Regardless of its official shutdown announcement, the infamous crypto mixer eXch continues to operate as a laundering channel for illicit funds, in keeping with a damning new report from TRM Labs.
On April 30, 2025, a day earlier than eXch was scheduled to go offline, the platform eliminated all public-facing infrastructure, together with clearnet and darkish net domains.
Nonetheless, TRM’s investigation reveals that the platform’s backend, particularly its API entry, stays operational, facilitating ongoing fund actions in step with its signature mixed-pool laundering mannequin.
Cryptocurrency change 𝐞𝐗𝐜𝐡, linked by TRM to laundering within the Feb 21 Bybit hack, has shut down — however exercise persists by way of its API. Greater than USD 300,000 in CSAM-related funds have been traced by eXch. Be taught extra right here
https://t.co/SBcOt2s2gm pic.twitter.com/z6o3dnQxTI
— TRM Labs (@trmlabs) May 2, 2025
TRM hyperlinks eXch to main cybercriminal operations, together with the Lazarus Group’s record-breaking $1.5 billion Bybit hack and baby sexual abuse materials (CSAM) menace actors.
eXch’s Structure: A Laundering Engine Hiding in Plain Sight
TRM Labs’ evaluation reveals that eXch’s so-called “shutdown” is essentially superficial.
Whereas the exchange’s website interfaces were disabled on April 27, its API infrastructure remained lively and interacted with on-chain property.
— Cryptonews.com (@cryptonews) April 18, 2025
Privateness-focused crypto change eXch will shut down on Could 1 following scrutiny over alleged ties to North Korea’s Lazarus Group.On April 30, TRM noticed new transactions mimicking earlier mixed-pool habits patterns, significantly uncovered to CSAM-related funding.
The core mechanism behind eXch’s obfuscation lies in its proprietary mixed-pool structure, which breaks down deposits and combines them into liquidity swimming pools that make origin tracing nearly unattainable.
This method capabilities equally to cryptocurrency swap providers, permitting customers to swap one token for one more whereas depositing their tokens into swimming pools reused for unrelated withdrawals.
In consequence, a BTC deposit from a menace actor may simply fund a respectable person’s withdrawal, thereby mixing illicit and clear funds.
TRM discovered that eXch has already been uncovered to over $300,000 in CSAM-related funds, and this publicity is predicted to rise.
Much more alarming, the identical eXch infrastructure was used concurrently by CSAM-linked actors and Lazarus Group operatives, suggesting that the previous group’s funds supplied liquidity to launder the Bybit hackers’ property.
Whereas eXch outwardly positioned itself as a privacy-focused platform, it constantly obstructed makes an attempt to uphold accountability throughout the ecosystem.
Following the Bybit assault, eXch refused to adjust to fund-freezing requests, withdrawing all public disclosures about its coin liquidity.
This determination drew widespread criticism throughout the crypto business, particularly when different platforms have been rallying to help Bybit in freezing and recovering property.
A Historical past of Denial, Rebranding, and Blended Indicators
eXch’s historical past of controversial exercise started lengthy earlier than the shutdown. On February 23, 2025, the exchange denied laundering funds for the Lazarus Group on the Bitcointalk discussion board, admitting solely that an “insignificant portion” of Bybit’s stolen funds had handed by certainly one of its addresses.
on February 21.#eXch #Bybithttps://t.co/FWTnP5hiJS— Cryptonews.com (@cryptonews) February 24, 2025
eXch has denied allegations of laundering cash for North Korea’s The platform claimed that charges from the transaction can be donated for the general public good, downplaying the dimensions of its involvement.
But blockchain investigators supplied a extra troubling image. On-chain analyst ZachXBT accused eXch of laundering $35 million from the Bybit hack.
In distinction, others like SlowMist and Nick Bax from the Safety Alliance estimated the change processed $30 million in laundering quantity.
Bybit’s property dropped by over $5.3 billion after the theft, together with $1.4 billion in Ethereum.
Whilst proof mounted, eXch continued to stonewall. It resisted Bybit’s request to freeze the remaining stolen property, even sending emails expressing frustration over perceived slights in earlier interactions.
The scenario grew to become murkier in late April when eXch abruptly suspended operations on April 27, citing “unspecified legislation enforcement actions.”
Hours later, the suspension discover disappeared, and the change resumed operations.
On April 28, it introduced a management transition. A brand new staff will take over the infrastructure from Could 1, whereas the unique staff will stay consultants.
One suggestion from the outgoing management was to implement devoted liquidity swimming pools to masks connections to previous operations.
Whether or not it is a honest try at reform or merely a beauty rebranding effort continues to be unclear.
Nonetheless, the remaining API entry means that menace actors can proceed utilizing eXch’s anonymization instruments, undermining its public declare that it’s unwilling to launder legal proceeds.
The put up Crypto Mixer eXch Still Laundering Funds Post-Shutdown, TRM Labs Warns appeared first on Cryptonews.
Add comment