Crypto swapper exchange shows signs of life after closing

Once the German police were closed by the German police in April-but continuous activity suggests that history is not over.

No matter of customer checks (kyc), the exchange was not a typical cryptographic exchange. He acted more like an immediate swapper, allowing bad actors and cyber criminals to fly under the radar for years.

Among his clients was Lazarus Group. The North Korean state hacker unit listed in the spotlight in February, when it used the platform to show a part of $ 1.4 billion, which he stole from Bybit. When Bybit traced his stolen exchange funds, he asked for support – but the platform refused.

This led to a fierce discussion about privacy compared to security, but eventually the exchange announced that it would close its doors on April 17; On April 30, the German authorities made him official.

But according to the TRM Labs security company, the platform may have continued in hiding mode after removal. Here is the growth, fall and afterlife of alleged replacement of the cryptographic laundry.

List closes the front door, unlocks the rear door

In addition to the closure announcement, the exchange has published a message that claims that it will not facilitate criminal influence. The post was removed within a few hours, and the operations were quietly resumed – signs of an internal dispute or maybe even a calculated test of lower visibility, according to TRM.

A fund related to CSAM flows to exchange. Source: TRM Labs

The German authorities occupied exchange servers and confiscated EUR 34 million ($ 38 million) in cryptography, as well as over eight terabytes of data, effectively dismantling public infrastructure.

Related: The northern Korean spy slips, reveals ties in a false interview

“As we saw in Garaantex Rebranding as Grinex, list did not fully die after closing. He quietly served a handful of partners through the API, which meant that the laundry was even after public removal,” said Jerremiah O’Connor, co -founder and director of security technology.

O’Connor added that it is not unlikely that such platforms serve faithful customers even after assaults.

*The mentioned website visited on May 13. Source:* *exchange*

“People standing behind exch.ch fully used their activities in many countries. The domain was registered by the British supplier, mentioned in Switzerland as an administrative location, infrastructure conducted in France and had servers in Germany,” said O’Connor.

It is still unclear whether the exchange will kill his API or return under a up-to-date name. TRM said in a blog post on May 2 that the remaining access of the platform for facilities continued to provide anonymization infrastructure for endangered actors.

Lack of kyc, collective liquidity attracts illegal exchange funds

According to “Fantasy”, the main investigative Fairside Network Fairside Network. In October 2024 investigationFantasy identified the first public appearance of the Platform as the BitcoinTalk Forum account promoting automatic swaps between Bitcoin (BTC), Perfect Money and BTC-E-Metody payments commonly related to high-risk transactions.

Fantasy also followed the original Bitcoin portfolio associated with the exchange and stated that it was probably financed by BTC-E, currently not existing Exchange Crypto Exchange Closed by the US authorities in 2017 for a role in washing criminal influence.

Fantasy forensic studies have shown that the modernized form of exchange appeared in 2022, when his heated wallet Ethereum was financed for the first time. Soon after, the center of outstanding cryptocurrencies became.

Monkey Drainer-the first known large-scale drainage operator as a service-used to exchange before retiring. Other emptying service providers, such as Pink Drainer and Inferno Drainer, also went through the funds through the platform, along with several main triggers.

*Contemporary wallets mentioned in accounts taking place in Binance and OKX. Source:* *Fantasy/Metasleuth*

No required identity verification required, enabling users to transfer funds with anonymity. This made it an attractive tool for cyber criminals who want to spotless stolen resources.

“It has been mentioned active for years – despite facilitating obvious illegal activity – because there is still a large gap between what regulatory authorities can do, and how quickly technology moves,” said Cointelegraph Amit Levin, former investigators in Binance.

“In today’s world, everyone can launch an intelligent contract or launch a cryptographic service from anywhere, often without disclosure, who they are. And if there is no registration, kyc and no one will be responsible, enforcement is impossible.”

The platform also derived trust from danger entities, using a combined liquidity system that combined deposits and payment of users, which hinders tracking investigators and law enforcement agencies.

When Exchan did not know and did nothing

Required, she refused to wash funds for cryptographic hackers in North Korea, and in her notification of closure she formulated the project as an attempt to “restore balance” in the industry. He criticized the enforcement of the right to counteract washing and condemning companies offering API addresses as “parasites” gaining the fear of government.

“Service providers in the cryptocurrency space are mostly decentralized; that is, they maintain control over customer assets or access to customer assets, as shown in the case of exchange,” said CointeLgraph S. Horowitz & Co, partner in S. Horowitz & Co.

“The financial intermediary operating in the cryptographic sector is facing a risk similar to traditional financial service providers and should therefore be maintained in accordance with equivalent standards and regulatory requirements,” she said.

According to Alex Katz, Kerberus CEO, closing the stock exchange is a “huge win” for Crypto. However, Katz warned that bad actors can migrate to alternative projects such as Thorchain, who received a scream in an unanimous EXCh farewell manifesto.

In Haku Bybit, a decentralized Thorchain conversion protocol was used as the main bridge to replace about 500,000 ether (ETH) on Bitcoin.

*Experate operators also used Thorchain to allegedly concealed the routes. Source:* *Tanuki42*

The exchange stated that her partners would keep access to the API interface for a restricted time, but future operations depend on the “new management team”. The elderly team recommended establishing up-to-date liquidity pools to maintain trouble -free functionality and said that he would provide consultation.

He signed a challenging message: “Privacy is not a crime.”

The German authorities have announced that $ 1.9 billion of cryptocurrencies fell from the very beginning. Its operators are suspected of laundering commercial money and running a trade platform.

Warehouse: Chatgpt A “Schizophrenia-Desing Missile”, AI scientists are preparing up to 50% of deaths: Ai Eye