eXch Declines Bybit's Request and Refuses to Cooperate

eXch has publicly disclosed Bybit's request and denied any cooperation. In its email response to Bybit, eXch mentioned that due to its users being banned by Bybit in the past, it would not offer any assistance.

On the evening of February 21, the cryptocurrency exchange Bybit suffered its largest-ever theft. Numerous institutions and individuals extended their help to Bybit to navigate through this crisis. Although the situation was temporarily under control, the next critical task was to track and intercept the hacker funds and recover the stolen assets.

However, over the past two days, the eXch platform has laundered over 29,000 ETH stolen by the Lazarus hackers from Bybit. This platform has immediately attracted widespread attention in the crypto community, with many users stating that despite their years in the industry, they had never heard of the eXch project before.

So, what exactly is eXch, and what role did it play in this incident?

What Is eXch?

eXch is a centralized mixing platform that does not require KYC (Know Your Customer). The basic function of a mixer is to blend funds from different users, thereby obfuscating the sources and destinations of transactions, making it difficult for external observers to trace the transaction paths.

Users can freely exchange tokens such as BTC, LTC, ETH, and XMR on eXch. After selecting the type and amount of tokens for the transaction, and setting the receiving and refund addresses, the platform will complete the transaction at the Bisq price (based on the median value of market trading data). The exchange also claims that its liquidity is not provided by third parties but is stored on its own nodes.

A Convenient Tool or a Laundering Den?

Despite its seemingly convenient features, users who have actually used eXch report a poor experience. The platform is criticized for its high fees and significant price spreads. When liquidity dries up, transactions require manual intervention from staff to send tokens, which sometimes results in tokens being sent to the wrong addresses. Some community members even suggest that, given the exorbitant fees and slippage (nearly 10%), only money-laundering groups would use this platform.

Currently, there is no information available about the eXch team online. Only an X account named @exchcx is verified as its representative, but the account has not been updated in over a year.

eXch Refuses to Cooperate with Bybit to Recover Stolen Funds

After the incident, the CEO of Bybit began seeking support from various parties to intercept the stolen funds.

On February 22, blockchain detectives discovered that 5,000 ETH of the stolen funds were laundered through eXch and converted into Bitcoin via Chainflip. In response to this finding, Bybit requested that eXch freeze the funds and track their movements. However, eXch publicly disclosed this request and refused to cooperate. In its email response to Bybit, eXch mentioned that due to its users being banned by Bybit in the past, it would not offer any assistance.

In response, the community has voiced two different opinions:

Some argue that eXch, which allowed money laundering in the largest-ever hack incident, severely damaged the credibility of the entire industry. Regulatory authorities are likely to intervene, and all platforms should block funds transferred through eXch. If anyone is still using this platform, they should withdraw their assets as soon as possible to avoid legal risks.

Others believe that this incident was not a typical hack but a security lapse caused by social engineering vulnerabilities. Bybit should bear the loss resulting from its employees' failure to guard against phishing attacks when signing multi-signature transactions, reflecting its own operational mistakes. eXch's refusal to cooperate may be related to Bybit's negative publicity over the years, and thus eXch has a reason not to comply.

eXch's Public Statement and Community Backlash

On February 23, eXch posted a statement on bitcointalk, claiming that it "would not launder money for Lazarus/DPRK" and that the proceeds from handling Bybit's stolen funds would be donated to various open-source projects. They emphasized that this move was to protect the decentralized ethos ("not your keys, not your money") and pointed out that Thorchain had processed more illicit funds than they had.

In response, many community members began to criticize eXch. Crypto influencer @tayvano_ mocked eXch's attempt to disparage Thorchain, noting that "whenever liquidity runs out, eXch relies on Thorchain." Some users even suggested that all VASPs (Virtual Asset Service Providers) should directly blacklist eXch, arguing that its actions were tantamount to money laundering.

eXch's response, however, always seemed to fall back on the same slogan: upholding the ideals of decentralization.

Are Mixers Necessary?

This is not the first time hackers have used eXch for money laundering.

In December 2024, in a theft reported by ZachXBT, the stolen funds ultimately flowed into eXch for laundering, where they were converted into LTC and put back into circulation. The stolen assets were worth $6.5 million at the time.

In September 2024, Truflation, an economic data aggregator, suffered a hack resulting in a loss of approximately $5 million, with funds stolen from the treasury multisig and personal wallets. A month later, the Truflation attacker exchanged 1.37 million DAI for 500 ETH and transferred it to eXch.

In August 2024, an address involved in a phishing attack, after stealing 55.4 million DAI, transferred 300 ETH to the eXch platform.

Since the Bybit hackers began laundering funds yesterday afternoon, in nearly 30 hours, they have used a large number of addresses to leverage cross-chain exchange platforms/mixers such as Chainflip, THORChain, LiFi, DLN, and eXch to swap 37,900 ETH ($106 million) into BTC and other assets.

With these incidents unfolding, an increasing number of users are beginning to reflect on the necessity of mixers and question their compliance.

The Double-Edged Sword of Mixers

Mixers are designed to protect user privacy and enhance the anonymity of funds, especially in the context of the public and transparent nature of blockchain transaction records. They offer a degree of privacy protection for users. However, these tools have also become a breeding ground for hackers, scammers, and money-laundering groups. Illicit funds are often laundered through mixers, making it more difficult to track and recover stolen assets.

We cannot deny the significance of mixers, but as the metaphor in Faust suggests: technological progress, if divorced from moral constraints, will ultimately become a deal with the devil. At this stage, the only certainty is that finding a balance between privacy and compliance requires more discussion and transformation to truly protect the interests of more users.

eXch Declines Bybit's Request and Refuses to Cooperate

eXch has publicly disclosed Bybit's request and denied any cooperation. In its email response to Bybit, eXch mentioned that due to its users being banned by Bybit in the past, it would not offer any assistance.

On the evening of February 21, the cryptocurrency exchange Bybit suffered its largest-ever theft. Numerous institutions and individuals extended their help to Bybit to navigate through this crisis. Although the situation was temporarily under control, the next critical task was to track and intercept the hacker funds and recover the stolen assets.

However, over the past two days, the eXch platform has laundered over 29,000 ETH stolen by the Lazarus hackers from Bybit. This platform has immediately attracted widespread attention in the crypto community, with many users stating that despite their years in the industry, they had never heard of the eXch project before.

So, what exactly is eXch, and what role did it play in this incident?

What Is eXch?

eXch is a centralized mixing platform that does not require KYC (Know Your Customer). The basic function of a mixer is to blend funds from different users, thereby obfuscating the sources and destinations of transactions, making it difficult for external observers to trace the transaction paths.

Users can freely exchange tokens such as BTC, LTC, ETH, and XMR on eXch. After selecting the type and amount of tokens for the transaction, and setting the receiving and refund addresses, the platform will complete the transaction at the Bisq price (based on the median value of market trading data). The exchange also claims that its liquidity is not provided by third parties but is stored on its own nodes.

A Convenient Tool or a Laundering Den?

Despite its seemingly convenient features, users who have actually used eXch report a poor experience. The platform is criticized for its high fees and significant price spreads. When liquidity dries up, transactions require manual intervention from staff to send tokens, which sometimes results in tokens being sent to the wrong addresses. Some community members even suggest that, given the exorbitant fees and slippage (nearly 10%), only money-laundering groups would use this platform.

Currently, there is no information available about the eXch team online. Only an X account named @exchcx is verified as its representative, but the account has not been updated in over a year.

eXch Refuses to Cooperate with Bybit to Recover Stolen Funds

After the incident, the CEO of Bybit began seeking support from various parties to intercept the stolen funds.

On February 22, blockchain detectives discovered that 5,000 ETH of the stolen funds were laundered through eXch and converted into Bitcoin via Chainflip. In response to this finding, Bybit requested that eXch freeze the funds and track their movements. However, eXch publicly disclosed this request and refused to cooperate. In its email response to Bybit, eXch mentioned that due to its users being banned by Bybit in the past, it would not offer any assistance.

In response, the community has voiced two different opinions:

Some argue that eXch, which allowed money laundering in the largest-ever hack incident, severely damaged the credibility of the entire industry. Regulatory authorities are likely to intervene, and all platforms should block funds transferred through eXch. If anyone is still using this platform, they should withdraw their assets as soon as possible to avoid legal risks.

Others believe that this incident was not a typical hack but a security lapse caused by social engineering vulnerabilities. Bybit should bear the loss resulting from its employees' failure to guard against phishing attacks when signing multi-signature transactions, reflecting its own operational mistakes. eXch's refusal to cooperate may be related to Bybit's negative publicity over the years, and thus eXch has a reason not to comply.

eXch's Public Statement and Community Backlash

On February 23, eXch posted a statement on bitcointalk, claiming that it "would not launder money for Lazarus/DPRK" and that the proceeds from handling Bybit's stolen funds would be donated to various open-source projects. They emphasized that this move was to protect the decentralized ethos ("not your keys, not your money") and pointed out that Thorchain had processed more illicit funds than they had.

In response, many community members began to criticize eXch. Crypto influencer @tayvano_ mocked eXch's attempt to disparage Thorchain, noting that "whenever liquidity runs out, eXch relies on Thorchain." Some users even suggested that all VASPs (Virtual Asset Service Providers) should directly blacklist eXch, arguing that its actions were tantamount to money laundering.

eXch's response, however, always seemed to fall back on the same slogan: upholding the ideals of decentralization.

Are Mixers Necessary?

This is not the first time hackers have used eXch for money laundering.

In December 2024, in a theft reported by ZachXBT, the stolen funds ultimately flowed into eXch for laundering, where they were converted into LTC and put back into circulation. The stolen assets were worth $6.5 million at the time.

In September 2024, Truflation, an economic data aggregator, suffered a hack resulting in a loss of approximately $5 million, with funds stolen from the treasury multisig and personal wallets. A month later, the Truflation attacker exchanged 1.37 million DAI for 500 ETH and transferred it to eXch.

In August 2024, an address involved in a phishing attack, after stealing 55.4 million DAI, transferred 300 ETH to the eXch platform.

Since the Bybit hackers began laundering funds yesterday afternoon, in nearly 30 hours, they have used a large number of addresses to leverage cross-chain exchange platforms/mixers such as Chainflip, THORChain, LiFi, DLN, and eXch to swap 37,900 ETH ($106 million) into BTC and other assets.

With these incidents unfolding, an increasing number of users are beginning to reflect on the necessity of mixers and question their compliance.

The Double-Edged Sword of Mixers

Mixers are designed to protect user privacy and enhance the anonymity of funds, especially in the context of the public and transparent nature of blockchain transaction records. They offer a degree of privacy protection for users. However, these tools have also become a breeding ground for hackers, scammers, and money-laundering groups. Illicit funds are often laundered through mixers, making it more difficult to track and recover stolen assets.

We cannot deny the significance of mixers, but as the metaphor in Faust suggests: technological progress, if divorced from moral constraints, will ultimately become a deal with the devil. At this stage, the only certainty is that finding a balance between privacy and compliance requires more discussion and transformation to truly protect the interests of more users.