It's interesting how bloggers like ZachXBT are attempting to shift the focus manipulating their audience simply because they need someone to blame.

The narrative they're pushing aims to absolve ByBit of fault, desperately fingerpointing at others who are barely related to the situation, diverting attention from ByBit as the main subject of discussion.

This tactic allows people to quickly forget that the real culprits in this story are ByBit, which bears full responsibility for ignoring the persistent threats in the information security industry. Many reputable security research firms (obviously not those like CertiK...) have been warning the industry about DPRK techniques targeting employees of large centralized exchanges to trick them into revealing credentials or deploying malware. Given the known data on how ByBit's wallet was compromised, it could have been easily prevented by simply educating their IT staff with access to critical infrastructure on the basics of information security. Clearly, this education was lacking, as evidenced by how easily they were deceived into providing credentials from ByBit's critical infrastructure to a phishing domain.

The whitehat community on Twitter/X seems reluctant to highlight ByBit's fault, instead opting to blame others, which comes across as a mix of frustration and desperation. Additionally, given that amateur whitehats like ZachXBT lack the sufficient technical training to investigate hacks thoroughly, their only effective tool becomes on-chain tracing of stolen funds that does not require one to become an IT security expert.

It's also crucial to remember that individuals like ZachXBT and Tayvano are themselves victims of significant hacks in the past, which renders them vulnerable and explains their subsequent focus on on-chain tracing, albeit with a victim mentality. For instance, very few in this community recognize that the Atomic Wallet hack is largely attributable to Tayvano (a close friend of ZachXBT), yet many still agree with and sympathize with her toxic behavior, as constantly evidenced by the lengthy and profane rants on her Twitter/X account.
From a practical psychology perspective, the tendency of ZachXBT and Tayvano to project their past faults onto others and to focus their lives on Twitter/X posts that blame others may reflect underlying psychological issues, such as unresolved trauma. This behavior can be indicative of a coping mechanism where individuals deflect their own insecurities and failures by criticizing others, allowing them to avoid confronting their own shortcomings.

I was somewhat of a supporter of ZachXBT in the past, having donated to him on several occasions, but in light of recent events where he desperately blames eXch with falsified facts, I have to reconsider my opinion of him.

Is there any particular reason you decided to plagiarize the eXch thread (https://bitcointalk.org/index.php?topic=577207) to create your announcement? It looks like you just copy-pasted their thread and slightly modified some lines without even making a minimal effort to write your own stuff. It is called paraphrasing plagiarism and this really takes all credibility away from you, independently of what you advertise here.

Do you want to say that services (FixedFloat and Changelly) who are (i) obscure about their companies, (ii) have already scammed hundreds of their users for significant amounts and (iii) have worst reputation around here, are better than honest services like eXch? This at most doesn't sound reasonable.

What also confuses me in your post is that you accusing other non-KYC service (eXch) of laundering illegal funds, meanwhile using Binance and WhiteBit who are also involved in illegal activities. FixedFloat and Changelly also laundered illegal funds many times and there are many numerous media posts about that. Here are some facts for you:

Binance was actually prosecuted criminally for money laundering and this information is public (https://www.documentcloud.org/documents/24173394-binance-vs-usa-indictment?responsive=1&title=1), meanwhile eXch was never carged criminally for such, so I doubt you have evidence for the accusation you just tried to insinuate.

WhiteBit does deliberate wash trading without even trying to hide it, by printing and artificially pumping their WBT token. There will be criminal charges for WhiteBit incriminated soon or later, just like for these 18 individuals and entities recently: https://www.justice.gov/usao-ma/pr/eighteen-individuals-and-entities-charged-international-operation-targeting-widespread

FixedFloat and Changelly (a.k.a. ChangeNow) involved many times in laundering illegal funds. Some cited by paid2 above.

Now, everything the service you unfairly accused of laundering illegal funds does, is processes crypto transactions without asking for KYC, which is a correct mode of operation for most crypto-crypto exchanges located outside countries with pseudo crypto regulations. And again, what your service and other services you said are "better than eXch" do is absolutely the same eXch does, only with additional applying of AML/KYC terms aiming to rob their users from time to time. Those companies also never provided information about their companies meaning they do not possess any. Users who tried to sue them in attempt to return their illegally held funds were unable to do so because FixedFloat and Changelly do not have legally registered entities on their behalf, operating illegally. Those companies are a definition of fraud, but eXch is certainly not.


There are tiny sounds of envy in your tone in that message, making me think you are trying to accuse eXch of not being honest about their daily volume, after your first accusation of them laundering illegal funds was debunked. First of all, the problem here is that the more you try to ridiculize other projects, the more ridiculous you look yourself, specially when using these multiple smilie strokes making you look like a mentally unstable person, which is not a good look for a service operator who is representing their service on a public discussion board.

If you have doubts about it then I am glad to inform you and actually assure you they have ways to prove it (they provide proof of reserves as well as proof of volume by request), but just because you are jealous about it and can't achieve same results due to your bad business model and poor marketing, doesn't mean they fake it. And just to support that, I once made a 9k XMR backorder on eXch and it was executed same day, so I have no doubts that volume is real, given also their BTC and ETH addresses indicate similar daily volumes that can't be faked since they're on-chain.

Also, there is a reason they have an attributed on-chain entity like one attributed by Arkham https://platform.arkhamintelligence.com/explorer/entity/exch which certainly suggests they are taken seriously by chain analysis circles because their daily aggregation volumes on ETH and BTC on their public addresses sometimes are far superior to 20k XMR.

Who actually shouldn't be trusted the daily volume statistics publication is your "holy" partner WhiteBit, who does wash trading with their WBT token and fools everyone around.

Also please refrain from double-posting as it's against forum rules.

The projects Exolix, Swapuz, Swapter and LetsExchange that belong to the same circle of NowPayments shady entities and most probably to you yourself along with your other project SimpleSwap, are also quite a temporary situation, just like those 47 exchanges that were seized earlier and that also had absolutely same AML/KYC policies like your exchangers you promote here.

The point you are trying to defend here, mistakenly assuming that implementing basic AML/KYC screening and seizing funds will somehow exclude you from being investigated by law enforcement in future, is already a common fallacy, since even major CEX with fully implemented companies and licenses are often subjects of money laundering charges with those being sound examples:

- Binance and KuCoin recently investigated for money laundering
- 47 BestChange-affiliated exchangers that had AML/KYC policies (same as your projects) charged and seized for wrongly implemented AML/KYC policies
- Other exchangers (like BitPapa and NetEx24) that also had AML/KYC policies charged and seized for thinking if they lie about AML/KYC terms on their website it would help them to avoid charges

Your idea of being "Non-KYC but scamming your users for dirty funds" is absolutely no better than being just "Non-KYC and honest", since by the end of day, your exchangers will face same risks as any non-KYC exchanges that don't implement risk screening and funds confiscation (scam) policies.

I would argue that actually your set of websites has even more risks of being stopped by law enforcement than other anonymous websites that do not seize user funds, because projects like Exolix actually have no registered company on their behalf that would allow them to seize user funds (till now there is absolutely no evidence of any of websites you promote having a registered company).

AML/KYC policies can be only properly implemented with having a registered company, which is something that none of your projects have, so actually you trying to play police makes it only worse for yourself.


This information can be obtained from relevant industry and business regulators, not necessarily from open sources.

---

By the way, I have a suggestion in regards to your company GAVAL & Partners, s.r.o. registered in 2008 in Czech Republic (https://apl.czso.cz/res/detail?ico=28458524).

You probably should consider changing your main business activity type from civil construction to something related to financial services.

Also, I would like to bring everyone's attention to this specific line from the official CZ business registry about SwapSphera's company:

"Institucionální sektor dle ESA2010: 11003 - Nefinanční podniky pod zahraniční kontrolou" ("Institutional sector according to ESA2010: 11003 - non-financial companies under foreign inspection")

This means that SwapSphera's legal entity has no permission to operate in financial industry at this moment.

The Bestchange link in OP contains a lot of scam accusations across many review pages indicating Quickex have confiscated money from users without returning them, which means they have scammed some of their users.

Quickex have also failed to provide any proof of them having a registered company in Seychelles up to this date. The company they expose on their website named Angel Ventures Limited with a registration number 238203 does not exist in Seychelles. There is my reply in their thread asking them to provide any proof of existence of their company, which they have failed to do: https://bitcointalk.org/index.php?topic=5503896.60

An exchanger that lies about existence of its company is not only performing a prosecutable criminal act, but also should be considered scam/fraud, given they "confiscate" (or simply steal) money from its users without having any legal right for doing so. Any existent AML/KYC regulations do not apply to anonymous entities like this exchanger, because without a properly implemented company they can't really comply with any AML/KYC regulations (a proof of this can be found here https://bitcointalk.org/index.php?topic=5509747).

But your company Angel Ventures Limited with a registration number 238203 does not exist in Seychelles.

I have checked for your company existence both through public resources and corporate Seychelles registration brokers who have access to SC internal registry information, unfortunately (for you) there are no indications of existence of your company, so I am not sure why are you trying to lie to the public.

I don't trust Bestchange nor consider it as an authority for their past years history of anti-Bitcoin stance that have proven to be misleading given that their affiliated exchangers continue to be arrested and charged for money laundering, independently of them having AML/KYC terms. Also I wonder how, according to your words, Bestchange was able to verify a non-existent company, unless you have lied both to them and the public and made them verify some other company that you never mentioned publicly.

Given all the arguments above, I kindly ask you to provide your business registration certificate here, which, again, should not be a privacy issue for you since a SC business registration certificate does not contain any personal data.

Hope to hear from you again!

What is your relation to SwapGate (https://bitcointalk.org/index.php?topic=5502825) and why are you using the same company that SwapGate "put by mistake" in the past?

From https://quickex.io/docs/terms-of-use: "Quickex is owned by Angel Ventures Limited, registration number 238203. Registration address: Suite 3, First Floor, La Ciotat Buidling, Mont Fleuri, Mahe, Republic of Seychelles."



From SwapGate's old ToS before its correction after my post (https://bitcointalk.org/index.php?topic=5502825.msg64395872#msg64395872):



Also, how you could explain that according to the Seychelles business registry search (https://www.registry.gov.sc/BizRegistration/WebSearchBusiness.aspx) your company does not seem to exist?

Could you please publish a digital copy of your company's business registration certificate in order to prove that company exists? Note that you should have no issues with doing so, because a Seychelles business certificate does not contain any personal data, therefore if you refuse to do so, you are most probably trying to lie about that company, which might expose you as a fraudulent actor.

Note also that operating as a non-existent company is a prosecutable criminal act.

Press release on BKA website: https://www.bka.de/DE/Presse/Listenseite_Pressemitteilungen/2024/Presse2024/240919_PM_finalexchange.html

The funny part is prosecutors saying the platforms allowed users to exchange cryptocurrencies without following applicable KYC regulations while all of them pretended to have strict AML/KYC policies on their sites which allowed them to scam their users for many years by seizing coins due to high risk scores. This is why I always recommended to many of such to stop doing so (both on this forum and directly), because independently of the shiny AML/KYC policies written on their websites they're still operating illegally due to lack of company registration and/or appropriate license. All of them used AMLBot and most of them were WhiteBIT resellers.

At least 5 of these websites when I used them in the past seized my BTC from coinjoins due to high risk scoring by the platform they use (AMLBot), with Bestchange supporting their decision to not return coins to me when I complained there. Not significant amounts but I still considered them scammers.

All of their reps and Bestchange admin personally were for years convincing the general public that all these exchangers are following FATF and FATCA rules (that never really applied to any of them), which seemed to be proven otherwise by BKA.

This is yet another lesson for Bestchange and their affiliates that pretending to have AML/KYC and being enemy of Bitcoin promoting dirty/clean coin separation while operating anonymous websites isn't a very good business model. You are either being honest with everyone or you just better don't do business at all. Simple.

---

On additional note, one of them even has official thread: EasySwap.biz - fresh exchange format

Here are some old screenshots from Bestchange with user complaints (in russian) of Xchange[.]cash, Bankcomat[.]com, Prostocash[.]com, YChanger[.]org illegally seizing funds that eventually were switched from red to neutral by Bestchange:



If you open each Bestchange review page of almost any exchanger from BKA's list, you will find a lot more of these.

Swapuz is a known ChangeNOW reseller that also operate another website called Exolix (which also resells ChangeNOW).

Here is a link to the Swapuz ToS page from 2022.02.13 - https://web.archive.org/web/20220213142831/swapuz.com/assets/index.223d937f.js - search for "Exolix"

In fact both Swapuz and Exolix were listed by KycNotMe back in time till someone reported this "incident" directly to KycNotMe admin, which resulted into immediate delisting of Swapuz from KycNotMe.

However, up to this date, both Swapuz and Exolix reps still continue to lie to general public pretending that these websites do not have any relation between them, even that they were busted due to such a rookie mistake back in time.

Till both Swapuz and Exolix start to admit they have a direct relation between them, it's better to avoid them as a dishonest project.

There was also an interesting thread (https://bitcointalk.org/index.php?topic=5499189) that is now unfortunately unaccessible even to registered users investigating ChangeNOW company and its project circle operated with forged documents which mentioned Exolix as a part of their circle, which also leaves a lot of unanswered questions about Exolix (aka Swapuz).

Also given ChangeNOW's extremely bad reputation around this forum, it would be logical for them to sell their platform under many different names, therefore, again, be very careful with these exchangers.

Since you are enforcing AML/KYC terms on your exchanger, I kindly ask you to share your business registration certificate.

For your information, only registered businesses are required to enforce AML/KYC policies (and not in all jurisdictions) to exchange cryptocurrency.

It's essential, for transparency reasons, that your customers know what company they will provide their data to in case you ask them for KYC, as well for litigation purposes in case some user disagrees with you and wants to process you in the court, which would be a normal procedure if you have any legal status.

Right now you have a status of an anonymous entity without a business registration that has absolutely no reasons to enforce AML/KYC policies.

You can prove the otherwise by providing your business certificate, but till you didn't so, you have to stop pretending you have any legal obligations for such procedures, as it's unacceptable a company pretends to legal status possession meanwhile playing hide and seek with their customers which automatically makes you suspicious (a good example of such exchangers is a hacked twice FixedFloat, that up to the date stole lots of crypto from their users but never disclosed their company identity* so users couldn't process them).

* because don't have and never had it.

After my last post, the SwapGate operator made some corrections to their ToS removing the wrongly copy-pasted company name and address and replacing it with the "correct" one, however, it seems that every time their team make corrections they only make it worse.

This time I won't indicate what's wrong and provide these screenshots to the general public without any guidance or comments just to check whether the SwapGate team possesses any minimal competence to make corrections themselves:





But this is not the worst, yet... Somebody who works for an authorized Seychelles company formation agency has informed me that SoftHold Solution Limited is a company that was dissolved many years ago and I recommend to not trust this exchanger till they can provide their up-to-date business certificate that can be verified with official registry of Seychelles to the general public - potential customers who have a right to know what company they are dealing with.

Your "Seychelles" company seems more like a random guy working online in Chelyabinsk and I urge you to stop trying to lie on this forum as soon as possible.

A single lie can be forgiven, but constant lies isn't a good representation of a project at all.

So the above quote of yours from the OP is absolutely misleading based on your another reply above:


1. "CG" (or CoinGecko) is not a security audit firm.
2. Cer.live is the only low-tier audit firm you have used which did not any internal security audit of your exchange, only external, therefore it can't be described as "rigorous"
3. You have lied by saying that Bitcointry has undergone rigorous audits by leading security companies, given that "Cer.live" is the only security company that made a dubious audit for you. Why did you use a plural sentence?

This is why it is absolutely not recommendable using ChatGPT to generate announcement thread texts on this forum, since this was what you did.

I've just tested this exchanger and have a few suggestions to its operator.

My 5 LTC to ETH order was executed in approximately 30 minutes which is not bad given that the exchange was made through a third-party centralized exchange Binance.

I have sent my LTC to Godex in https://litecoinblockexplorer.net/tx/7060afed8f0e350c5d1deee313701c5d5f57f0795a2658db72dc7399c512356d and received ETH from Binance in https://etherscan.io/tx/0xb349cc6119aab92f8e9c1d63a922a6aa7403667ab8341c3ac14cfb88e2a2ec74



Given that Godex.io are Binance resellers, which is an irrefutable fact because (1) it's not my first time using them and they used Binance back in 2022 and (2) at this moment they still recur to Binance even for such insignificant amounts as 5 LTC, Binance's AML and ToS apply to all Godex.io customers.

It could happen that Binance may freeze a Godex.io's customer deposit and ask for KYC and source of funds, since as seen on my screenshot, Godex.io sent my funds to Binance's LTC aggregation address LcpghLVryKAJLqh81by8cy7WNi9DUsVtHy (I have confirmed it through an blockchain investigation platform I have subscription on) before exchange was complete, which means they had to send my funds to Binance in order to get the other coin in exchange, which is proven by the payout transaction I mentioned above that also comes from Binance's Ethereum address.

I would strongly recommend Godex.io operator to update their ToS warning users about possible risks of funds suspension by Binance and refer to Binance's AML policies.

However I can tell from my own experience that if you exchange amounts below 0.5 BTC at Binance, the risk is minimal independently of your funds source, and the worst they can do is to suspend account's withdrawals, which might affect the Godex's KYCed account there.

Another thing I found a bit inconvenient is the misleading order's "Confirmation" page (shown on the screenshot above) that shows the deposit's status as "confirming by the network" meanwhile they exchange the coins on Binance. I would suggest to update the order's status to show the actual information like "We are exchanging your funds at Binance".

No, they are not.

You should remember that your statements on this forum demonstrate your competence/knowledge on various subjects publicly, but you have already failed on this particular one (AML) demonstrating you got no knowledge on this matter at all.

Let's start with the fact that "international AML rules" (that are not "rules" by the way) apply mostly to financial services that transact fiat, since crypto-to-crypto got no defined international framework yet.

If you refer as "international AML rules" to the recent U.S. regulations that describe services like mixers as illegal, then you are misuing the word "international", because having some regulations implemented by U.S. doesn't make them "international". These are local regulations applicable to U.S. territories that are regulated under U.S. laws only.

Or if you refer as "international AML rules" to FATF "recommendations" (note the word recommendations) - I must inform you that FATF got no framework that would apply to crypto-to-crypto transactions. These, again, are related to fiat-to-fiat or crypto-to-fiat transactions only. And again, these are only recommendations and by no way are laws, regulations or "rules".

It's clear that there is no such thing as "international AML rules" exists when you refer to crypto. Just to inform you that misinterpretations of AML regulations is quite a common fenomena among russian speaking communities that you come from, therefore I recommend to research and study things by yourself and not to listen to fearmongering rumors that Bestchange admin and his WhiteBit reseller circle orchestrated by the AMLBot team tell you.

Another important thing that you are missing here is that by no way YOUR particular service has to follow any kind of "AML rules", since you are not a registered entity at all, to start with. And if you are, then please provide the following details about business:

- Your official company name

- Jurisdiction (country) your company is registered with

- Your company papers or registration certificate with personal information redacted

- Your money transmitter license that would clearly make you required to follow some AML regulations, depending on the country your business is registered in and countries you allow customers from

- Some of your hot wallet addresses that would confirm that you own reserves you offer to exchange on your website

If you got none of the above, you clearly got nothing to do with any national or international AML regulations at all.

As an anonymous entity operating an anonymous website, you should actually mention and provide information on the services you resell in your ToS and also mention their risk screening policies, since these are the only policies that might apply to you and your customers. And don't ever try to sound smart again if you got no clue about things you are talking about.

I've just tested your service for exchanging 100 LTC (which was the minimum order for some reason) to ETH and got some questions.

1. Is your name company is SoftHold Solution Limited with the Seychelles company number 239846 or Angel Ventures Limited with the Seychelles company number 238023?

Your ToS page at https://swapgate.io/terms-and-conditions says that "Swapgate belongs to: Angel Ventures Limited Registry code: 238023. Register address: Suite 3, First Floor, La Ciotat Buidling, Mont Fleuri, Mahe, Seychelles.", while your footer says you are SoftHold Solution Limited All rights reserved. SoftHold Solution Limited, Suite 3, 1»t Floor, La Ciotat Building, Mont Fleuri, Mahe, Seychelles, IBC No. 239846.

2. Could you publish your company registration papers or company registration certificate with all the personal info redacted?

I have tried to find both of these companies in Seychelles Business Registry finder at https://www.registry.gov.sc/BizRegistration/WebSearchBusiness.aspx and found none of them.

3. You are a WhiteBIT exchange reseller! Could you please specify that in your ToS page? I know your order page indicates your rates are based on WhiteBIT's rates, but it doesn't indicate the exchange is performed through WhiteBIT.

I've sent 100 LTC in https://litecoinblockexplorer.net/tx/f38902fb4a48af195bd0e27cf64c3256a4dd8ab020a146b01401645f1b0ffe63 and got 2.30402639 ETH in https://etherscan.io/tx/0x3b0ee82e79274430f1224831d62d6a0b5fd613d8a35b0d7e409b388483fc4c48 from the WhiteBIT exchange.

You are using a KYC'ed account at WhiteBIT to perform exchange operations since you got no own liquidity.

4. Could you please specify what AML screening provider you use?

5. Why do you have such high order amount minimums?

To conclude, it would be nice if you were a bit more transparent with your customers about you having no company in Seychelles and your operation being based on reselling WhiteBIT.

Screenshots:

By that, do you mean that you guys use the risk screening service called "AMLBot" for deposit verification or that your website has written AML terms, a bot and KYC?

If it's the former then I must inform you that you have pretty bad standards, since AMLBot is the worst and inaccurate ever service for this purpose that has to recur to other AML providers because they have no databases of good quality (PureFi = AMLBot). For the bare-minimum industry standard you might have to use at least something enterprise-grade like Crystal Blockchain or TRM, otherwise you risk to receive biased and inaccurate data from your current provider.

Also not sure since when KYC is a standard. Is that just because somebody told you so?

Why creating a website just to ruin it with misconfigured default Cloudflare security settings not appropriate for majority of websites on the Internet?

Even Talkimg has no issues with Tor exit IPs thus I doubt your website will be any useful to people who value their privacy.

Definitely not news to me, but I appreciate your effort to compile the information into this format. ChangeNow trying to deny their association with Changelly and their corrupt project SwapZone (and many others) was becoming bolder and bolder every time lately with people unable to demonstrate solid proofs in a proper format, which will be possible now thanks to your report.

Hopefully you will be able to launch the website (changellyscam.net) in the next days and keep it online.

You have literally just mentioned one same exchange and its direct resellers and here is why mentioning them is a worst example ever:

1. ChangeNow and Changelly are operated by the same actors that have a huge track record of selective scamming.

2. ChangeHero and StealthEX are ChangeNow's API resellers.

3. None of them has a money transmitter license nor any regulatory approval.

Since you don't even have a company registered and operate anonymously, there is no reason for you to even try being compliant. Not even mentioning that asking KYC from your customers while not being a registered entity is unlawful.

Meanwhile, in a process of writing of this message, I decided to check what service you resell (since it's extremely easy given you operate with Ethereum) and created an order on your service. After the order completion, I have received coins from Gate.io in this transaction ID: https://etherscan.io/tx/0x089a801a71a8e9350eda4f92617d47d4629d29bf7cc2747e7d0b0cf55b2b5619



You should actually update your service description and ToS to mention the fact you don't represent your own liquidity and instead resell a third-party exchange Gate.io and rely on their AML/KYC policies to avoid misleading people.

There are some already and one of them even has an older thread on thie forum.