When it comes to scams, there is no better place to find them then within the cryptocurrency universe. It is not even much of a surprise that a major entity, such as Changelly is being accused of selective scamming of funds from the exchange service’s customers. This is a situation that has been quietly gaining momentum on Bitcointalk.org, with both sides firing back and forth. Changelly adamantly denies all allegations of wrong doing, stating that the customer was not dealing with them, but rather with a third-party company who used the Changelly API, called ChangeNow.
The situation is strife with claims of wrongdoing on the part of ChangeNow, as well as accusations of false business fronts, fake names and shell companies. Public web pages are being taken down and replaced and all sorts of things that make the companies in question look pretty bad from the view of an outsider.
However, the most important thing to consider is why a privately held company has the authority to take money from someone and then do whatever they want with it.
Would you send your money to a company, who can decide to just keep it and not give you anything in return? That is exactly what happened, and the most amazing thing is that ChangeNow is not Denying it. In fact, they openly admit it.
Let’s Paint the Picture
In July of this year (2018), a user took to the bitcointalk.org forums with an accusation that he initiated a transaction with ChangeNow.io. He was selling 100 Bitcoin Cash (BCH), in exchange for 11 Bitcoin (BTC). After the transaction was initiated and the BCH sent to the Change Now wallet, the company demanded that the customer provide KYC documentation before completing the transaction. The customer refused to comply with this demand, as it was unclear at the time that ChangeNow dropped their policy on totally anonymity and adopted a KYC procedure, in order to meet guidelines, set by regulators.
According to the ChangeNow Website, they added KYC policies in April of this year. They openly admit, in on their blog page, that they were not as transparent as they should have been about these new policies.
The accusations flying back and forth have ended up bringing Changelly into the picture, along with Evercode labs and Atomic Wallet, all apparently connected via the same group of people who are in charge. The investigation into this very complex and sometimes confusing situation can be found here, on Bitcointalk.org. There are tons of links, evidence, etc.… by the user who is claiming that his funds were seized by ChangeNow. The BitcoinTalk user, known only by his forum username, ni23457, has laid out some very serious allegations against Changelly and ChangeNow. Changelly has publicly responded, within the threads on the forum, that they are in no way responsible, being that they are just the API providers that ChangeNow uses.
The information that ni23457 provides is very compelling and does raise some questions about the whole organizational structure of these companies,, as well as some practices that are a little bit shady when you look at them. You can read the information and determine things for yourself, as it is outside the scope of this specific article. Upon further investigating of my own, I found out some interesting information that makes you think that something is definitely not right with this situation.
You can make your own determination by reading all of the info provided in the BitcoinTalk thread, there is a major issue which has been overlooked due to all the drama that has been going on.
Why does ChangeNow still have this customer’s money? Who has given them the authority to simply take people’s money and hold it?
Without getting into debates, the basics are this: The customer triggered the ChangeNow KYC protocol. He effused to provide his identity documents and they killed the transaction immediately. They still have the $70,000 worth of Bitcoin Cash.
According to the FAQ page on their website, ChangeNow states the following:
“Each KYC case is handled individually. We will apply a set of standard procedures to our KYC clients, among which are asking a client to send a minimal set of documents that will allow us to confirm their identity and provide the source of funds. We aren’t going to keep this client’s funds. They’re stored on a cold wallet created specifically for his case. If the KYC procedure has failed we reserve the right to submit a claim to the legal authorities (Interpol, Europol, and other).”
They clearly state that they are not going to keep the funds. They also clearly state that they reserve the right to turn things over to the proper authorities if they deem it necessary. Yet, this transaction occurred sometime in the beginning of July. It is now October. According to a post dated 7 September, on ChangeNow’s Medium Account, they admit to their lack of transparency regarding their KYC Policies. The entire post was put up due to this situation. Regarding the KYC and transparency, they state,
“We are ready to admit that our transparency policy is still a work in progress regarding the KYC procedure: we have expanded our FAQ, adding a special section on AML and KYC (available here) as well as a notification and a link to our AML/KYC info. As we grow, we are going to add more tweaks and features to to our website for convenience of our users.”
However, if these policies have been in place since April, Why then, in July, when a customer triggered the KYC policy, did action not happen according to the policies procedures for handling the funds? Why hasn’t the money been returned to the user or turned over to the proper authorities? In the same Medium post on 7 September, 3 months after this all happened, ChangeNow says,
“We, in turn, are preparing legal claims which we are going to submit to Interpol, Europol, and other authorities, along with the info we have on the client and the cold wallet address on which the funds are kept for the time being. After that we are going to wait for their official reply. In no circumstances are we going to keep this user’s funds for ourselves.”
Preparing legal claims? FinCen, in the United States, Interpol, Europol and most other Financial Law Enforcement agencies require that any business who is regulated under the KYC law, must file a Suspicious Activity Report(SAR) with them immediately. In Europe, the law enforcement agency has 7 days, in which to respond and tell the company to hold the funds or release them. If there is no reply from them within 7 days, then it is defacto clearance to release the money.
This is from the United Kingdom’s page on KYC,
“Get consent for a transaction
You must consider whether you need a defence against money laundering charges from the NCA before you can proceed with a suspicious transaction or activity.
You’ll find out if the NCA have granted a defence when they reply to your SAR.
If you do not get a reply from the NCA within 7 working days and think you’ve correctly reported the activity, you can choose to assume a defence is granted.
If you get a reply that says you do not have permission to proceed, the NCA have a further 31 calendar days to take action.
If you’ve not heard from the NCA after the 31 days, you can proceed if you want to. You will not be committing an offence.”
A business simply provides all of the information they have to the authorities, who then make a determination, within 7 days. It has been 3 months and the authorities have not even been brought into the picture. This is pretty much the standard way of how it works everywhere, and definitely for any jurisdiction that ChangeNow would be reporting it to.
There are no legal claims that need to be prepared. It is a simple form, one that is filed online, nonetheless. Given this specific situation, there is not all that much info either. The amount of the transaction, the wallet it came from, the wallet it was supposed to go to and maybe the IP Address of the sender.
ChangeNow Essentially Engaging in Criminal Activities
Nowhere, in any jurisdiction, does the KYC law give any company the right to investigate, prosecute or make judgments. In fact, ChangeNow is actually committing a crime. They have stolen money from a user. They have no authority to open cold wallets and store people’s funds in them and decide, at their own will, what to do and when to do it.
Since they follow the regulations of KYC, and requested thee documents and are adamantly using the KYC regulations as their defense in this matter, then why are they, themselves not following either the KYC regulations for filing the SAR or the laws of Russia, The Czech Republic or anywhere else that state it is illegal to take someone else’s property without permission?
Seizing $70,000 worth of Bitcoin cash from a customer and then hiding behind KYC laws and then not following through with the procedures that those same laws require is something along the lines of what we have seen in the past from Alexander Vinnik or Mark Karpeles. It is definitely not right and while I admit, I have not fully investigated the claims made by ni23457, regarding the owner’s false use of names, business locations and other shady business practices, the fact that they are openly and admittedly holding this customer’s money, without following the proper procedures is enough to motivate me to dig deeper.
Updates on this situation will be forthcoming.