儘管4月關閉，但Crenf Crypto洗錢平台可能仍處於隱身模式下運行

曾經是黑客和排水船的首選交換者，口氣在四月被德國警察關閉 - 但繼續活動表明了這個故事

German authorities shut down crypto exchange eXch in April after years of allegedly facilitating money laundering activity for hackers and cybercriminals.

經過多年的促進黑客和網絡犯罪分子的洗錢活動，德國當局於4月關閉了加密貨幣交易所。

The platform, which never implemented Know Your Customer checks, was best known for its instant cryptocurrency swapper, allowing bad actors to fly under the radar.

該平台從未實施過了解您的客戶檢查，以其即時加密貨幣交換器而聞名，使壞演員可以在雷達下飛行。

Among eXch’s clients was the Lazarus Group. The North Korean state-backed hacking unit thrust eXch into the spotlight back in February, when it used the platform to funnel some of the $1.4 billion it stole from crypto exchange Bybit.

在Exch的客戶中有Lazarus集團。朝鮮國家支持的黑客部門在2月份將其推向焦點，當時它利用該平台將其從加密貨幣交易所Bybit偷走了14億美元的耗資14億美元。

When Bybit traced its stolen funds to eXch and requested assistance, the exchange refused. This led to a fierce discussion over privacy versus security, but ultimately, eXch announced it would close its doors on April 17.

當拜比特（Bybit）追踪其被盜資金以交換並要求提供幫助時，交易所拒絕了。這導致了關於隱私與安全的激烈討論，但最終，Exch宣布將於4月17日關閉其門。

However, according to security firm TRM Labs, the platform may have continued operating in stealth mode after the takedown. Here’s the rise, fall and afterlife of alleged crypto laundromat eXch.

但是，根據安全公司TRM Labs的說法，該平台可能在撤離後繼續處於隱形模式下運行。這是所謂的加密自助式交易所的興起，秋天和來世。

eXch shuts front door, keeps back door unlocked

交易所關閉前門，使後門解鎖

Alongside its shutdown announcement, eXch posted a message claiming it would not facilitate criminal proceeds. The post was removed within hours, and operations quietly resumed — signs of an internal disagreement or perhaps even a calculated attempt to lower visibility, according to TRM.

除了關閉公告外，Exch發布了一條消息，聲稱它不會促進刑事收益。 TRM表示，該職位在幾個小時內被刪除，並悄悄恢復了操作 - 內部分歧的跡象，甚至是降低可見性的試圖嘗試的跡象。

German authorities seized eXch’s servers and confiscated 34 million euros ($38 million) in crypto, along with more than eight terabytes of data, effectively dismantling its public-facing infrastructure.

德國當局佔領了Exch的服務器，並在加密貨幣中沒收了3400萬歐元（3800萬美元），以及八個以上的數據，有效地拆除了面向公共的基礎設施。

Related: North Korean spy slips up, reveals ties in fake job interview

相關：朝鮮間諜滑倒，在虛假工作面試中揭示了聯繫

“Just like we saw with Garantex rebranding as Grinex, eXch didn’t fully die after the shutdown. It quietly kept servicing a handful of partners via API, which meant laundering activity continued even after the public takedown,” said Jeremiah O’Connor, co-founder and chief technology officer of security firm Trugard.

耶利米·奧康納（Jeremiah O'Connor）說：“就像我們與Garantex更名為Grinex一樣，Exch在關閉後並沒有完全死亡。它悄悄地通過API服務了少數合作夥伴，這意味著即使在公開停車之後，洗錢活動仍在繼續。”

O’Connor added that it’s not unlikely for such platforms to serve loyal customers even after seizures.

O'Connor補充說，即使在癲癇發作後，此類平台也不太可能為忠實的客戶提供服務。

“The people behind eXch.ch took full advantage of operating across multiple countries. The domain was registered through a UK-based provider, listed Switzerland as an admin location, hosted infrastructure in France, and had servers seized in Germany,” O’Connor said.

O'Connor說：“ Exch.CH背後的人們充分利用了多個國家的運營。該領域是通過英國的一家提供商註冊的，將瑞士列為管理員地點，在法國託管基礎設施，並在德國占領了服務器。”

It’s still unclear if eXch will kill its API or come back under a new name. TRM said in the May 2 blog post that the platform’s remaining back-end access continued to provide anonymization infrastructure for threat actors.

目前尚不清楚Exch是否會殺死其API或以新名稱回來。 TRM在5月2日的博客文章中說，該平台剩餘的後端訪問繼續為威脅參與者提供匿名基礎架構。

No KYC, pooled liquidity draws illicit funds to eXch

沒有KYC，合併的流動性吸取了非法資金來交換

EXch’s origins trace back to 2014, according to “Fantasy,” lead investigator at crypto insurance firm Fairside Network. In an October 2024 investigation, Fantasy identified the platform’s first public appearance as a BitcoinTalk forum account promoting automatic swaps between Bitcoin (BTC), Perfect Money and BTC-e vouchers — payment methods commonly associated with high-risk transactions.

Crypto Insurance公司Fairside Network的首席調查員“ Fantasy”（Fantasy）稱，Exch的起源追溯到2014年。在2024年10月的調查中，Fantasy將平台的首次公開外觀確定為一個BitCointalk論壇帳戶，該帳戶促進了比特幣（BTC），Perfect Money和BTC-E代金券之間的自動交換 - 通常與高風險交易相關的付款方式。

Fantasy also traced the original Bitcoin wallet tied to eXch and found it was likely funded via BTC-e, the now-defunct crypto exchange shuttered by US authorities in 2017 for its role in laundering criminal proceeds.

幻想還追踪了與交易所有關的原始比特幣錢包，並發現它很可能是通過BTC-E資助的，BTC-e是美國當局在2017年因其在洗錢犯罪收益中的作用而關閉的現已停產的加密貨幣交易所。

Fantasy’s forensic research found that the modernized form of eXch emerged in 2022, when its Ethereum hot wallet was first funded. Not long after, it became a hub for prominent crypto drainers.

Fantasy的法醫研究發現，現代化的交流形式於2022年首次資助了以太坊熱錢包。不久之後，它成為了突出的加密流水機的樞紐。

Monkey Drainer — the first known large-scale drainer-as-a-service operator — used eXch before its retirement. Other draining service providers like Pink Drainer and Inferno Drainer also passed funds through the platform, along with several major exploiters.

猴子排水器（第一個已知的大規模排水量是服務運營商）在退休之前使用了交換。其他排水服務提供商（如Pink Drainer和Inferno Drainer）也通過平台通過了一些主要的剝削者。

EXch required no identity verification, allowing users to move funds with anonymity. That made it an attractive tool for cybercriminals looking to clean stolen assets.

Exch不需要身份驗證，允許用戶匿名移動資金。這使其成為希望清潔偷竊資產的網絡犯罪分子的誘人工具。

“EXch managed to stay active for years — despite facilitating obvious illicit activity — because there’s still a big gap between what regulators ‘can’ do and how fast technology is moving,” Amit Levin, former investigator at Binance, told Cointelegraph.

Binance的前調查員Amit Levin告訴Cointelegraph：“儘管促進了明顯的非法活動，儘管促進了明顯的非法活動，但交易所設法保持了多年的活躍狀態，因為監管機構可以做的事情和技術的發展速度仍然很大。”

The platform also drew confidence from threat actors by using a pooled liquidity system that blended user deposits and withdrawals, making it difficult for investigators and law enforcement to trace the flow of funds.

該平台還通過使用匯集的流動性系統將用戶存款和提款融合在一起，從而從威脅參與者那裡獲得了信心，這使調查人員和執法部門難以追踪資金流。

When eXch knew and did nothing

當口氣知道而什麼都不做

EXch denied laundering funds for North Korean crypto hackers, and in its shutdown notice, it framed the project as an attempt by privacy enthusiasts to “restore balance” in the industry. It criticized Anti-Money Laundering enforcement and condemned companies offering address risk scoring APIs as “parasites” profiting off government fear.

Exch否認了為朝鮮加密黑客洗錢資金，並在關閉通知中，將該項目構成了隱私愛好者的嘗試，以“恢復行業的平衡”。它批評反洗錢的執法，並譴責提供地址為“寄生蟲”的風險評分的公司從政府的恐懼中獲利。

“Service providers in the crypto space are, for the most part, not decentralized; that is, they retain control over or access to customers’ assets, as demonstrated in the case of eXch,” Gal Arad Cohen, partner at S. Horowitz & Co, told Cointelegraph.

S. Horowitz＆Co的合夥人Gal Arad Cohen告訴Cointelegraph：“在大多數情況下，加密空間中的服務提供商在大多數情況下都不是分散的；也就是說，他們保留對客戶資產的控制權或獲得客戶資產的控制權。”