zero nonce

Privacy-first exchange

Enter amount to exchange
Receive
≈0.00
Select route

No inherited history

You receive coins with a clean AML score. Zero on-chain links to our infrastructure or any other client. The inbound transfer looks like organic activity from a regular retail wallet. Read more

Zero compliance theater

Never ask you for documents. A destination address and an amount. That's the entire intake form.
* If you have concerns about your funds, read this first.

Privacy-first

Zero logs. No CDNs, no analytics, no tracking pixels, no Google Fonts phoning home. No cookies. E v e r y t h i n g is encrypted.
Read about our infrastructure

Chain-link breaking option

A multi-hop routing system that actually severs the on-chain correlation between sender and recipient. Outperforms classic mixers. Read why

What this is

A non-KYC swap service. Three principles shaped its design:

  • Uncompromising privacy on a hardened, resilient infrastructure.
  • Ultra-low fees with no ceiling on transaction size.
  • Chain-break technology that leaves conventional methods behind.

How it works

Submit an amount, pick the pair, provide a destination. The system returns a unique deposit address. Once funds arrive and confirm, the rest is automatic. Every order runs on freshly generated, single-use accounts with no prior activity — so the withdrawal originates from a fresh output account, not a reused service hot wallet.

Two routes are available:

Direct Swap

Deposit lands on an ephemeral single-use account, swapped at an upstream routing venue at market rate, and withdrawn to your destination. There is no direct deposit-to-withdrawal path visible on-chain through our infrastructure.

This is enough for most cases where the concern is simply "don't leave a trail back to me".

Unlinkable Route

For cases where the deposit and withdrawal must also be unlinkable from each other. The flow routes value across chain boundaries instead of obfuscating it on a single chain:

  1. First conversion. Funds arrive at Account A — a single-use account generated for the order — and are swapped to BTC at an upstream routing venue.
  2. Cross-chain hop. Value transits a Bitcoin Layer 2 and one or more privacy-preserving chains. No on-chain transaction links the inbound and outbound sides.
  3. Second conversion and withdrawal. Value emerges on Account B — a single-use account generated from independent keys, with no on-chain transaction path connecting it to A — where it is swapped to the target asset and withdrawn to your destination.

Properties of the split:

  • No same-chain graph link. Deposit and withdrawal legs share no transaction-graph path.
  • No timing correlation. Inbound and outbound sides are decoupled.
  • No amount correlation. Fees, slippage, and multi-hop routing change amounts at every stage.
  • No anonymity-set dependency. Unlinkability is structural, not probabilistic over concurrent users.
  • Single-use accounts. A and B are generated per order and never reused.

No KYC

No KYC or identity verification. No name, email, phone, ID, selfie, proof of address, or source-of-funds declaration.

No accounts, no login. Orders are tracked via a short identifier you retain client-side. No third-party compliance providers, no chain-analysis screening (KYT) on deposits, no reporting.

If you're uncertain about whether your specific funds might cause issues at the DEX layer, see §4.

Fund screening

We don't screen deposits. However, the upstream routing venues may occasionally reject deposits tied to sanctioned entities or major publicized theft events. This isn't something we control — it's a property of the upstream routing venue.

Recommended check

If you're exchanging a significant amount and you're uncertain about the provenance of your funds:

  1. Start with the minimum. Create a Direct Swap order at the per-asset minimum shown on the form. Send from the same wallet you plan to use for the larger transfer.
  2. Wait for completion. If it completes, the upstream venue accepted your source.
  3. Scale up. Send the full amount from the same wallet.

Privacy & infrastructure

Not collected

  • IP addresses.
  • Browser fingerprints.
  • Cookies.
  • Analytics / telemetry.
  • Third-party CDN.
  • External scripts, fonts, etc.
  • Tracking pixels.
  • Referrer data (Referrer-Policy: no-referrer).

What we do log

Internally the engine logs order events (stage transitions, rates, confirmations, errors) for debugging. Keys and credentials are masked before reaching logs. Logs contain order IDs, amounts, and timestamps — no user identifiers, since none are collected. Logs live inside the container and are destroyed on the 48-hour rebuild cycle — nothing persists beyond it.

Post-order wipe

Unlinkable Route orders leave no audit trail of their own routing. 48 hours after the withdrawal confirms, the single-use keys, intermediate addresses, per-hop quotes, and cross-chain routing metadata are destroyed. The database retains only what statistics need: order ID, pair, input and output amounts, status, and date. Nothing that could reconstruct the deposit-to-withdrawal path survives the order.

Container architecture

The service runs as isolated Docker containers on an internal network:

  • No exposed ports. The exchange engine has no HTTP endpoint; it runs as a headless CLI process triggered by cron. Only the static frontend and a minimal API gateway are publicly reachable.
  • Hardened runtime. Read-only root filesystems, unprivileged users, cap_drop: ALL, no-new-privileges, and seccomp syscall filtering. Ephemeral data lives on tmpfs.
  • Network isolation. Each service runs in its own netns and communicates over an internal Docker network. Egress is whitelisted to a defined set of upstream hosts; unknown outbound connections are dropped.
  • 48-hour container recreation. Containers are destroyed and rebuilt every 48 hours. Only the database persists between cycles, and it contains only order records.
  • Encrypted storage with panic umount. The entire Docker data directory — container images, the database, and every other infrastructure component — resides inside an encrypted volume. Tamper detection on the host triggers an automatic umount: on any sign of physical access to the machine, the volume drops and the key is flushed from memory, leaving nothing but ciphertext on disk.

FAQ

How long does an exchange typically take?

We are not a fast exchanger. Swap speed is bounded by the block time of whichever network the leg settles on — each exchange must wait for several blocks to include and confirm the transaction. Confirmation times vary by coin and can stretch considerably during mempool congestion or fee spikes.

Which assets and networks are supported?

BTC (Bitcoin), ETH (Ethereum mainnet only — no L2s or sidechains), SOL (Solana), ZEC (Zcash, transparent t- addresses only; shielded z- addresses are not supported). Each asset is accepted only on its native network. Deposits on the wrong network are generally unrecoverable.

What are the minimums and maximums?

Current values for the selected pair and route are shown on the form.

Warning. Transactions below the minimum are lost. Per-asset minimums: BTC 0.002 · ETH 0.05 · SOL 0.2 · ZEC 0.07. Direct Swap has a high upper cap; Unlinkable Route is tighter due to channel liquidity.

What if I send more or less than the quoted amount?

The order adjusts to the received amount as long as it's above the asset minimum. Rate and output are recalculated proportionally.

What if I send the wrong coin or use the wrong network?

If you send a different asset than selected, or send on the wrong network (e.g. Arbitrum instead of Ethereum mainnet), the deposit won't be detected and the order expires after 24h. Funds sent to the wrong network are generally unrecoverable.

When is the exchange rate locked?

The rate on the form is an estimate that refreshes every 15 seconds. The rate is fixed at the moment the deposit is confirmed on-chain and does not change afterward.

How can I contact you?

Only through the on-site chat. We don't operate on third-party channels — no Telegram, no Discord, no email — to avoid funneling user identity through someone else's infrastructure.