The cryptocurrency exchange eXch, widely known for its strong emphasis on user privacy and non-requirement of Know-Your-Customer (KYC) verification, has announced it will cease operations by 1 May 2025. The move comes amid serious allegations connecting the platform to the $1.4 billion Bybit hack that occurred in February this year, with reports indicating that part of the stolen funds were laundered through eXch.
The Federal Bureau of Investigation (FBI) has attributed the attack to North Korea’s Lazarus Group, a cybercrime syndicate with a history of high-profile cryptocurrency heists. In an update posted on 17 April, eXch revealed that it was now the subject of an “active transatlantic operation” aimed at dismantling its infrastructure, with potential charges related to money laundering and terrorism financing looming over its team. The platform claims the operation is based on disclosures from a whistleblower allegedly connected to the U.S. Department of Justice.
Addressing the allegations, eXch CEO Johann Roberts said, “We don’t see any point in operating in a hostile environment where we are the target of SIGINT simply because some people misinterpret our goals.” His reference to Signals Intelligence (SIGINT) points to the level of international surveillance the platform is currently under.
While denying any deliberate wrongdoing, eXch admitted to processing what it described as a “minor portion” of the stolen funds—approximately 90,000 Ethereum (ETH)—during the Bybit breach. This, according to the exchange, was the result of a 12-hour delay in updates from its third-party anti-money laundering (AML) screening provider, leaving the platform briefly exposed to compromised Ethereum addresses. The sum represents only a fraction of the total 401,346 ETH drained in the attack.
Roberts claimed that Bybit had refused to engage cooperatively with eXch, further straining relations and compounding reputational damage caused by what he described as previous “direct attacks” on the platform.
eXch has long operated on a non-traditional model, allowing users to trade without setting up accounts or submitting personal identification. This model, though praised by privacy advocates, has invited criticism from regulators and blockchain analysts, including firms such as Elliptic and blockchain sleuth ZachXBT. Roberts alleged that Elliptic had declined eXch’s request for partnership purely due to its privacy-centred policies, which he referred to as a form of “elitist” industry bias.
In its final statement before winding down, the exchange took a parting shot at what it described as the crypto sector’s “nonsensical” AML frameworks, arguing that such measures are easily circumvented and ineffective at deterring real criminal activity. Instead, eXch believes these policies disproportionately compromise user rights and the foundational ideals of the decentralised financial system.
Although the exchange will officially shut its doors on 1 May, it will maintain API access for existing partners until then. Future operational decisions will fall to a new management team, leaving the possibility open for a rebrand or restructuring.
The closure of eXch highlights a growing tension within the cryptocurrency ecosystem between safeguarding privacy and ensuring compliance. As regulatory scrutiny intensifies worldwide, privacy-focused platforms may increasingly find themselves under pressure to conform or cease operations altogether.