eXch - instant exchange BTC / LN / XMR / LTC / ETH / ERC20

[joker_josue]

I keep asking myself why they don't start using a more traditional domain in order to avoid these types of errors on the user's side.

For example, this one is still free: exch.services

Even sites with a very traditional .com domain have loads of phishing duplicates. And changing URL now makes it only worse.

Yes, that is also true. But usually the problem before is in the .com. Which reduces the possibility of making mistakes, or at least is more perceptible to the user.

It's one thing for me to be unsure whether it's exch.cw or .pw. Another thing is to be unsure whether it is exch.net or excha.net.

[NotATether]

It's one thing for me to be unsure whether it's exch.cw or .pw. Another thing is to be unsure whether it is exch.net or excha.net.

I don't think .cw is a valid TLD.

[ABCbits]

The Good news is that Cloudfare now displays a warning about the site

This is first time i see CloudFlare display such warning. And it's surprisingly good news, since in past they resist to stop offering service for pirated website[1-2].

[1] https://cip2.gmu.edu/2016/08/17/cloudflares-desperate-new-strategy-to-protect-pirate-sites/
[2] https://adguard-dns.io/en/blog/cloudflare-torrent-court-ruling.html

[Pmalek]

Depending on when the customer support is manned, you might have to wait a (very) long time for a support agent to answer you after the first reply they make.

I can't believe I have to write this, but in case anybody asks, no, this is not fearmongering!

As they explained in their post a few days ago, your case was different. You weren't a customer and user of a swap operation. You were an outside partner and affiliate. eXch stated that they are quick to address complaints regarding their exchange operations (I think it's within 48 hours). Therefore, everything else has a lower priority. Luckily, I have never had any problems with swaps that required that I get in touch with their support to be able comment on the speed of their replies.

[JollyGood]

I have never seen any website using Cloudflare ever display anything like this before therefore either it is a new addition on their system or they have not received reports of phishing on websites that I might have visited. This is a welcomed move from Cloudflare.

Even if these types of websites get reported they usually pop up again using another domain and wait for it to be shutdown before the cycle of them creating website starts again. Still, hopefully the scammers will eventually get tired and stop.

The Good news is that Cloudfare now displays a warning about the site

[NotATether]

I have never seen any website using Cloudflare ever display anything like this before therefore either it is a new addition on their system or they have not received reports of phishing on websites that I might have visited. This is a welcomed move from Cloudflare.

It's always been there actually, at least for some time.

Even if these types of websites get reported they usually pop up again using another domain and wait for it to be shutdown before the cycle of them creating website starts again. Still, hopefully the scammers will eventually get tired and stop.

The business model for making scam clones is extremely lucrative, as they can often poach hundreds, or even thousands of dollars worth from a single trade, whereas registering new domains for a year only costs a fraction of that amount. So that even if a domain is suspended they can move on to the next one. Server and operating costs are usually static since there isn't actually any infra running.

[SFR10]

I keep asking myself why they don't start using a more traditional domain in order to avoid these types of errors on the user's side.

For example, this one is still free: exch.services

Which reduces the possibility of making mistakes, or at least is more perceptible to the user.

You have a point and while that might somewhat improve the above situation, a change in the domain extension isn't going to provide any protection against Punycode attacks ^{[unfortunately]}:

e.g. Copy-paste the following link in the Punycode field of this "converter" and see the result:

Code:

xn--xh-mlc3c.services

I hope exch.cx should try to find similar sites that clone their website and report them also.

I found another one that was recently registered ^{[Whois result]}:

Code:

https://exch.ac/

[BitcoinGirl.Club]

I keep asking myself why they don't start using a more traditional domain in order to avoid these types of errors on the user's side.

For example, this one is still free: exch.services

Apparently it will be "exch.net" (at least if their plans did not change since).

This is much easier to remember. The cx TLD is too hard to remember as I already posted in my last post.

[examplens]

This is much easier to remember. The cx TLD is too hard to remember as I already posted in my last post.

.cx it's not hard to remember, it's just unusual, so it may require an additional check of the correctness of the domain name. .pw (which was used at some point) is perhaps a worse choice because it is cheap and often used for one-off scams and malware distribution
.net is my personal favourite, and I will be glad when it is officially the default domain for exch exchange.

[JeromeTash]

Here is another "unofficial" domain

Code:

exch.ws

The funny thing is that the homepage redirects to the official onion link via a referral link. Perhaps the person behind it is trying to earn from the affiliate program

Code:

http://hszyoqwrcp7cxlxnqmovp6vjvmnwj33g4wviuxqzq47emieaxjaperyd.onion/?ref=EA1C6A3a

It still can not be trusted since the person can easily just change the onion links.

[JollyGood]

It's always been there actually, at least for some time.

I have no reason to assume anything contrary but for one reason or another I had never seen any warning of that type from Cloudflare before. I am glad they have that protection in place as it acts as a warning to people that could have stumbled across those websites. As clone website get used more and more in scamming attempts maybe we will see these warning far more often than before.

The business model for making scam clones is extremely lucrative, as they can often poach hundreds, or even thousands of dollars worth from a single trade, whereas registering new domains for a year only costs a fraction of that amount. So that even if a domain is suspended they can move on to the next one. Server and operating costs are usually static since there isn't actually any infra running.

I would be curious about how lucrative it actually is in USD$ on a yearly basis. If they were not making money, the scammers would have stopped but there seems to be more than enough incentive for them to simply carry on in that cycle of creating a cloned website on a lookalike domain but be ready to duplicate it on another lookalike domain as soon as they get shut down. While all that is happening, they will be hoping to generate as much income as possible by creating as many victims as possible.

[albon]

CloudFlare already answered and said they flagged the website, they also reported the website to the domain provider. I did too, and if you want to report it too here are the info:

The Netim registrar team has already responded to the report I submitted regarding this phishing site. The scammer behind it has 8 days to proceed with the verification procedures requested by the Netim team. Let’s see what this scammer will do.


-------------

I found another one that was recently registered ^{[Whois result]}:

Code:

https://exch.ac/

Here is another "unofficial" domain

Code:

exch.ws

Good catch, guys. I can also file reports to the registrar of these phishing domains you mentioned.

I know that scammers will not stop creating more unofficial scam domains, but if we ignore everything they do, the internet will be filled with many of these domains that someone might come across in a search engine and mistakenly trust.

I have no reason to assume anything contrary but for one reason or another I had never seen any warning of that type from Cloudflare before. I am glad they have that protection in place as it acts as a warning to people that could have stumbled across those websites. As clone website get used more and more in scamming attempts maybe we will see these warning far more often than before.

These warnings will appear if you file a report through this [link] about the phishing site and after the Cloudflare team confirms the abuse of their service based on the evidence and details you provided in the form.

[BitcoinGirl.Club]

This is much easier to remember. The cx TLD is too hard to remember as I already posted in my last post.

.cx it's not hard to remember, it's just unusual, so it may require an additional check of the correctness of the domain name. .pw (which was used at some point) is perhaps a worse choice because it is cheap and often used for one-off scams and malware distribution
.net is my personal favourite, and I will be glad when it is officially the default domain for exch exchange.

I was looking for the reason for .cx ccTLD and found the followings

Customer Experience
A .cx domain can be used to create a website dedicated to communicating with customers, or to show a business's commitment to providing a great customer experience.
Cryptocurrency
The .cx domain can also refer to a "crypto exchange" and may be a good choice for cryptocurrency sites.
Christmas Island
The .cx domain can be used by businesses that target residents of Christmas Island, which is located in the Indian Ocean south of Indonesia.

So the crypto exchange represents the ccTLD .cx. It's now confusing me with .ce

[joker_josue]

I was looking for the reason for .cx ccTLD and found the followings

Customer Experience
A .cx domain can be used to create a website dedicated to communicating with customers, or to show a business's commitment to providing a great customer experience.
Cryptocurrency
The .cx domain can also refer to a "crypto exchange" and may be a good choice for cryptocurrency sites.
Christmas Island
The .cx domain can be used by businesses that target residents of Christmas Island, which is located in the Indian Ocean south of Indonesia.

So the crypto exchange represents the ccTLD .cx. It's now confusing me with .ce

This just shows that there was a good marketing team promoting the idea that .cx was good for crypto businesses.

.cx has always been a top Christmas Island domain. But the similarity is with .tv - Tuvalu's top-level domain, which has become an excellent source of revenue for the country. The same thing they want to do with .cx. Some tried to sell the idea that .tv was a good domain for television channels. But, even today, there are few televisions that have adopted this idea.

People must keep in mind that these types of top-level domains continue to be references in their respective countries. And search engines continue to classify these ccTLDs as being from a certain country or for the target audience of that country.

[JollyGood]

That explains a lot, thank you for the explanation and the link.

The fact Cloudflare are (or seem to be) engaging in suspending websites that are phishing is very welcomed. In my opinion it is the right course of action because they should take any form of preventative measures to protect consumers that visit websites using which are using Cloudflare nameservers otherwise it could appear that they are complicit by virtue of inaction after receiving reports.

I have no reason to assume anything contrary but for one reason or another I had never seen any warning of that type from Cloudflare before. I am glad they have that protection in place as it acts as a warning to people that could have stumbled across those websites. As clone website get used more and more in scamming attempts maybe we will see these warning far more often than before.

These warnings will appear if you file a report through this [link] about the phishing site and after the Cloudflare team confirms the abuse of their service based on the evidence and details you provided in the form.

[dkbit98]

Even sites with a very traditional .com domain have loads of phishing duplicates. And changing URL now makes it only worse.

It would be good if someone could create a tool or service that could scan one website and find all the clones with different domains, maybe even creating alert notification when new clone appears.
I am giving small homework to out crypto developers in forum to create something like this, unless something similar already exist
We can use this for eXch, bitcointalk forum, and for any other service or exchange.

[eXch]

WARNING: exch[.]ac - PHISHING WEBSITE!!!

exch[.]ac currently hosts a website that is a phishing copy targeting our original service (eXch).

This phishing website was done with lots of mistakes that immediately expose lack of authenticity:

- Uses Cloudflare's reverse-proxy service with a misconfigured account requiring CAPTCHA verification for Tor users and also exposing its users at risk by using state-sponsored MITM servers (eXch doesn't use the Cloudflare reverse-proxy service)
- Order IDs are 20-char length (our service's are 18-char length)
- BTC amounts without a leading zero when start with a leading zero (for example .0007, while on our website it's always 0.0007)
- Public PGP key of unusual size compared to ours.
- And so on...

BE CAREFUL!

Domain abuse report contacts:

- Reseller (where the malicious actor bought the domain with crypto):

https://sarek.fi/abuse/ or https://njal.la/ (same company)

abuse@sarek.fi

- Registrar:

https://www.identity.digital/policies/report-abuse ("Identity Digital")

abuse@identity.digital

Website hosting/IP abuse report contacts:

- Reverse-proxy provider:

https://abuse.cloudflare.com/

[GazetaBitcoin]

Just saw now … excx.FAKE.ch scam site

Here is another "unofficial" domain

I found another one that was recently registered

exch[.]ac currently hosts a website that is a phishing copy targeting our original service (eXch).

I see the list of websites impersonatig eXch and this worries me and also brings me some bad memories... In the era before mixers were banned there were plenty websites impersonating a particular mixer.
If I remember well, paid2 did many efforts in that period and managed to take down a bunch of those copycats.

Perhaps he could share his expertise here...? Or give a hand of help once more...?

[BitMaxz]

It seems that there are many similar domain names that just recently registered I found a few of them

Code:

- exch.zone
- exch.site
- exch.trade

These domains are taken but it's not hosted yet so these might be potential phishing sites in the future or these might be hacker's reserve domains once the other phishing sites are taken down they can later hosted a new phishing site using these domains.

We should really be careful sometimes they can also hijack traffic I heard that there are ways to hijack traffic directly from official site and redirect them to phishing sites.

[nutildah]

Any chance you might consider adding support for DOGE? Transactions so fast & cheap, plus I think its due for a nice pump -- could see increased demand for that as an option throughout the second half of the year.