The heart of tech is coming to the heart of the Mediterranean. Join TNW in València this March 🇪🇸

This article was published on September 4, 2018

Cryptocurrency exchange Changelly admits it can ‘steal’ users’ Monero (if it wanted to)

Privacy coin fans are being profiled for suspicious activity

Cryptocurrency exchange Changelly admits it can ‘steal’ users’ Monero (if it wanted to)
David Canellis
Story by

David Canellis

David is a tech journalist who loves old-school adventure games, techno and the Beastie Boys. He's currently on the finance beat. David is a tech journalist who loves old-school adventure games, techno and the Beastie Boys. He's currently on the finance beat.

Government regulators haven’t made things easy for anonymous cryptocurrency projects. Monero fans are complaining about being profiled by cryptocurrency exchanges, after Changelly was found to wield the ability to effectively “steal” cryptocurrency from customers.

One user has taken to Reddit to vent their frustrations. After attempting to exchange some cryptocurrency for Monero via Changelly, they were automatically classified as high risk. The funds were immediately quarantined until the account has been cleared of anything untoward. 

A Changelly spokesperson has since confirmed the exchange service can indeed withhold suspicious transactions (and hold their funds until users provide further information).

To all Monero community, our risk management system doesn’t mark all transactions out of the blue,” explained a spokesperson. “[…] Monero is the crypto that hides a sender and recipient thus making transactions untraceable. This [is] a reason why big amounts of other currency got to be checked [sic] before [it’s] converted to XMR.”

Changelly has been quick to clarify that it holds no prejudice towards XMR traders – this is strictly business, nothing personal.

“We have no mistrust of and prejudice towards users trading XMR,” the spokesperson implored. “The matter relates to a Know-Your-Customer procedure that we had to implement due to the increased number of money laundering cases via our service.”

While the spokesperson was adamant that all funds are immediately released once cleared of anything fishy. Affected users would even be white-listed to avoid future delays, but Changelly stopped short of clarifying just how accounts are singled out for additional checks. Hard Fork reached out to Changelly for a statement, and will update this piece should it reply. But, it did confirm what happens to funds when it fails the checks: it keeps all of it (for an undisclosed period of time).

“Once again, our risk management system may put on hold some suspicious transactions and the security department is working hard in order to process such operations in minimum time,” the spokesperson added. “When a customer refuses to provide the required data, we cannot simply return coins as we wouldn’t like to operate and transfer coins that might be potentially stolen or raised by fraud.”

The regulatory pressure is no joke. In June, it was reported that Japan’s Financial Services Agency was pressuring licensed cryptocurrency exchanges to drop support for privacy focused coins. As such, several platforms delisted several popular anonymous cryptocurrencies, including Monero, Dash and ZCash.

The Economist published a great guide to cryptocurrency money laundering. Typically, dirty cash can be “washed” by purchasing cryptocurrency with it, splitting it up and exchanging it for several cryptocurrencies. Do this enough times, with the right coins (like Monero), and it should be clean enough to be swapped back for ordinary money.

CipherTrace’s latest cryptocurrency anti-money laundering report noted that over $1.2 billion in dirty money had been washed by trading anonymous alt-coins like Monero.

Update 08:15 UTC, September 6: Changelly has since reached out to Hard Fork with a statement concerning its policy on freezing suspicious transactions, supplied by COO Ilya Bere. 

Here is the unedited response in full:

To begin with, it’s vital to mention the government intervention in the crypto space. There is no denying that almost every country puts regulations on cryptocurrencies and every single service related. Changelly is part of cryptocurrency ecosystem that has to implement KYC procedure to comply with the regulators’ policies. We process a huge number of transactions daily and provide seamless and non-custodial exchange process for everyone. No wonder we have to follow these regulations, too. To be fair, suspending transactions, if detected, is a common practice in every financial structure.

As part of ecosystem, Changelly shares blacklisted walled addresses along with other exchange services and trading platforms. We all communicate to each other and have a risk management system, so when it comes to a suspended transaction due to KYC, there is always a reason for that.

Although the measures we take may seem to be unhealthy at the first glance, they help us prevent fraud and protect innocent users. Unfortunately, due to the untraceable nature of XMR, it’s been frequently used for the fraudulent activities. Not only Monero, however, but also every cryptocurrency may be involved into that. For example, a few weeks ago, we have detected a suspicious activity in a large XRP to BTC transaction which was frozen until getting proves. A user who initiated that transaction has never provided any details, but eventually, the real owner reached us out and gave the information that matched this payment. Fortunately, XRP was returned to that user. There is plenty of cases when we receive hacked crypto from different services, like Bancor, Coincheck, Bithumb and so forth. We also help legal authorities find a hacker and return money stolen.

As crypto enthusiasts, we all need to understand that the government regulations is an inevitable side-effect of mass adoption, so we need to stick with common sense and provide users with the best experience possible in the current circumstances. That’s why we still keep users’ privacy for approx. 99,5 percent of overall transactions on Changelly.

From time to time, we see users overreacting to the KYC procedures on social media. Most probably, they believe that their claims and provocations will make us go against our policy and exchange money which are likely to be stolen. We had several cases with such a pathetic strategy. In turn, it won’t hurt to mention that we always warn our users about possible KYC checks before a transaction is initiated, so there are only them who decide whether to use Changelly or not.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Back to top