The DDoS attacks have not ceased. Weβre still being hit by large DDoS. 4.71B requests since yesterday around 3 PM UTC.
The attacks come in waves, they stop every now and then. If kycnot.me is slow, thatβs why.
The DDoS attack is now targeting our Tor site. The hidden service is currently offline as we work to mitigate the attack and see if we can keep it up. Please use the clearnet site in the meantime.
The only official onion address is in our footer (kycnotmezdifta...). Stay safe.
The attack is still ongoing, peaking at >15 billion requests in 4 days, but intensity has dropped. Thanks to server optimizations, cache improvements, and anti-DDoS measures (without Cloudflare), the site is now usable, though downtime may still occur.
Almost 9 billion requests, that's over 100k rps... The attack is not stopping, however the server seems stable thanks to DDoS protection. We've set up DDoS guard now, we were previously using Cloudflare.
Over the last 6 hours we received 3 billion requests. The attack is still going on and has intensified. 
The attack continues. We've tried multiple defenses (rate limits, Anubis, etc.) but only CloudFlare is working. We're looking to find alternative solutions, but removing it causes service outages. It's been 24h of attack and over 1 Billion requests as of now.
The DDoS is still ongoing. We've been hit with over 300M requests in the last hour, ~100k rps.
kycnot.me has been under a DDoS attack for over 8 hours. We had to turn on Cloudflare protection as no other solution was working. We're working to remove Cloudflare and bring the site back to normal.
Some users started reporting they are receiving refunds. If you have a pending transaction with MajesticBank, contact them by email or Telegram within the next 30 days.
MajesticBank has made an official statement that they will be shutting down operations. Admin says he will start processing pending orders.
MajesticBank has made an official statement that they will be shutting down operations. Admin says he will start processing pending orders.
Just got a reply from MajesticBank. The admin says he is working to solve the issue. Will keep updating here. 
Users are reporting ongoing issues with MajesticBank, including stuck exchanges (with valid IDs). Weβve reached out but received no response. Avoid using the service until further notice. Alerts have been posted on their service page.
Beware of our latest #SCAM reports. We identified 3 services yesterday after some investigation: MoleSwap, CrowSwap and ZeroSlip.
https://kycnot.me/service/moleswap-xyz
You can check the full report under the verification section: https://kycnot.me/service/moleswap-xyz#verification
There are filters available, so you can filter by Bitcoin. I do love Monero, but still there are more bitcoin services than monero services. Luckily most of them accept both. If you think some services are missing, feel free to submit suggestions or add comments to existing ones!
It's been the only reliable way to stop DDoS attacks, I was receiving too often. It is set on the least aggressive protection level, so it only triggers on big attacks. If you know other cheap and effective alternatives, please share!
After months of work, the all-new site is live and packed with new features. Check it out!
Don't trust your personal data to third parties. Avoid KYC.
https://cybersecuritynews.com/indian-post-office-portal-exposed-thousands-of-kyc-records/
Hey everyone. I'm retaking activity on Nostr. It's been some busy months. I am working on a new update of kycnot.me taking all the user feedback I got from the Community Survey. I hope to have it ready by the end of this month:
- Better filters
- Better comments and community
- Better UI/UX
And many more...
The server is having issues right now. I'm not home, so when I get there I'll try to fix the issue ASAP. Sorry.
KYCnot.me 2025 Comunity Poll, participate and help me improve the site:
https://cryptpad.fr/form/#/2/form/view/zNdlO-r5FM-CEg0DBBUscDvg1pYGyV5O-wRo55oR-Ko/
The site experimented some downtime today due to an issue with a database upgrade. It has been resolved.
New "Contact" section for service pages. There you will find the contact methods for a listed service, if any are available.
I am gradually updating all listed services with their contact details.
Tyrants always attack privacy first. Privacy isn't negotiable β it's freedom's last stand. We won't back down.
Well, it is considered soft because the party that offers the service won't know your identity unless they take action (which they can easily can). There's an extra step for them to get to you. Your bank has the KYC, and the does not, but there's a very easy step to fully identify you if required.
I see more like: I can kill you, or I can break your spine and put you on a wheelchair. Soft KYC is the wheelchair option.
I find Soft-KYC equally harmful as KYC, if not more so, since it may give a false sense of security to inexperienced users. Although not as direct as traditional KYC, data points such as bank accounts, credit cards or phone numbers can still be used to trace a user's identity, often with minimal effort by authorities or determined third parties.
Thank you for for all your comments. I will maintain the decision not to list such services.
nostr:note1hmq2s702wz46dk8388ywafdqyktvfs0eajmgdeual8sg4sgzc3csjts7fu
Thank you for the heads up. I have not reviewed Relai for some time. Either way, with this post, I'm not referring to those two services in particular, but to this kind of "soft-KYC" services, where there is no formal KYC, but the identification is implicit in the interaction with the service.
I want to ask the community, since I have never listed any of these services yet I've been asked many times to do so. Of course, if any were to be listed, they would have low scores, a new "soft-KYC" attribute, and maybe a warning. For now, I am still leaning towards not listing them.
Should services like relai.app and dfx.swiss be listed on kycnot.me?
These services allow users to buy/sell cryptocurrencies for fiat (card/transfer) without KYC under certain limits. However, using a bank account (or card) is considered "soft KYC":
While the service doesn't require a formal KYC process, the bank account used for fiat transfers is typically linked to the user's identity. This allows the bank and the provider to potentially identify the user if needed.
If listed a warning would be displayed informing the user about this issue. Also, a new attribute for services would be set up to reflect this.
PayPerQ (@PPQdotAI) has been listed:
Use GPT4 (and more) without accounts, subscriptions or credit cards. The interface runs on a pay-per-query model via Lightning.
Server provider issues caused a 6-hour downtime for kycnot.me today, it's now functioning normally again.
Ah... that smell of freshly analyzed Terms of Service!
