requires a lot of time spent in development and comes with its own challenges in terms of regulation. The difference being B2B would be a KYB and not KYC.

Right now with the sad closure of Echangere our new focus will be on a bi-product we had planned called depouch. depouch is an upcoming Cross-Chain DeFi application and wallet with focus on user-experience. It will allow people to swap layer 1 cryptocurrencies without KYC and registration. You will have full self-custody and depouch is 100% decentralized. It is a mere interface to the blockchain. We look forward to bringing this to the market in these times of darkness. If you want to stay updated on depouch you can do so by following our twitter @depouch.

We thank you for your understanding, and we hope you will join us in this freedom fight we are all fighting.
It is time we say stop to the crazy rules and regulations that destroy innovation and free market competition.
With that said, we hope to see you all trying depouch sometime in the future.

Best wishes
Thorbjørn “BubbiByte” Breum
&
Carsten Breum

[dkbit98]

The morale of this story is that the more you try to favor your enemy (state and chain analysis platforms) hoping you won't get a hit - the harder they will backstab you.

I totally agree with this statement.
Everyone can see how much ass kissing was done by CZ-binance in last few years, and now he can't leave the states and he is probably waiting for prison time.
Another thing that is concerning to me is that Coinbase exchange could possible go down in near future, and they are holding a bunch of bitcoins connected with ETF's.

[silopause]

When will you start accepting Solana?