BTC: bc1qv0klzuy8y50sq3u44dv96u5fyxdwz7pv08hxrd
ETH: 0x883a0cb1ffc22beec2840ec8650d3d297c05aaa4
XMR: 82r6JAbRCELbv11DBrfC29HsiXHQMe1QEZW3HYzhSTinhpSJTniVxPai2XFHCKfaiCMASm37EJeZq6vvE3U1B72M81Z4AW9
Is the refund address the same as the return address when a user is not going to send all btc? For example, I have 0.1 BTC but I was only planning to trade 0.08, the 0.02 will go to the refund address of my choosing?
Is the refund address the same as the return address when a user is not going to send all btc? For example, I have 0.1 BTC but I was only planning to trade 0.08, the 0.02 will go to the refund address of my choosing?
Great to see guys from eXch are in this forum 8)
This is one of the best centralized exchanges without kyc right now!
I know you have been working hard on adding support for more assets on your exchange with Thor chain, but maybe you can consider another one.
Adding Lightning was cool but I think that adding Liquid Network assets (L-BTC, L-USDT) would work great in combination with LN, Bitcoin and monero.
I would use this more than stable coins on ethereum, especially when fees are high.
WARNING: There is an ongoing attack on XMR by Binance, faking its price on purpose in an attempt to release CZ from being a hostage of the U.S. jurisdiction. These are key facts indicating that the current XMR price is fake everywhere confirmed by our data analysts:We currently have an automatic algorithm adjusting our service fee on XMR pairs accordingly to the external XMR price tickers in order to protect our capital and prevent usage of our platform for arbitration purposes.
- Binance has no real trading volume on XMR pairs left but is still pushing significant changes to their price tickers. Note: any centralized exchange can "draw" their order book and put whatever data they want, because nothing of it can be verified. The only exchange with a verifiable order book is Bisq.
- CoinMarketCap - the major exchange data aggregator used as a price ticker by at least 50% of the crypto projects belongs to Binance, therefore it obviously contributes to broadcasting of the misleading price data.
- Other major exchanges such as Kraken correlate their price based on Binance and CMC price data movement and are always behind the actual drastic movements with some delay. This is only because Binance is trusted as a major exchange.
I appreciate the fact that eXch is involved (I mean they don't just swap coins, they investigate etc..) and communicates transparently with its users.
For example, in the recent (and still relevent) case of Binance's manipulation of the Monero price, they published this statement on their website:
QuoteWARNING: There is an ongoing attack on XMR by Binance, faking its price on purpose in an attempt to release CZ from being a hostage of the U.S. jurisdiction. These are key facts indicating that the current XMR price is fake everywhere confirmed by our data analysts:We currently have an automatic algorithm adjusting our service fee on XMR pairs accordingly to the external XMR price tickers in order to protect our capital and prevent usage of our platform for arbitration purposes.
- Binance has no real trading volume on XMR pairs left but is still pushing significant changes to their price tickers. Note: any centralized exchange can "draw" their order book and put whatever data they want, because nothing of it can be verified. The only exchange with a verifiable order book is Bisq.
- CoinMarketCap - the major exchange data aggregator used as a price ticker by at least 50% of the crypto projects belongs to Binance, therefore it obviously contributes to broadcasting of the misleading price data.
- Other major exchanges such as Kraken correlate their price based on Binance and CMC price data movement and are always behind the actual drastic movements with some delay. This is only because Binance is trusted as a major exchange.
Looks like they are running out of USDT. People are converting their BTC/Eth to USDT
Only 18 USDT left
Looks like they are running out of USDT. People are converting their BTC/Eth to USDT
Only 18 USDT left
Yeah volumes on the last 24h were 288299.041901 USDT, which is pretty high.
One more reason to use DAI instead of USDT, which is a far better stablecoin imo.
I am not sure how much this is related to the stability of a currency, it is about current reserves exch. Just an indicator that there were more Bitcoin sales than purchases.
At least it seems to me that many saw the current pump as temporary and wanted to sell Bitcoin and Eth high.
Looks like they are running out of USDT. People are converting their BTC/Eth to USDT
Only 18 USDT left
Yeah volumes on the last 24h were 288299.041901 USDT, which is pretty high
Looks like they are running out of USDT. People are converting their BTC/Eth to USDTPeople are trading and trying to make profits, but anyone who used eXch knows that this is only temporary.
ALERT! PHISHING!
We have found that a known .onion directory "dark.fail" currently lists an URL impersonating our service.
The domain "SWP[dot]CX" has been registered less than 30 days ago and somehow managed to get listed by DARK.FAIL - a popular .onion URL monitor that only lists well-known and reputable resources (perhaps not anymore).
This is an unusual phishing attempt when the scammer has ripped off our original design and HTML template assets used by us in the past along with our current template performing a slight "rebranding". Meanwhile it's still a confirmed phishing since this website got to our knowledge from some scammed user who thought it was our original website and explained to us how they found it.
As a preventive measure we have decided to use the same background image that was in our assets some years ago which the current scammer also uses, as well as restoring our previous "light" text-only logo version, which the scammer is also trying to impersonate.
Our current website design changes will remain while we are dealing with that scammer and till the situation is resolved.
However, during investigation of this issue we have also got very interesting findings where we were able to trace back this domain to someone who have made the first ever eXch phishing vanity-generated .onion domain and managed to scam a few of our users in the past, that caused the phishing alert at our original .onion domain: hszyoqnysrl7lpyfms2o5xonhelz2qrz36zrogi2jhnzvpxdzbvzimqd[dot]onion (WARNING: THE LINK ON THE LEFT IS A PHISHING LINK FOR DEMONSTRATION PURPOSES ONLY - DO NOT USE)
We were able to find hszyoqnysrl7...onion on some Tor listing directories earlier that we have managed to wipe by contacting admins of such resources directly, which apparently worked because we stopped receiving complaints of scammed users who accidently used phishing links.
However it seems this actor has returned under a new "brand", since after performing some brief OSINT we have found that the only other place on the Internet where both SWP[dot]CX and hszyoqnysrl7...onion are listed are here: github[dot]com/tarpetra/welcome-to-darknet (WARNING: THE LINK ON THE LEFT IS A MALICIOUS GITHUB REPO FOR DEMONSTRATION PURPOSES ONLY - DO NOT USE)
What's even more interesting is that the username tarpetra behind that Github repo have managed to get ~1500 Github stars by supposedly using bots/fake accounts to create visibility and the fact he/she lists both scam resources (SWP[dot]CX and hszyoqnysrl7...onion) confirms that he/she is the operator of both resources (main indicator here is how recent SWP[dot]CX is and how fast it was added to a repo with "1500" [fake] stars)
We have tried to contact the DARK.FAIL admin regarding this incident but got no reply and hope other concerned users will have better luck on that in case they want to try.
We also suspect that DARK.FAIL admin might be involved in this scam scheme because we don't believe that such an experienced Tor user might have overlooked our service and .onion, since our actual onion link hszyoqwrcp7cxlxnqmovp6vjvmnwj33g4wviuxqzq47emieaxjaperyd.onion is listed at least on the following popular resources: kycnot.me, monerica.com, tor.taxi, darknet-bible[.]net, darknetdaily[.]net, darkweblink[.]com
Another few important points:
- the scammer is reverse-proxying their domain via Cloudflare - something that eXch would never do, since we genuinely care about customers privacy.
- the scammer is using a third-party email provider (Protonmail) as their email server - something that eXch would never do, since we genuinely care about customers privacy.
This was an important announcement to make today but there is still work ongoing which we will update on during next days, depending on how long this issue will persist.
P.S. will communicate on other subjects later since this announcement had to be prioritized.
UPDATE:
We have managed to obtain ultimate confirmation that the SWP[dot]CX website belongs to and operated by the person behind the malicious Github repo containing phishing links to popular services.
We have compared server headers of the HSv3 addresses linked on the clearnet version of SWP[dot]CX (uicrmrl3...onion) and Github repo one (uicrmrtwpfy4y5...onion) and both domains appeared to be served by the same web-server.
There are at least 8 identical headers including "LINK" one containing the persistent data "</assets/application-a378fdd15ea888387175a4e8c29abafb78057f4adeb418ea46d9dc6b7438e2c0.css>;" and another one containing the same ETAG between 2 different hosts indicating that it's the same server responding on both domains. Anyone can replicate this and confirm themselves. We have also managed to find the real IP address behind the Cloudflare. Further work still in course.
UPDATE #2:
Turned out this scammer has created some considerable "ecosystem" of phishing cross-referencing system that apparently works very well in terms of SEO.
Just by googling the vanity-generated .onion they had for us, you will be able to find at least 7 other sites that appear like "legitimate" directories of .onion URLs representing dedicated phishing sites carefully built for each separate project.
We don't want their server shutdown yet because we are curious about their domain registrar's stance on this matter (sarek.fi / [email protected]) as well as DARK.FAIL's admin stance to understand the level of their involvement into this scheme. Given that today is a celebration day approximating a weekend, we'll give them 48 hours to answer before proceeding with action.
UPDATE #3:
Following up with the investigation, we have found there is a big probability of https://anir0y.in (https://anir0y.in) being a real scammer's personal website exposing himself as Animesh Roy from India, based on one of his blog posts named "Blog Tor Darknet Links" where he claims that "all the sites listed have been verified by DarkNetEye as being legitimate operations", where he links to some fake DarkNetEye copy with a domain registered only a few months ago, which on purpose provides phishing links of at least 3 known services mixed with other links that are valid onions of some other services.
- That list from both his blog and that fake DarkNetEye copy targets 3 specific legitimate resources related to crypto swaps and mixing with phishing: eXch, Majestic Bank and Coinomize mixer.
- The list provides a valid onion link to Infinity Exchanger which also raises another question - is Infinity is behind that or he listed it just to setup Infinity to look behind that in case all this scheme is exposed (which is happening right now), since we already know that the person behind this scam scheme is quite smart.
- All other links on the list are valid links.
The reason why we believe Animesh Roy might be behind all this is that in his blog post he lists at least 3 malicious resources in the same way they are advertised on other websites that make part of his quite sophisticated phishing infrastructure that targets eXch, Majestic Bank and Coinomize mixer:Code: [Select]httpx://github[dot]com/tarpetra/welcome-to-darknet - a repo with constant commit poisoning to simulate activity and bot-starred reputation containing phishing links
httpx://github[dot]com/vtempest/dark-web - fake darkneteye repo
httpx://darkneteye[dot]com - fake darkneteye site
httpx://dark[dot]taxi - a project pretending to be like tor.taxi and dark.fail but almost every single link there is phish
httpx://darknetmarketlinks.net - same as above
httpx://tor2doormarket[dot]io - a "tutorial" on how to use darknet with a "friendly" recommendation of eXch linking to the phishing (also in its FAQ page). Also at the footer there is a mix of legit links mixed with his own projects like dark[dot]taxi to confuse people and search engines
httpx://royalmarket[dot]org - a "tutorial" on how to use darknet with a "friendly" recommendation of eXch linking to the phishing
All 5 domains (or 6 including SWP[dot]CX) above are registered with Sarek.fi (aka Njalla). Sarek resells Tucows for domain zones unreachable for him directly (I say "him" because Njalla is a one-man operation by Peter Sunde) so you might see WHOIS of those on Tucows to show KN as a country of registrant and the company named "1337 services" which is Njalla aka Sarek.
Abuse mail boxes to report all domains: [email protected], [email protected] (except for SWP[dot]CX)
We invite everyone to contribute by emailing abuse reports to the above mailboxes. Additionally, in case you got a Github account, you can also contribute by reporting 2 repos mentioned above.
https://i.gifer.com/B6NA.mp4 (https://i.gifer.com/B6NA.mp4)
I think it could be nice to paste here a message from eXch (posted on Bitcointalk) as it is related to some phishing attempts (be careful!)This is not the first phishing attack with fake eXch website, and scammers are using every chance they can to steal coins from other people.
Our domain exch.cx was suspended by Lyubomir Gyundzhiev from Key-Systems who misread our abuse report resulting into suspension of the victim's domain instead of attacker's.
Welcome to 2024 where incompetence is an important skill for being employed by domain registrar companies. The inability to read simple texts is awarded.
Accidently suspending something like a multi-million company's (https://platform.arkhamintelligence.com/explorer/entity/exch) domain must be some kind of trend nowadays.
Temporarily new domain till these guys resolve it: exch.PW
https://exch.pw (https://exch.pw)
(https://talkimg.com/images/2024/03/13/JaPlH.png)
We will be moving to some new domain zone soon that is not managed by CentralNic or Key-Systems, since these companies demonstrated inability to handle simple issues and even making negligent harm during issue resolution.
Guys, the domain name is temporarily exch.pw
Source link. (https://www.altcoinstalks.com/index.php?topic=312900.0)
System status: https://exch.cx/status