GuShiio.com eXch made Bybit’s request public and refused to cooperate. In an email reply to Bybit, eXch mentioned that since its users had been banned by Bybit, they would not provide any help.
Author: Scof, ChainCatcher
Editor: TB, ChainCatcher
On the evening of February 21, exchange Bybit suffered the largest theft in history, and many institutions and individuals extended a helping hand to help Bybit survive the crisis. Although the crisis has been temporarily brought under control, the next key task is to try its best to track and intercept hacker funds and recover stolen assets.
However, in the past two days, the eXch platform has purged more than 29,000 ETH stolen from Bybit by Lazarus hackers. This platform immediately attracted widespread attention in the crypto community, and many users said that although they had been in the industry for many years, they had never heard of the eXch project before.
So, what kind of platform is eXch? What role did it play in this incident?
What is eXch?
eXch is a centralized currency mixer that does not require KYC. The basic function of the currency mixer is to mix the funds of different users, thereby disrupting the source and destination of transactions, making it difficult for external observers to track the transaction path.
Users can freely exchange BTC, LTC, ETH, XMR and other tokens on eXch. After selecting the type and quantity of tokens to trade, and setting the receiving address and refund address, the platform will complete the transaction at the Bisq (median value based on market transaction data) price. And the exchange claims that its liquidity is not provided by third parties and is stored on its own nodes.
Although it may seem very convenient, users who have actually used eXch say that the actual experience is very bad, with high fees and price differences, and when liquidity dries up, they have to wait for staff to manually send tokens, sometimes to the wrong address. Some community members even said that with such high fees and slippage (nearly 10%), only money laundering teams would use this platform.
Currently, there is no information about the eXch team on the Internet. Only an X account named @exchcx has been certified as its representative, but the account has not updated its content for more than a year.
eXch refuses to cooperate with Bybit to recover stolen funds
After the incident, Bybit CEO began to seek support from all walks of life, hoping to jointly intercept the stolen funds.
On February 22, on-chain detectives discovered that 5000 stolen ETH were cleaned through eXch and converted into Bitcoin through Chainflip. In response to this discovery, Bybit asked eXch to block funds and track their movements. However, eXch made the request public and refused to cooperate. In an email reply to Bybit, eXch mentioned that since its users had been banned by Bybit, they would not provide any help.
In this regard, two different voices emerged in the community:
- Some believe that eXch, which allows money laundering, acted as a money laundering tool in the largest hacking incident in history, seriously damaging the credibility of the entire industry. Regulators are likely to step in and all platforms should block funds transferred through eXch. If someone is still using the platform, they should withdraw assets as soon as possible to avoid getting involved in legal risks.
- Others believe that the incident was not a typical hacking attack, but a security failure caused by social engineering loopholes. Bybit should bear the losses caused by internal employees failing to guard against phishing attacks when signing multi-signature transactions, which reflects Bybit’s own operational errors. eXch’s refusal to cooperate may be related to Bybit’s bad publicity over the years, so eXch has reason not to cooperate.
On February 23, eXch issued a statement on bitcointalk, saying that it “will not launder money for Lazarus/DPRK” and that the proceeds from the previous handling of Bybit attacks will be donated to various open source projects. They stressed that the move was to protect the concept of decentralization (not your keys, not your money.), And pointed out that Trorchain has handled more black money than they have.
In response, many community members began to criticize eXch. Crypto KOL @tayvano_joked about eXch’s behavior of stepping on Trorchain, saying that “because eXch relies on Thorchain whenever liquidity runs out.” Some users even suggested that all VASPs directly blacklist eXch, believing that what they were doing was laundering money.
And eXch’s response always seems to be the same slogan: uphold the ideal of decentralization.
Is it necessary to exist a currency mixer?
But this is not the first time hackers have used eXch to launder money.
In December 2024, in a theft reported by ZachXBT, the stolen funds eventually flowed to eXch for cleaning, conversion into LTC and put on the market. The stolen assets were worth $6.5 million at the time.
In September 2024, economic data aggregator Truflation was hacked and lost approximately US$5 million. Funds were stolen from vault multiple signatures and personal wallets. A month later, Truflation attackers exchanged 1.37 million DAIs for 500 ETH and transferred them to eXch.
In August 2024, an address involved in a phishing attack transferred 300 ETH to the eXch platform after stealing 55.4 million DAIs.
Since the hackers who attacked Bybit began to wash coins yesterday afternoon, they have used a large number of addresses to exchange 37,900 ETH (US$106 million) cross-chain into other assets such as BTC and other cross-chain exchange platforms/mixed currency platforms such as Chainflip, THORChain, LiFi, DLN, and eXch in nearly 30 hours.
With this series of incidents, more and more users began to reflect on the significance of currency mixers and question their compliance.
The function of the currency mixer itself is to protect user privacy and enhance the anonymity of funds. Especially when blockchain transaction records are open and transparent, it provides users with certain privacy protection. However, the tool has also become a hotbed for hackers, fraudsters and money laundering gangs, with illicit funds often being laundered through currency mixers, making it more difficult to track and recover stolen assets.
We cannot deny the significance of the existence of currency mixers, but it is just like the metaphor in Faust: if technological progress is freed from moral shackles, it will eventually become a transaction of the devil. The only thing we are certain about at this stage is that how to find a balance between privacy and compliance requires more discussion and change to truly protect the interests of more users.
