Changelly is a crypto swap platform and has been gathering quite a fame on Reddit recently. Moreover, as per our sources, a user tried to exchange 0.4349346 BTC ($19,800) for 19740 DAI (ERC20) on April 4th. However, he never got his transaction fulfilled and his account was put on hold.
Losing $20,000 in a Single Transaction
It all started when after sending BTC his account wasn’t credited with DAI. Furthermore, the user noticed that his exchange was on hold, and there was an alert telling him that the user needed to complete KYC verification. Changelly uses a third-party KYC authentication service Sumsub; where the affected user immediately completed his KYC verification.
Despite successful KYC verification through Sumsub, his account was still on hold. Moreover, a couple of minutes later, he got another notification, saying, notifying him to connect with the security team of Changelly.
According to a Reddit post, the user then emailed them, “I got a hold asking me to fill in KYC details. I completed that and the verification was successful. However, the transaction still says that it’s on hold. How long will it take?”
The Loop
The user got the reply after 5 minutes, and they were asking the user to submit evidence to prove that the user owned the bitcoin. It can be seen in the image below.
The user then took the images of his wallet and replied to them with those images, as can be seen in the image below.
They replied to the user with “Could you please specify how you obtained the BTC in question? Were they purchased, traded, or mined – for instance?” It can be seen in the image below.
The user told them that he met up with his friend IRL and bought BTC from him using cash. He further said he always uses his friend for buying BTC because his cards aren’t compatible with bitcoin purchase sites.
Then the security team sent the user a long list of bitcoin addresses and told him to confirm which ones are the users. Only a few of them were users and he then showed the security team a screenshot of his addresses inside the electrum wallet. The user also sent the team a plaintext list of those addresses to make it easier for them. The image below shows the addresses of the users.
Non Changelly user Asked to Complete KYC
The security team replied to that by asking the user to tell his friend to contact them so that they can have his KYC verified, as seen in the image below.
At this point, the user felt like he was being scammed by Changelly. His friend was not a customer of Changelly and there was no need for him to complete KYC. The user knew that his friend wouldn’t want to trust an exchange with his personal information and documents. But the user begged him to do the KYC checks. He reached out to Changelly and completed KYC checks within an hour, as can be seen in the image below.
After his successful KYC verification, they replied to the user and demanded proof of ownership of the bitcoin his friend has sent to the user originally. The user’s friend started getting doubts about their legitimacy at this point. He suspected that they were trying to trap them into a KYC/AML loop.
But because of the user’s constant cry for help, his friend decided to move forward and disclosed to them that the source of funds was paxful.com. It can be seen in the image below.
Changelly asked the user if the sender wallet addresses (from Paxful to my electrum wallet) belonged to him or not. The user told them that the addresses technically belong to Paxful because it’s an exchange, not a Decentralised wallet. In the same email, he told them that they are supposed to do KYC/AML checks on them BEFORE the exchange initiation on Changelly.
After hours of no replies, Changelly replied asking the user for screenshots of transactions from Paxful to his electrum wallet. The user sent them 3 screenshots which were of the 3 largest transactions to his 3 wallet addresses. It can be seen in the image below.
Changelly verified the source of funds and sent the user the response saying the case is being reviewed. It can be seen in the image below.
According to our source since there were no updates even after 1 day, the user’s friend emailed them again asking for updates and they replied with this “Please be informed that once there are any updates we will immediately let you know.”
2 days passed and the user and his friend were emailing them multiple times. The user’s friend even requested them to “Return bitcoin to original sender” if they cannot carry out the exchange. But they never replied to any of it.
On the 6th of April, they replied saying that a review of the case could take “months”. The user then replied that Why would it take months if he and his friend already verified KYC and proved a source of funds?
From the 7th of April to today 10th of April, the user has emailed them daily asking for updates. They never even replied to the user emails once. Finally, the user realized that they have scammed.
We looked around on the internet to see if someone else had the same experience. Surprisingly, we found several similar stories by just googling for “Changelly KYC.” Hence we others are experiencing similar issues, and believe Changelly should look into it, before it gets on the verge of losing its user base.
