Crypto exchange eXch is set to cease operations on May 1st, as announced by the team on Thursday. This decision follows the exchange being linked to the massive $1.4 billion Bybit hack and what they describe as an “active transatlantic operation.”

eXch, known for its privacy focus and operation without standard Know Your Customer (KYC) procedures, is now facing serious allegations. The exchange’s closure comes amidst these mounting claims of complicity in the February Bybit hack, with accusations that eXch potentially facilitated money laundering for North Korea’s Lazarus hacker group.

According to an announcement on April 17, the exchange cited an “active transatlantic operation” as the primary reason for shutting down. This operation, they claim, is targeting their infrastructure and could lead to money laundering and terrorism charges against members of their team. You can see their full statement here.

Speaking with Decrypt, eXch CEO Johann Roberts revealed that the decision to close shop was triggered by a “verified whistleblower from the DOJ.” This whistleblower reportedly provided “enough real data” to prompt the shutdown.

In their announcement, eXch stated, “We don’t see any point in operating in a hostile environment where we are the target of SIGINT simply because some people misinterpret our goals.”

For those unfamiliar, SIGINT stands for Signals Intelligence, which is a method of gathering intelligence through electronic signals.

Until May 1st, eXch will maintain API access for its partners. After the shutdown date, a new management team will take the reins to decide on the future path of the exchange.

Blame game

Back in February, the FBI officially pointed the finger at North Korea’s notorious Lazarus Group in connection with the Bybit incident.

Shortly after the hack, Decrypt reached out to eXch CEO Johann Roberts regarding accusations from Elliptic, ZachXBT, and other investigative bodies. These groups had pointed to eXch as the platform processing the stolen funds, even after Bybit had repeatedly requested them to freeze the suspicious transactions.

On-chain investigators at the time even noticed a significant and “abnormal spike” in Ethereum trading volume flowing through the eXch platform right after the theft.

Initially, eXch flatly denied these allegations, stating firmly, “We are not laundering money for Lazarus/DPRK.”

The exchange defended themselves by claiming the issue stemmed from outdated data from their third-party AML (Anti-Money Laundering) screening provider. They said it took around 12 hours for this provider to update information on the hacked addresses.

eXch later conceded in an email to Decrypt that they had indeed processed “a very small portion” of the stolen Ethereum – approximately 90,000 ETH out of the total 401,346 ETH pilfered from Bybit. They pointed out that this sum had already been laundered through “multiple centralized and decentralized services.”

At the time, eXch justified their lack of cooperation with Bybit by citing Bybit’s “direct attacks” against eXch’s reputation in the past.

Decrypt has reached out to Bybit for comment, but has not yet received a response.

eXch also alleged that Elliptic had declined them as a customer because they operated as a “non-KYC accountless exchange” with a focus on “preserving privacy” for their users.

According to Roberts’ statement to Decrypt at the time, this situation “reflects not only our challenges, but also broader issues within the industry, especially the elitist policies of certain companies like Elliptic.”

Decrypt also contacted Elliptic for their response on this claim, but has yet to receive any feedback.

In their final words, eXch criticized the AML practices of other exchanges as “nonsensical policies,” asserting that existing screening mechanisms can be “easily bypassed.”

Edited by Stacy Elliott.