Author: Scof, ChainCatcher

Editor: TB, ChainCatcher

On the evening of February 21, the exchange Bybit experienced the largest theft in history, prompting many institutions and individuals to extend their help to assist Bybit in overcoming this crisis. Although the crisis has been temporarily controlled, the next key task is to track and intercept the hacker's funds and recover the stolen assets.

However, in the past two days, the eXch platform has laundered over 29,000 ETH stolen by the Lazarus hackers from Bybit. This platform has immediately attracted widespread attention in the crypto community, with many users stating that despite being in the industry for years, they had never heard of the eXch project before.

So, what kind of platform is eXch? What role did it play in this incident?

What is eXch?

eXch is a centralized mixer that does not require KYC. The basic function of a mixer is to obscure the source and destination of transactions by mixing the funds of different users, making it difficult for external observers to trace the transaction paths.

Users can freely exchange tokens such as BTC, LTC, ETH, and XMR on eXch. After selecting the type and amount of tokens for the transaction and setting the receiving and refund addresses, the platform will complete the transaction at the Bisq (median value based on market trading data) price. The exchange claims that its liquidity is not provided by third parties and is stored on its own nodes.

Although it seems very convenient, users who have actually used eXch report that their experience is quite poor, with high fees and price spreads. Additionally, when liquidity runs out, users must wait for staff to manually send tokens, and sometimes tokens are sent to the wrong address. Some community members have stated that under such high fees and slippage (nearly 10%), only money laundering teams would use this platform.

Recommended reading: “ZachXBT: The centralized mixer eXch used by the Lazarus Group for money laundering mistakenly sent 34 ETH to a certain exchange hot wallet”

Currently, there is no information about the eXch team online, only an X account named @exchcx certified as its representative, but this account has not updated its content for over a year.

eXch Refuses to Cooperate with Bybit to Recover Stolen Funds

After the incident, Bybit's CEO began seeking support from all sectors to jointly intercept the stolen funds.

On February 22, on-chain detectives discovered that 5,000 stolen ETH were laundered through eXch and converted to Bitcoin via Chainflip. In response to this discovery, Bybit requested eXch to block the funds and track their movements. However, eXch publicly disclosed this request and refused to cooperate. In their reply to Bybit's email, eXch mentioned that they would not provide any assistance because their users had been banned by Bybit.

In response, the community expressed two different opinions:

• Some believe that eXch, which allows money laundering, acts as a laundering tool in the largest hacking incident in history, severely damaging the credibility of the entire industry. Regulatory agencies are likely to intervene, and all platforms should block funds transferred through eXch. If anyone is still using this platform, they should withdraw their assets as soon as possible to avoid legal risks.
• Others argue that this incident is not a typical hacking attack but rather a security lapse caused by social engineering vulnerabilities. Bybit should bear the losses caused by internal employees failing to prevent phishing attacks when signing multi-signature transactions, reflecting Bybit's own operational errors. eXch's refusal to cooperate may be related to Bybit's negative publicity towards it over the years, giving eXch reason not to cooperate.

On February 23, eXch issued a statement on Bitcointalk, stating that they "will not launder for Lazarus/DPRK" and that the funds processed from Bybit's attack would be donated to various open-source projects. They emphasized that this move is to protect the principle of decentralization (not your keys, not your money) and pointed out that Trorchain has handled more dirty money than they have.

In response, many community members began to criticize eXch. Crypto KOL @tayvano_ mocked eXch's behavior of dragging Trorchain down, stating, "because whenever liquidity runs out, eXch relies on Thorchain." Some users even suggested that all VASPs should blacklist eXch directly, believing that their actions amount to money laundering.

eXch's response seems to always be the same slogan: maintaining the ideal of decentralization.

Is There a Necessity for Mixers to Exist?

But this is not the first time hackers have used eXch for laundering.

In a theft incident reported by ZachXBT in December 2024, the stolen funds ultimately flowed to eXch for laundering, converted into LTC, and put into the market. At that time, the stolen assets were valued at 6.5 million dollars.

In September 2024, the economic data aggregator Truflation suffered a hacking attack, losing about 5 million dollars, with funds stolen from multi-signature vaults and personal wallets. A month later, the Truflation attackers exchanged 1.37 million DAI for 500 ETH and transferred it to eXch.

In August 2024, an address involved in a phishing attack transferred 300 ETH to the eXch platform after stealing 55.4 million DAI.

With this series of events, more and more users are beginning to reflect on the significance of mixers' existence and question their compliance.

The function of mixers is to protect user privacy and enhance the anonymity of funds, especially in the context of publicly transparent blockchain transaction records, providing users with a certain level of privacy protection. However, these tools have also become a breeding ground for hackers, scammers, and money laundering gangs, with illegal funds often laundered through mixers, making it more difficult to trace and recover stolen assets.

We cannot deny the significance of mixers' existence, but as the metaphor in "Faust" suggests: if technological advancement is divorced from moral constraints, it will ultimately become a deal with the devil. At this stage, what we can be certain of is that finding a balance between privacy and compliance requires more discussion and reform to truly protect the interests of more users.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。