尽管4月关闭，但Crenf Crypto洗钱平台可能仍处于隐身模式下运行

曾经是黑客和排水船的首选交换者，口气在四月被德国警察关闭 - 但继续活动表明了这个故事

German authorities shut down crypto exchange eXch in April after years of allegedly facilitating money laundering activity for hackers and cybercriminals.

经过多年的促进黑客和网络犯罪分子的洗钱活动，德国当局于4月关闭了加密货币交易所。

The platform, which never implemented Know Your Customer checks, was best known for its instant cryptocurrency swapper, allowing bad actors to fly under the radar.

该平台从未实施过了解您的客户检查，以其即时加密货币交换器而闻名，使坏演员可以在雷达下飞行。

Among eXch’s clients was the Lazarus Group. The North Korean state-backed hacking unit thrust eXch into the spotlight back in February, when it used the platform to funnel some of the $1.4 billion it stole from crypto exchange Bybit.

在Exch的客户中有Lazarus集团。朝鲜国家支持的黑客部门在2月份将其推向焦点，当时它利用该平台将其从加密货币交易所Bybit偷走了14亿美元的耗资14亿美元。

When Bybit traced its stolen funds to eXch and requested assistance, the exchange refused. This led to a fierce discussion over privacy versus security, but ultimately, eXch announced it would close its doors on April 17.

当拜比特（Bybit）追踪其被盗资金以交换并要求提供帮助时，交易所拒绝了。这导致了关于隐私与安全的激烈讨论，但最终，Exch宣布将于4月17日关闭其门。

However, according to security firm TRM Labs, the platform may have continued operating in stealth mode after the takedown. Here’s the rise, fall and afterlife of alleged crypto laundromat eXch.

但是，根据安全公司TRM Labs的说法，该平台可能在撤离后继续处于隐形模式下运行。这是所谓的加密自助式交易所的兴起，秋天和来世。

eXch shuts front door, keeps back door unlocked

交易所关闭前门，使后门解锁

Alongside its shutdown announcement, eXch posted a message claiming it would not facilitate criminal proceeds. The post was removed within hours, and operations quietly resumed — signs of an internal disagreement or perhaps even a calculated attempt to lower visibility, according to TRM.

除了关闭公告外，Exch发布了一条消息，声称它不会促进刑事收益。 TRM表示，该职位在几个小时内被删除，并悄悄恢复了操作 - 内部分歧的迹象，甚至是降低可见性的试图尝试的迹象。

German authorities seized eXch’s servers and confiscated 34 million euros ($38 million) in crypto, along with more than eight terabytes of data, effectively dismantling its public-facing infrastructure.

德国当局占领了Exch的服务器，并在加密货币中没收了3400万欧元（3800万美元），以及八个以上的数据，有效地拆除了面向公共的基础设施。

Related: North Korean spy slips up, reveals ties in fake job interview

相关：朝鲜间谍滑倒，在虚假工作面试中揭示了联系

“Just like we saw with Garantex rebranding as Grinex, eXch didn’t fully die after the shutdown. It quietly kept servicing a handful of partners via API, which meant laundering activity continued even after the public takedown,” said Jeremiah O’Connor, co-founder and chief technology officer of security firm Trugard.

耶利米·奥康纳（Jeremiah O'Connor）说：“就像我们与Garantex更名为Grinex一样，Exch在关闭后并没有完全死亡。它悄悄地通过API服务了少数合作伙伴，这意味着即使在公开停车之后，洗钱活动仍在继续。”

O’Connor added that it’s not unlikely for such platforms to serve loyal customers even after seizures.

O'Connor补充说，即使在癫痫发作后，此类平台也不太可能为忠实的客户提供服务。

“The people behind eXch.ch took full advantage of operating across multiple countries. The domain was registered through a UK-based provider, listed Switzerland as an admin location, hosted infrastructure in France, and had servers seized in Germany,” O’Connor said.

O'Connor说：“ Exch.CH背后的人们充分利用了多个国家的运营。该领域是通过英国的一家提供商注册的，将瑞士列为管理员地点，在法国托管基础设施，并在德国占领了服务器。”

It’s still unclear if eXch will kill its API or come back under a new name. TRM said in the May 2 blog post that the platform’s remaining back-end access continued to provide anonymization infrastructure for threat actors.

目前尚不清楚Exch是否会杀死其API或以新名称回来。 TRM在5月2日的博客文章中说，该平台剩余的后端访问继续为威胁参与者提供匿名基础架构。

No KYC, pooled liquidity draws illicit funds to eXch

没有KYC，合并的流动性吸取了非法资金来交换

EXch’s origins trace back to 2014, according to “Fantasy,” lead investigator at crypto insurance firm Fairside Network. In an October 2024 investigation, Fantasy identified the platform’s first public appearance as a BitcoinTalk forum account promoting automatic swaps between Bitcoin (BTC), Perfect Money and BTC-e vouchers — payment methods commonly associated with high-risk transactions.

Crypto Insurance公司Fairside Network的首席调查员“ Fantasy”（Fantasy）称，Exch的起源追溯到2014年。在2024年10月的调查中，Fantasy将平台的首次公开外观确定为一个BitCointalk论坛帐户，该帐户促进了比特币（BTC），Perfect Money和BTC-E代金券之间的自动交换 - 通常与高风险交易相关的付款方式。

Fantasy also traced the original Bitcoin wallet tied to eXch and found it was likely funded via BTC-e, the now-defunct crypto exchange shuttered by US authorities in 2017 for its role in laundering criminal proceeds.

幻想还追踪了与交易所有关的原始比特币钱包，并发现它很可能是通过BTC-E资助的，BTC-e是美国当局在2017年因其在洗钱犯罪收益中的作用而关闭的现已停产的加密货币交易所。

Fantasy’s forensic research found that the modernized form of eXch emerged in 2022, when its Ethereum hot wallet was first funded. Not long after, it became a hub for prominent crypto drainers.

Fantasy的法医研究发现，现代化的交流形式于2022年首次资助了以太坊热钱包。不久之后，它成为了突出的加密流水机的枢纽。

Monkey Drainer — the first known large-scale drainer-as-a-service operator — used eXch before its retirement. Other draining service providers like Pink Drainer and Inferno Drainer also passed funds through the platform, along with several major exploiters.

猴子排水器（第一个已知的大规模排水量是服务运营商）在退休之前使用了交换。其他排水服务提供商（如Pink Drainer和Inferno Drainer）也通过平台通过了一些主要的剥削者。

EXch required no identity verification, allowing users to move funds with anonymity. That made it an attractive tool for cybercriminals looking to clean stolen assets.

Exch不需要身份验证，允许用户匿名移动资金。这使其成为希望清洁偷窃资产的网络犯罪分子的诱人工具。

“EXch managed to stay active for years — despite facilitating obvious illicit activity — because there’s still a big gap between what regulators ‘can’ do and how fast technology is moving,” Amit Levin, former investigator at Binance, told Cointelegraph.

Binance的前调查员Amit Levin告诉Cointelegraph：“尽管促进了明显的非法活动，尽管促进了明显的非法活动，但交易所设法保持了多年的活跃状态，因为监管机构可以做的事情和技术的发展速度仍然很大。”

The platform also drew confidence from threat actors by using a pooled liquidity system that blended user deposits and withdrawals, making it difficult for investigators and law enforcement to trace the flow of funds.

该平台还通过使用汇集的流动性系统将用户存款和提款融合在一起，从而从威胁参与者那里获得了信心，这使调查人员和执法部门难以追踪资金流。

When eXch knew and did nothing

当口气知道而什么都不做

EXch denied laundering funds for North Korean crypto hackers, and in its shutdown notice, it framed the project as an attempt by privacy enthusiasts to “restore balance” in the industry. It criticized Anti-Money Laundering enforcement and condemned companies offering address risk scoring APIs as “parasites” profiting off government fear.

Exch否认了为朝鲜加密黑客洗钱资金，并在关闭通知中，将该项目构成了隐私爱好者的尝试，以“恢复行业的平衡”。它批评反洗钱的执法，并谴责提供地址为“寄生虫”的风险评分的公司从政府的恐惧中获利。

“Service providers in the crypto space are, for the most part, not decentralized; that is, they retain control over or access to customers’ assets, as demonstrated in the case of eXch,” Gal Arad Cohen, partner at S. Horowitz & Co, told Cointelegraph.

S. Horowitz＆Co的合伙人Gal Arad Cohen告诉Cointelegraph：“在大多数情况下，加密空间中的服务提供商在大多数情况下都不是分散的；也就是说，他们保留对客户资产的控制权或获得客户资产的控制权。”