German Federal Criminal Police (BKA) seized eXch

[Lucius]

~snip~
I'm surprised that despite eXch's claim that they have some friends in the intelligence sector, which precisely helped them decide to shut down their service in advance in a show of defensive move, there's still over 8 terabytes of data and €34 million left to be seized.

It made me curious. It doesn't even matter what these funds are for or these data are about, or whether they're incriminating or not. What's interesting is that they made their exit weeks ago and yet a considerable amount of data and a huge amount of money are still left when the authorities arrived.

Is it possible that those 8 TB of data aren't actually data, but storage space - something similar to what happened in the case of CM? It might make sense that there is such a large amount of data, but why (and what) would a swap exchange store that takes up so much space?

My theory about the value of the cryptocurrencies that were seized is that they may have been left with the intention of leaving the people who ran the whole thing alone. It's nothing new, in a way a kind of deal for the authorities to get money in exchange for giving up persecution - and besides, I think the guys behind this project made a lot more than those 30+ million euros.

[examplens]

Bybit's hackers stole Ethereum (from their "cold" wallet....). One way or another, seized Bitcoin didn't come from them. Isn't that the whole idea of "taint", or can "taint" transfer to different blockchains now?

As far as I've noticed, Bybit's reward for discovered and frozen coins related to the hack has triggered various analysts and "so-called" blockchain forensics. They escalated the "taint" to almost all blockchains.
An example of them being incompetent, most of them persistently claim that eXch earned $40 million by swapping stolen coins. Which is impossible, because eXch took only a 0.5%-1% fee, and the amount of $40 million was eXch reserves that they had even before the Bybit hack.

[LoyceV]

They escalated the "taint" to almost all blockchains.

Does that mean the "taint" is removed from the original coin? Say someone has $1 million in "tainted" ETH, and exchanges it for $1 million in Bitcoin. Those Bitcoins are now owned by the bad guy, so they're tainted. But the ETH is now owned by someone else, even though it came directly from the hack. Are they no longer tainted? Or does the "taint" apply to $2 million in ETH and Bitcoin now?
This sounds a lot like magic!

[examplens]

Does that mean the "taint" is removed from the original coin? Say someone has $1 million in "tainted" ETH, and exchanges it for $1 million in Bitcoin. Those Bitcoins are now owned by the bad guy, so they're tainted. But the ETH is now owned by someone else, even though it came directly from the hack. Are they no longer tainted? Or does the "taint" apply to $2 million in ETH and Bitcoin now?
This sounds a lot like magic!

It spreads faster than the most dangerous infection. 
One of my addresses from which I recently received coins from exch is marked as compromised (at least that's what my exchanger called it  ) with all the coins on it. Most of the Bitcoins on it are from the long-ago famous hack.

[CreepyUncleJoe]

Is it possible that those 8 TB of data aren't actually data, but storage space - something similar to what happened in the case of CM? It might make sense that there is such a large amount of data, but why (and what) would a swap exchange store that takes up so much space?

Yes, the 8 TB is likely the total data cloned, as they probably performed a forensic copy, which clones the entire hard drive (bit-for-bit), including even the free space. All blockchains were probably included in that data. (How much space does just Ethereum take up?)

[Darker45]

~snip~

Is it possible that those 8 TB of data aren't actually data, but storage space - something similar to what happened in the case of CM? It might make sense that there is such a large amount of data, but why (and what) would a swap exchange store that takes up so much space?

Your guess is as good as mine. By the way, are we now certain of what specific data were kept by CM and seized by the authorities? Surely, however, the 7 TB wasn't just empty storage space. It must be a combination of logs, keys, other historical data, copies of the blockchain, and whatnot.

My theory about the value of the cryptocurrencies that were seized is that they may have been left with the intention of leaving the people who ran the whole thing alone. It's nothing new, in a way a kind of deal for the authorities to get money in exchange for giving up persecution - and besides, I think the guys behind this project made a lot more than those 30+ million euros.

We can only speculate, but CM has also left $47 million in addition to the 7 TB of data. So far, I haven't heard of Minh Nguyen arrested. This is like a replay, although not involving a mixer anymore but only one that's mislabeled as such.

[Lucius]

~snip~
We can only speculate, but CM has also left $47 million in addition to the 7 TB of data. So far, I haven't heard of Minh Nguyen arrested. This is like a replay, although not involving a mixer anymore but only one that's mislabeled as such.

Recently, in the topic about mixers in the Meta board, someone confirmed that the person you mention is still at large - and as we can see, there are definitely some similarities between the two cases. Besides, those who launched an attack on eXch know who is behind the project - at least those who sent them a warning, right?

[ethex]

~snip~

Is it possible that those 8 TB of data aren't actually data, but storage space - something similar to what happened in the case of CM? It might make sense that there is such a large amount of data, but why (and what) would a swap exchange store that takes up so much space?

Your guess is as good as mine. By the way, are we now certain of what specific data were kept by CM and seized by the authorities? Surely, however, the 7 TB wasn't just empty storage space. It must be a combination of logs, keys, other historical data, copies of the blockchain, and whatnot.

My theory about the value of the cryptocurrencies that were seized is that they may have been left with the intention of leaving the people who ran the whole thing alone. It's nothing new, in a way a kind of deal for the authorities to get money in exchange for giving up persecution - and besides, I think the guys behind this project made a lot more than those 30+ million euros.

We can only speculate, but CM has also left $47 million in addition to the 7 TB of data. So far, I haven't heard of Minh Nguyen arrested. This is like a replay, although not involving a mixer anymore but only one that's mislabeled as such.

thats a good point but so you are saying minh nguyen could be exch? or his partner something? because as you said kind of replay

[Darker45]

~snip~
We can only speculate, but CM has also left $47 million in addition to the 7 TB of data. So far, I haven't heard of Minh Nguyen arrested. This is like a replay, although not involving a mixer anymore but only one that's mislabeled as such.

Recently, in the topic about mixers in the Meta board, someone confirmed that the person you mention is still at large - and as we can see, there are definitely some similarities between the two cases. Besides, those who launched an attack on eXch know who is behind the project - at least those who sent them a warning, right?

..."similarities between the two cases" and perhaps other cases, too.

As claimed, they have friends in the intelligence sector. This is at most vague, of course. And it makes one curious. If they have deep connections, which kept them a couple of steps ahead, one wonders why they had to leave not crumbs but significant amounts of data and money to the authorities.

~snip~

~snip~

~snip~

~snip~

We can only speculate, but CM has also left $47 million in addition to the 7 TB of data. So far, I haven't heard of Minh Nguyen arrested. This is like a replay, although not involving a mixer anymore but only one that's mislabeled as such

thats a good point but so you are saying minh nguyen could be exch? or his partner something? because as you said kind of replay

No, I'm not saying that. And I don't think Nguyen is behind eXch, or who knows, but probably not. The "kind of replay" comment is in line with certain similarities between the two. Limited similarities, I have to emphasize. Both platforms are into privacy and anonymity. Both seized. Both yielded considerable amounts of money and data. Both involves no arrest.

[Trêvoid]

Is it possible that those 8 TB of data aren't actually data, but storage space - something similar to what happened in the case of CM? It might make sense that there is such a large amount of data, but why (and what) would a swap exchange store that takes up so much space?

Yes, the 8 TB is likely the total data cloned, as they probably performed a forensic copy, which clones the entire hard drive (bit-for-bit), including even the free space. All blockchains were probably included in that data. (How much space does just Ethereum take up?)

i believe it could be large blockchain data directories (if running full or archive nodes) such as deleted files, system files, application data and so on...

[examplens]

i believe it could be large blockchain data directories (if running full or archive nodes) such as deleted files, system files, application data and so on...

An Ethereum node alone is about 2 TB.

Even if there were wallets with all the coins on those servers, what is the probability that they were so unprotected and that some forensic expert managed to move them immediately?
Also, what is the probability that the eXch team did not have backups offline at another location?

[Trêvoid]

i believe it could be large blockchain data directories (if running full or archive nodes) such as deleted files, system files, application data and so on...

An Ethereum node alone is about 2 TB.

Even if there were wallets with all the coins on those servers, what is the probability that they were so unprotected and that some forensic expert managed to move them immediately?
Also, what is the probability that the eXch team did not have backups offline at another location?

in my opinion, exch could have done offline backups at a separate locations as part of standard opsec procedures. Because from all the projects that currently active or exist on Bitcointalk I can surely say that eXch is the only one that has decent opsec.

as im not mistaking they were using remote encrypted HDD unlock via SSH (all disks are encrypted), they can easily determine if some fed is trying to get their encryption key given it's only possible with a reboot or shutdown of server when its on a dedicated server.

with this setup, unless the encryption key is already compromised or someone has SSH access, a forensic expert cannot managed to access and move the coins immediately.