Following our last post, we received numerous PMs.

We confirm that we will answer to everyone in the coming days, we need time to do the necessary checks.

We have responded to all the support tickets. Our ETH node issue is now resolved, and the transactions still pending will be processed as soon as possible.

The rewards have been distributed for the 4 domains that are already suspended.

TXID: 61792cf9a1cdedf9b0d4bc676741dcf3ba8c85ecfcab83e64e2a626d67b1d617


All activities have been reviewed carefully; some were not considered for various reasons (domain reported after suspension, domain name not present in the report, some confused the official domain with a phishing domain, some have never communicated their username and BTC address despite several reminders in this thread and emails from us and we did not have enough elements to link their emails to a Bitcointalk account, and so on). Some have done good reports but have not communicated their username, they can still contact us via PM if necessary.

We thank you for the work done, and we encourage you to continue the good work for the domains that are still online.

Friends, the Anti-Phishing campaign continues. We want to get these malicious domains suspended.


We guarantee that the rewards will be distributed accordingly to the conditions stipulated in the first message of this thread. The first payments will be distributed soon.

Reminder for those who have not yet done so (there are still 24 hours left):


We've sent an e-mail to those who haven't given us their username earlier today, this information is required to be eligible for the reward.

Yes, please PM me.


No problem to change the BTC address.

We invite users who have reported the suspended domains (.center, .cc, .live, .cash) to send us an email to support@exch.cx using the object "eXch Bitcointalk Campaign Participant Information - [YOUR_USERNAME]" including your bitcoin address in the email.
We ask you to send us this email from the same email address you used to make the reports.

---

Absolutely. By the way when he claims we're "scamming users affiliating eXch", it's wrong - it's because he tried to cheat our system 10+ times and got rejected because he did not provide proofs of affiliation. He just wanted cheap exchanges.


That claim is also false. We are a registered company and never hidden it from the public. Our company data is publicly available. eXch is a legitimate company.

Funny to see Anir0y frustrated to see this campaign suspending the phishing copies of eXch.

Don't feed that troll, 'karma' will take care of him sooner or later

(@Anir0y your recent PM is still in my inbox, if you remember your choice of words, you'll understand why it's pointless to try and keep lying here)

It seems many people forgot already, but we think it's worth to summarize the list of our past donations:

Date	Amount	Recipient	TXID
July 2023	5 ETH	Tor Project	0xb8a54c3468328af8782ab7bb313c376d4a89e5a54c2f74db451250f2fdeed461
November 2023	3 ETH	SimpleX Chat	0x21f0da3982926d693c915b30a8a138db48f469989bff3e9e6434916fa2d3783f
June 2024	31 ETH	Legal Defense Fund Tornado Cash developers	0x98bfc604c917ccc83d1a86b7af1542011a5aa54208dd110036e2c280a963a498
June 2024	1 BTC	DivestOS ROM developers	782153c2193b2801dfcdb9458ebc4125c033cfbe5ff554741e1857d37c079949
June 2024	1 BTC	SimpleX Chat	1c72e10a91f06979cd4c8d239ef548c10a1515573187c7f2d9a2229d1b5ffcee
August 2024	1 BTC	Thorchain developers	e21424bcd1e59735b5d4b43e70b59d1985e148411e6c197112207cd4c4524ea7
January 2025	0.555 BTC	Bisq Light Client Project	3fcebcf2043abbc4ad60cd0af1b085533ad6f1fe918b892ba408c60524fa367b
March 2025	0.7 BTC	Bisq Light Client Project	44232a707d69a27d449885f2d920c441980964e119fed61a2585c6913449f972
March 2025	2 BTC	MMGen multicurrency wallet	b97638e1c0de516e99689034fa303ca205b5dffbd67848beb3f01bf9b3829d59

This is to remind people like Marian Muller, Zachary Wolk (ZachXBT) and others who criticize us that our mission is based on genuine belief in open-source privacy and decentralization technologies. You couldn't expect such donations from other non-KYC instant exchanges nor the level of transparency we provide to our customers and the general public, always being honest and keeping our word.

Absolutely. We invite you to multiply your reports.

Also, for monero[.]forex and darknetbible[.]info, we invite you to add a screenshot of their respective page from Virustotal in your reports, to mention to the registrar that they are flagged as malicious/suspicious by threat intelligence providers.

Again, we would also like to add that the most motivated and active members will receive nice bonuses.

We possess more than 50 domains in different zones for exch.* in our Namecheap account since the day exch.cx was purchased. It didn't prevent phishers from finding ways to buy other domains for typosquatting and other kinds of attacks.

It's worth mentioning that exch.cx became indexed for the "exch" request only after eXch appeared on mainstream media channels, despite having very high popularity on Bitcointalk for a constant 3 years before that. Bitcointalk is not being indexed well by the search engines for some reason, and some categories are even shadowbanned on purpose.

Additionally, the most common scam propagation vector turned out to be phishing domains in Tor search engines and mentions by darknetbible[.]info and monero[.]forex rather than other types of phishing. Thus, it's clear that just purchasing domain names wouldn't prevent successful phishing attacks, nor can many attacks be prevented by the target project either.

There is a whole industry of so-called white hats that pretend to "make this space safer"; however, we have never seen any of them reporting eXch phishing domains.


Please specify what you would like to have clarified. We find the original wording clear enough already.


If there are stablecoins that (1) don't contain backdoors in their smart contracts allowing seizing users assets directly AND (2) are reliable, then yes. Up to this date, we are not aware of any besides DAI; however, we are always glad to have users send recommendations and suggestions to us, so feel free to do so.


There are a lot more issues than just court orders, and they seem to be the least of the problems we have at this moment. The actual problem, if you followed our past announcements, is a group of malicious people pretending to be security researchers, attacking our exchange with defamation and trying to convince U.S. and EU agencies to take action against us. If you haven't yet, please read our past announcements to get more into this subject.


We take the side of the MMGen project creator on this question and agree that gmaxwell has overstepped his authority. Greg's post was highly exaggerated, as he tried to use his influence to cast a shadow on MMGen just because the guy was advertising it on IRC, and besides some minor incoherence in his statements on the README that were corrected right after receiving the critique from gmaxwell.

It's always worth mentioning that we also use IRC and have observed unfair behavior by Greg there regarding others a few times. Thus, despite his great contributions to Bitcoin and almost undebatable reputation, it's always good to do your own research before relying on any opinion.

We have reviewed the code of MMGen and see no reasons not to trust/use this project. We are also going to make use of it in our open-source project that will be released on GitHub, which will allow creating and operating exchanges like eXch without coding experience.


Yes, it affected our address score, thanks to targeted organized defamation attacks on us by a group of nefarious individuals pretending to be blockchain security researchers.

On Elliptic, TRM, Chainalysis and other reasonably reliable platforms, our Ethereum address score has changed from medium risk to high risk; however, it maintains the tag "eXch.cx" with a category of "Exchanges."

However, there was yet another factor: targeted attacks by malicious AML platforms such as AMLBot (aka PureFi), which attributed a false "stolen coins 100%" tag to our addresses even before the Bybit hack. However, the AMLBot's (PureFi's) score only affects users of: (1) WhiteBit, (2) Cryptomus, (3) Heleket, (4) Railgun (https://docs.railgun.org/wiki/assurance/private-proofs-of-innocence [PureFi aka AMLBot]), and (5) BestChange exchangers, because no other projects in this space currently use AMLBot for risk score monitoring.

Gladly, this won't be a problem anymore, since we have stopped sending ETH and BTC from our static addresses; thus, it won't be a problem for our users. We are only sending stablecoins from our static address on ETH; however, once we delist USDT and USDC, we will be able to operate on dynamic addresses for DAI too.


We have been contacted by many mainstream media journalists who asked us to confirm our statements via email.


Yes, however, it was not technically possible to satisfy their request because we had/have no Plaintiff's Bitcoin in our possession.


No.


We are not going to do that change, because the standard payment "address" for LN remains to be an invoice.

Lightning "addresses" is a non-standard part of the Lightning Network architecture that requires a wallet to make HTTP requests to get an invoice. Many users don't understand privacy risks associated with this protocol, since once a wallet makes a HTTP request to a server, their IP address becomes automatically exposed in case they are not behind a VPN or a Tor proxy/gateway.

We won't implement this specially because our server would require making GET requests to third-party HTTP servers, that are often behind Cloudflare and other Tor-hostile configurations, which may result into our HTTP client that operates through Tor to be rejected resulting into failed URL->invoice conversions.

All you need is just to ask for the normal invoice instead from your suppliers/friends in order to use it with eXch.

We'd like to emphasize that we need to focus our efforts on the domains listed.
We have updated some contacts:


Domains registered with Namecheap are difficult to get suspended, so feel free to call them, send to their headquarters a physical letter, or to mention/tag them on social networks. Any action can help.

Also this might increase motivation of the registrar to suspend these domains if they're marked as phishing by threat intelligence providers, so feel free to report the phishing domains to them too:


We would also like to add that the most motivated and active members will receive nice bonuses.

The refund has been made, TXID has been provided in the relevant support ticket. Thank you for your patience and for the feedback.

We would like to emphasize the importance of respecting the amount that the website requires you to send when it comes to non-zero LN invoices.
In the event a user ignores it, we consider it is not our responsibility to handle this kind of mistakes. eXch is the exchange which, to our knowledge, has the gentlest procedures when a user makes a mistake, but we can't afford to spend time on easily avoidable errors. In this particular case, we have done it only out of good will.

Yes, we update this list whenever necessary; exchanges have already been added and removed from the list since it was first published (e.g. ByBit and MEXC have recently been removed).

Hello Cricktor

It seems the spam filter in question is Proton Mail's itself, not ours. Proton Mail sometimes rejects outgoing emails for suspecting it might be a spam that their user sends.

We'll contact you privately in due time (before the rewards are distributed).

We know exactly what we are doing.



Don't take it wrong, but do you really think that a company puts so much money on the table without conducting real verification of the work done?
We can read everything, check everything, because to be able to claim the reward, we have to be in CC.

Reporting to the hoster isn't really interesting because it doesn't actually solve the problem. It's best to deal with the registrar. Moreover, when we look 'exch[.]cash' on whois we get:

Registrar: Tucows Domains Inc.
IANA ID: 69
Abuse Email: domainabuse@tucows.com
Abuse Phone: 416.535.0123x1283

Looks like Tucows are refusing to take responsibility and prefer not to act even though it's against their ToS.

(lol working for Tucows must be very comfortable, rare are the positions where you have your own work done by your users)

Indeed, the best thing to do is to give them the whois records.

Also you can communicate the link of our ANN on Bitcointalk: https://bitcointalk.org/index.php?topic=577207
There is also the ANN on Altcoinstalks: https://www.altcoinstalks.com/index.php?topic=312970.0

Thanks to all those who made the necessary reports to achieve quick results, these two domains (.cc and .center) are now suspended. The rewards will be distributed accordingly after 1 month of suspension as stipulated in the rules in the first post. We will contact you by email in due time.

Domain: exch.cc
Registered On: 2024-12-30
Expires On: 2025-12-30
Updated On: 2025-03-18
Status:
client delete prohibited
client hold
client renew prohibited
client transfer prohibited
client update prohibited

Domain: exch.center
Registered On: 2025-02-02
Expires On: 2026-02-02
Updated On: 2025-03-17
Status:
client delete prohibited
client hold
client renew prohibited
client transfer prohibited
client update prohibited

---

About Tucows answers:


Thank you for your feedback. These are excuse emails because they seem to tolerate phishing, which is contrary to what they state on their website.
As registrars, it is their responsibility to act and do what is necessary to suspend the domain.

It is not right to redirect you to the hoster, that is not the goal. You can answer them that they are required to act, moreover they say it themselves on their website:
Source: https://tucowsdomains.com/making-the-internet-better/

You can reply to them and remind them of their responsibilities (they must take actions and suspend domains that violate the registrar's ToS), do not hesitate to include the link mentioned above as well as this one: https://tucowsdomains.com/report-abuse/#phishing

PM sent