eXch.cx, Crypto Money Laundering and the Bybit Hack | by NEFTURE SECURITY I Blockchain Security | Coinmonks | Apr, 2025

» eXch.cx, Crypto Money Laundering and the Bybit Hack | by NEFTURE SECURITY I Blockchain Security | Coinmonks | Apr, 2025


What is eXch and How Does it Work?

EXch is an automated centralized exchange that is very primitive in its usage. It functions like OG exchanges (and has the look of one), allowing users to exchange one cryptocurrency for another, and has built a good reputation among users who wish to trade instantly.

eXch generates a one-time address for its users, and once the required funds are transferred to this address, the purchased cryptocurrency is credited to their account.

Currently, it supports the following cryptocurrencies: BTC, LTC, ETH, XMR, USDT, USDC, DAI, DASH, and BTCLN.

Source: eXch

eXch is a rather unassuming exchange with relatively low liquidity and trade volume. They claim not to use any third-party liquidity providers and that all their reserves belong to them and are allocated on their nodes. It is reported that tokens are manually sent to depleted cryptocurrency reserves.

eXch openly provides a ‘proof of reserve’ of their swapable assets on their website’s front page, and it can sometimes be observed — like at press time — that some currency reserves can drop to 0 (e.g., XMR) or come close to it, as seen with their Ethereum reserve, which is barely 2.5 ETH. To what extent this proof of reserves reflects the truth, we cannot say.

March 17th 2025 Capture of eXch Proof of Reserve — Source: eXch

The rustic nature of eXch extends beyond its basic functionality, aesthetics, and mechanics, reminiscent of the pioneering crypto exchanges from a decade ago, deeply influenced by the enduring ideals of Nakamoto’s Cypherpunk vision — privacy, liberty, and resistance to censorship. Back then, ensuring a crypto user’s right to privacy was paramount, and KYC processes were almost nonexistent.

In just a decade, the role of KYC in centralized exchanges has evolved drastically, to the point where no-KYC exchanges are now viewed as anomalies and treated with suspicion, accused of existing primarily to harbor criminal proceeds.

eXch is one such exchange. It first gained traction in 2014, offering a more limited selection of cryptocurrencies, and operated until 2016, when it shut down for undisclosed reasons.

However, it made a notable comeback in the summer of 2022, just as the crypto mixer Tornado Cash was sanctioned by OFAC for facilitating the laundering of hundreds of millions in illicit funds, including criminal proceeds belonging to North Korean state-sponsored crypto criminal threat groups.

Similar to its 2014 version, eXch’s creator remained true to the exchange’s original purpose and design, developing a platform that does not require KYC or SoF (Source of Funds), which have become standard procedures for high-profile CEXs since 2020 as part of anti-money laundering (AML) measures adopted by CEXes, driven by global regulatory pressure.

The absence of KYC and SoF is the very first basic layer of privacy offered by eXch. The website ‘KycNotMe,’ which evaluates non-KYC platforms, rates eXch a 9 out of 10 for safety and privacy. eXch provides access via the privacy-focused Tor browser through its own onion address, with users reporting a seamless experience on Tor.

The platform requires no registration, offers automated refunds without KYC, operates a non-custodial wallet, and, notably for privacy-conscious users, does not require JavaScript — which can be used as a surveillance tool.

Source: KycNotMe

On their website’s Q&A section, the exchange outlines strict policies to ensure users have the anonymous and private trading experience they seek. These include not collecting metadata, using no cookies or other tracking techniques, disabling IP address logging on reverse proxies, caching servers, and backend servers, and removing ROM/TO/refund addresses 15 days after use, or immediately when the user clicks the ‘delete data’ button — in eXch’s words.

eXch seems to fully embrace the principle of censorship resistance, asserting that they ‘do not discriminate or have any rejection criteria,’ when it comes to their users. As a result, every individual is eligible to use the platform, and they do not consider ‘prohibited jurisdictions.’ To protect both themselves and their customers, eXch has made it impossible to detect users’ locations, as they have ‘IP logging disabled.’

But what makes eXch truly a privacy tool is its mixing nature. Although eXch labels itself as an exchange, blockchain security actors tend to classify it as a mixer.

It has two pools of addresses: one is a mixed pool in which sent and received transactions on the platform are combined. In eXch’s own words, thanks to their P2P-like mixing approach, “there is no way to discover how many people are behind certain addresses, and traceability is extremely difficult.”

Meanwhile, in eXch’s aggregated pool, transactions sent by users are collected into a single known address, which is also used for outgoing payments. This setup makes eXch’s interaction with a user visible, significantly reducing privacy.

However, in exchange for this loss of privacy, eXch claims that its customers, who need to have their funds pass through entities with AML requirements, should be relatively safe from having their funds frozen. According to eXch, their interactions are assigned a low-risk score, and funds directly coming from or having passed through eXch at any point will not typically be flagged by most crypto exchanges, including Binance, Coinbase, Gate.io, HTX, Kraken, Gemini, OKX, KuCoin, and Poloniex.

Opposedly, their mixed pool will have “high risks of frozen funds at major exchanges due to high risk score given by chain analysis platforms.”

In a March 15th, 2025 press release, the founder of eXch clearly expressed this dual nature:

“When eXch was established, our objective was to provide a balanced solution that bridged the gap between mixers and government-regulated entities like compliant centralized exchanges (CEX). We anticipated that our approach would be appreciated, as we are neither a mixer nor a CEX that disregards user privacy.”

And as such, eXch has found its public. eXch particularly profited from the heavy regulatory pressure placed on CEXes concerning privacy coins, namely Monero and Zcash — that are notoriously difficult to trace with blockchain forensics and are tools of choice for criminals, even outside the crypto spectrum. Most of those CEXes ended up being forced to ban them between 2022 and 2024.

Although centralized entities are usually not the go-to place for privacy-minded Monero buyers, eXch built itself a relatively good reputation and has seen some Monero users flocking to it.

The eXch shroud of privacy extends beyond its users, as its creator and possible employees are unknown to this day.

Neverthelss tracks left here and there, leads to believe eXch may have european roots.

The European Roots of eXch?

On the website’s Q&A page, eXch affirms that they are a company registered in Belize, country on the north-eastern coast of Central America.

Although that’s where they have registered, it appears that’s not where eXch spurted form nor where they operate today.

In a 2024 report titled “Investigating Hackers’, Exploiters’ Favorite Instant Crypto Exchange” on eXch, crypto sleuth 0xFantasy reveals that while invedtigating eXch first track on forum BitcoinTalk back in 2014, they found enough proofs to allege that the eXch creator was a “A male, non-native English speaker, ex-smoker, interested in privacy, cybersecurity, Porsches, and 90’s era music and film, favorite game Lineage 2, and likely living in Austria (Innsbruck) or Germany.”

While digging a bit more into this, we discovered that the web hosting of the exch.cx website was in France, usually closer a server is to you, the lower the latency. That CentralNic Ltd, the company responsible for registering and managing the domain name was UK based. That the administrative and technical contact for the domain is associated with an address in Roches, Switzerland.

Source: Grindinsoft



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *