1) I received the funds from eXch before the Bybit hack, they just sat there for over a year, but since the eXch Ethereum address is marked/blacklisted, any funds sent at any time from them are considered "illicit."
In the crypto industry, blacklisting is handled very poorly, which is quite pathetic considering that all transactions have timestamps on them, meaning this type of ambiguity should not occur. It is either laziness in the design of the screening tools, or regulatory overreach requiring
every transaction coming form an entity be blacklisted. By the way, I think the problem with requiring that is very clear.
2) The exchange accepted the deposit and immediately moved the funds to their hot wallet, all the while accusing me of having tainted funds. I pointed out to them that now their address was tainted as well. But it doesn't work like that I guess, as illicit funds received by a regulated exchange are now clean again (so long as they didn't come from a hacked exchange).
It is strange because exchanges themselves are usually threatened to be banned and fined in countries unless they send some data to said governments, but I think they are aware that most governments do not actually enforce the letter of the law for exchanges unless they get too big, which is why we hear about Binance getting banned every other month while smaller exchanges like FixedFloat fly under the radar.