⇐ Back to the beginning of the blog

XCHNG.io, Kochava: review, audit

Our analysts, at the request of a potential private investor who wants to invest in the xchng.io project (Kochava), have ordered an audit. The audit revealed numerous problems and technical errors, suspicions of technical fraud, poor quality of ICO preparation and project readiness. All statements in the White paper, mostly unfounded, without detail, contain the abstract reasoning “How everything should work”. The audit mainly analyzed White paper. A careful analysis of the smart contract was not possible due to its terribly low quality (nothing to analyze). In case of loss / change of the White paper from the XCHNG website, a copy is made: goo.gl/bErzza

While reading this document: we offer the reader to open the White paper of the project in parallel in the browser – the document constantly refers to the specific pages of the White paper in order to avoid extreme copying of the text. The website xchng.io and the methods of organizing ICO were also partially analyzed. The author of the document, the auditor: Dmitry Borodin.

img 5c13a664a8391 - XCHNG.io, Kochava: review, audit

Analysis of White paper xchng.io

“ABSTRACT” section

Page 5. Description of the lack of current advertising. No useful information.

Page 6, 7, 8, 9. The first diagram is not informative. The second diagram: difficult, the idea is not clear. If the author of the White paper wanted to depict the current scheme of the advertising market, then probably it was necessary to draw 3 large blocks: the seller, the advertising network, the customer (+ some interactions between them, other smaller participants). In the diagram, for some reason, two blocks. The auditor is a little versed in advertising and this diagram is baffling – a possible problem: it will cause confusion among the public. Further, the big text is not about the project, but about the difficulties, according to the topic section.


Page 10. 2 meaningless, but beautiful pictures.

img 5c13a7a85ef67 - XCHNG.io, Kochava: review, audit

Unfortunately, the auditor is not familiar with Kochava products. Nothing is clear from this text about the technical side of the products to which the author of the Paper refers, how another product will help the project team.

Kochava owns proprietary rights to such a system based on patents filed in 2015. – An ordinary investor would immediately want to familiarize himself with patents (including documents), which legal entities they belong to, how these legal entities will be related to ICO, etc.

img 5c13a7c8c3ce9 - XCHNG.io, Kochava: review, audit

Such lines cause slight bewilderment. Virtually any solution for which many projects invent new blockchains, protocols, products, systems are implemented with the fork of Ethereum and its smart contracts! First, the smart contract allows you to implement any logic for which blockchains are invented. Secondly, it perfectly implements any business logic on interaction in the advertising market. Writing a few simple lines on a smart contract (high-level language) is several orders cheaper, faster and more reliable than trying to test other people’s products or create blockchains. Note: the local Ethereum for the project (non-public general Ethereum) has no problems with speed, there may be free gas and any other options. General ideas about the Ethereum network as something detrimental, expensive and slow does not correspond to reality. At the end of 2018, Ethereum is still almost the only adequate product, fully ready for the first versions of any new projects or business tasks.

img 5c13a7da461ea - XCHNG.io, Kochava: review, audit

It makes sense to add the quality of this picture. When zooming in to PDF (Chrome browser) there is no way to see the details. The meaning of the classification of different products of this scheme is not clear. The scheme itself is useful because of the visual overview of objects and their types, but the idea of the author is not clear. For example, there is a scheme – all brands of food or laundry detergent of the world, mainly belong to 7 companies. How is this related to ICO?

img 5c13a7ecd6cfd - XCHNG.io, Kochava: review, audit

Perhaps you should avoid terms like “duopoly” (or “oligopoly”) unfamiliar to the ordinary reader. Either the auditor has never heard such terms, and this is a personal problem of not education, or unjustified juggling of terminology. The expression “monopoly of two companies” quite simply replaces the term. According to Google: “monopoly” is used 100 times more often than these terms.

Page 10,11,12,13. Again, the author of White paper mainly describes current problems. Not a word about the project. At this moment, about 25% of the White paper has been read, but it is not clear what the developers are going to do: the new blockchain; decision on some current blockchain; product like Google Adv or something else (abstract protocol, framework, platform); unique and breakthrough big data processing algorithms; implementation of the main logic through the blockchain, software or smart contracts; in which languages ​​are key components planned to be implemented? What was the blockchain needed for? Where is the idea description in one phrase? It will probably be described further, but at least the key hints “What are you doing at all?” Should be announced closer to the beginning of the White paper.

img 5c13a7fba91ce - XCHNG.io, Kochava: review, audit

Page 13. The market is full of intermediaries (non-duopoly) who solve this problem. For example, the auditor’s sister company is engaged in similar solutions with excellent performance in both profitability and efficiency for the advertiser (compared to the work of the advertiser directly with Google).

Page 14,15,16, head of “Facilitating Open Audience Targeting Across Media Sources”. It is not clear for what purpose describe the benefits of another project (Kochava). It is not clear why the White paper first complains about the monopoly of Google and Facebook (98% of the market), and after a couple of chapters they tell about their achievements in the advertising market. Similarly, many companies going to ICO describe the achievements of old projects, but this is not related to what the project team was going to do.

img 5c13a80ce377e - XCHNG.io, Kochava: review, audit

The auditor sincerely tried to understand that the old project of Kochava (only in the course of reading the White paper) is represented, but this scheme also reveals nothing.

img 5c13a81d68f83 - XCHNG.io, Kochava: review, audit

Perhaps the erroneous assumption that Facebook is targeting only this data. This is just an assumption by the auditor, but 90% of the advertising targeting is configured on the fly based on what the user is doing (and not according to profile data or posts). This is simpler and clearer – I became interested in “Buy a refrigerator”, it means Facebook or another platform will please the user with a rich advertisement on the topic of refrigerators. No promises are needed about the cool future technologies of XCHNG (but we welcome their development in every way). For example, an auditor in the profile in the interests written about sports and travel, and the posts contain mainly politics and humor. But the ads displayed are completely different subjects (and rightly so).

Page 17. The scheme is devoid of any meaning explaining what the future project is about. The scheme was already there – only a circle was added.



Page 18. Description of the obvious requests from the project, without disclosing details. Unreasonable exploitation of the word “ecosystem” begins. No hints of it have been found so far (in the process of reading).

Page 19, 20, chapter “Daily Rolling Chains”. Brief essence: in our blockchain we will safely remove old information, otherwise the database (blockchain) will contain a lot of junk data. Such blockchains have already been created. Even on Ethereum, such functionality can be implemented without any inventions of new blockchains.

Page 20, chapter “Peer Membership List”. Awful text with a lot of questions.

  • What is it all about? Above in the chapters there was a discussion about the high-level implementation of algorithms (smart contracts) and suddenly the discussion about low-level protocols in p2p (UDP) begins. If the authors solve some problems in p2p and talk about innovations, then I would like a clear indication.
  • Who in the ecosystem is meant by a node? Is it the server of the advertiser, the site, the project itself? Or is this a user? Or is it a node that supports blockchain?
  • What is the list of participants for? After all, if we are talking about the blockchain, events have long been invented there. When recording their information in the blockchain, any participant in parallel generates a certain type of event so that listeners can catch it.
  • The following program code: correct, but does not explain anything, technical water, misleading the reader.
  • Further, there are quite incomprehensible arguments about problems in the p2p protocol. The auditor is more than 20 years in IT and perfectly understands all of these terms separately. But their goal is not clear. There is a suspicion that this is technical water (unless the authors of the project are not going to implement the innovations of p2p, but in the course of the reading such desires are not visible).
  • If the idea is to create a new p2p protocol, then you should:
    • list the shortcomings of other blockchains and their p2p
    • find the best implementations
    • justify the need for their innovation and describe the plan – detailed, specifically

Page 22, chapter “Incentives”. Description hotelok, without a hint of where the innovation and how it will be realized. Mostly technical tautology:

img 5c13a836bfd00 - XCHNG.io, Kochava: review, audit

Yes, it is true that miners will mine. But who is the miner? Why should they mine the blockchain project? Where is the ecosystem, who are its participants (independent of the system)? This phrase can be replaced by “In the XCHNG system, C ++ programmers will implement new functions in MySQL, so the quality of storing our data and the integrity of backups will be at an incredibly reliable level, XCHNG users have nothing to worry about” is the correct phrase, you will not carp. But this has nothing to do with the fact that the project developers are going to implement. Reading the White paper, I would like to know otherwise.

Page 22. A lot of obscure terms, such as “Addressable inventory”, even though the decoding is attached. It should be more simple and well-established terms to describe the parameters of entities in advertising networks.

Page 22, Additionally, the miners in the XCHNG system may earn tokens for generating new blocks. – it would be good to disclose details, formulas for the emission of tokens. And why miners mine tokens, but not your blockchain’s cryptocurrency? Firstly, it is still not clear what the authors conceived. Secondly, they probably conceived the blockchain, but they are extracting tokens, which suggests otherwise (implementation of logic on smart contracts, and not features of the new blockchain). Perhaps the author of the White paper has such a low technical level that he does not see the difference between tokens and the basic cryptocurrency blockchain, between emission and mining, between the token of bookkeeping for blockchain participants and commissions for mining blocks.

Page 23, chapter “Decentralized Ad Serving Miners”. The scheme is again pretty, but does not reveal any details. In it, you can replace the word “Smart contract” with “MySQL” and you’ll get the scheme of a regular advertising network.

img 5c13a86890323 - XCHNG.io, Kochava: review, audit

Technically, the first phrase is correct. However, about the CAP theorem:

  • This is a very difficult problem in large systems (projects like Facebook, where the number of servers is more than 50,000)
  • The current project is small, the order of hundreds of servers in the very distant future, CAP does not apply.
  • From the words “Therefore” – dust in the eyes, nothing from the simple existence of the CAP theorem follows.
  • If the authors solve some aspects of the theorem, they are not written.
  • On the whole, the whole 23 page describes the desire, how everything should work, and not how the authors will achieve it or why the current advertising projects are bad.
  • Total: unjustified juggling of technical terms.

Page 24. The text is devoted to banal information about the work of the blockchain. The authors erroneously issue consensus in the blockchain (no one has any problems with this at all), for a different topic – why should someone trust the correctly recorded information? The consensus in this context, the 24th page, talks about low-level blockchain algorithms, and not about the problems of distrust / fraud in advertising networks. The unprepared reader will decide that some problem has been solved here or some nuances of the project have been disclosed.

Page 24, 25. Chapter “Byzantine Fault Tolerance” and “XCHNG Consensus”. It makes sense if the project builds a truly public blockchain and a real implementation of the ecosystem, where none of the participants (including the project itself) has any special (admin) role. Obviously, in the coming long years of project development, its authors will implement the project only at the expense of their dominant role in the system, totally owning the entire infrastructure. Therefore, in general, there is no ecosystem, and all the more there is no threat from the “Byzantine generals” that actually exists in the danger theory. The reader may again decide that something is decided here. In fact: the whole page is a listing of platitudes.

Page 25. The head of “XCHNG Consensus”.

  • The authors describe the benefits of PoS. In fairness, it should be pointed out and its shortcomings.
  • The authors did not disclose the details of the intriguing “XCHNG Consensus” and the implementation of PoS, did they come up with any innovations or use a ready-made algorithm from someone else’s blockchains.

img 5c13a9fb1eb2b - XCHNG.io, Kochava: review, audit

No protocols have been described above for reference. Not disclosed nuances:

  • how, who and where places information
  • how to search / sort / filter data that is also encrypted (probably because it is personal data)
  • who and how checks the validity of data not yet published
  • how to defend against fraud, etc.

img 5c13aa09ce3b0 - XCHNG.io, Kochava: review, audit

The chapter containing this diagram has the following problems. The reader at this point has already read 50-60% of the White paper, but did not know what the developers are doing – a new blockchain or implementation of logic in the current blockchain on smart contracts (or otherwise). Each chapter makes the reader think differently each time. When they talk about low-level p2p protocols or consensus, the authors want to make a blockchain. When talking about the implementation of key logic on a smart contract, it is clear that the author of the White paper is trying to justify the use of the blockchain, since smart contract solves some aspects of the problem. Perhaps the developers are going to do everything in the world: solve the CAP theorem, eliminate the disadvantages of p2p networks, create a new blockchain and implement the business logic of the ad network on a smart contract.

It is necessary to clarify the reasons for using the blockchain and the smart contract. How this scheme and the whole implementation of the project will differ from the case, if instead of the “Smart contract” any web-oriented programming language (PHP) comes forward and the execution result is written in SQL.

Page 28 and 29 are correct, banal, expected options and entities of this kind of project.



img 5c13aa18290c7 - XCHNG.io, Kochava: review, audit

Unfortunately, no system has been set forth (in the course of reading the White paper from top to bottom) to refer to this as an irrefutable fact. Similarly, where uniqueness comes from is not clear. Until now, the Paper contained a number of platitudes and arguments on how a good advertising network should work. Unfortunately, this has already been read dozens of times in other Papers of other projects.

The auditor is in anticipation that even in the chapter with the title “On the architecture of the project” there will be at least some hints about what exactly and how the authors are going to do.


Page 29, 30, chapter “Smart Contracts” – platitudes on how abstract smart contracts work in an abstract blockchain. An unprepared reader can decide that some problems are solved or implementation nuances are described.

img 5c13aa241180a - XCHNG.io, Kochava: review, audit

Completely unexpected turn of the story. Above it has not been described anywhere that the system has a token, why it is needed, details of emission, tokenomics and other traditional chapters of the White paper. His appearance is sharp, incomprehensible. Token references in general arguments about the blockchain and the “DISCLAIMER” chapter are not counted. It is also not at the expense of mentioning the token above in the context when the authors of the project met to mine (comments are errors – already described above).

Juggling the term “ecosystem”.

It is not described in which blockchain they release tokens in order to refer to them so easily. In which blockchain data is stored (if not in one). How they are connected (if not in one blockchain). Who owns the issue, what are the rules of its turnover, what is the value of the token for the project investor and future network participants. A token is a banal registry entry (in MySQL, a record in a table, in a file system, an entry in a file). You can say – token, this is a basic option, like a person has the desire to speak. It is not clear how from the basic possibilities to keep the register, “advantages”, “security” and other follow unsubstantiated statements.

No mention is made of common token compatibility protocols relative to XCHNG tokens. The author of the paper could not even mention the word ERC20 even once (in the context – “we have ERC20”, “we have NEP-5 or “not ERC20, the differences are as follows: …”).

Page 30, 31. The chapters “Option A, B, C”.

  • Serious technical error. The “AD server” block in the “Option A” is mistakenly located. To buy tokens, you do not need an AD server for this. These are the basic functions of blockchains with smart contracts. The business logic of the advertising network is irrelevant. The author of the scheme is extremely poorly versed in the basic theory of blockchains, smart contracts and tokens turnover.
  • Scary tangled schemes are described. The purpose of the mention of as many as 3 ways is incomprehensible. Is this an innovation project that is not found in other blockchains?
  • Mentioned is a purse of ordinary network participants, without a hint – for which blockchain a purse, its options. Abstract platitudes that there are wallets in the blockchain.
  • In “Option A,” for some reason, the method is tied to one participant. The method will stop working if not this participant wants to buy tokens, but, for example, a completely stranger?
  • “Options B and C” – for what purpose was the functionality of the advertising network included in the token exchange procedure? If we are talking about tokenomics, payment for services for shows and similar business logic – this should be placed in the chapter on tokenomics. It certainly should not be confused with the basic ability to simply buy / sell tokens, which causes confusion.
  • In general, pages 29-31 contain various technical information that is not related to the nuances of project implementation.

img 5c13aa335b378 - XCHNG.io, Kochava: review, audit

Another promise to describe the architecture (later in the Paper) and the unreasonable reference that some protocols were allegedly described. Not yet.

img 5c13aa3f60296 - XCHNG.io, Kochava: review, audit

Not even the slightest hint of decentralization has been made. Here it is stated as a fact. It’s a lie. Just because the author of Paper, in his imagination, replaced the record in MySQL with the record in the smart contract of the same data, no decentralization and ecosystem appears.

Page 31, 32, 33, 34. The chapters of “Market” and “Market Protocols”. A very large text, which is another description of how an abstract ad network should work. Let me remind you, we are in the “Architecture” section, where at least some details should be disclosed, rather than trivial wishes in general words.

Among the technical waters of these 4 pages with abstract reasoning, the low-level term unixtime is unexpectedly mentioned:

img 5c13aa6493483 - XCHNG.io, Kochava: review, audit

This is probably another sign of technical tautology. As if the car sales manager, listing the options of a particular model, suddenly said “This car clock corresponds to ISO-12345. Show the dates of the Gregorian calendar, including the three rules for leap-year calculation amendments. ”

Page 34, 35, chapter “Zero-Knowledge Proofs”. Technical tautology, where again the notions of signing a message in a blockchain are confused with the problem of trusting message content.

img 5c13aa8cd18ef - XCHNG.io, Kochava: review, audit

The topic of combating fraud is not disclosed in any way (except for the general wishes that they need to be fought). Such a phrase suggests that from simply replacing the database from MySQL with Blockchain, there is suddenly a protection against fraud. It turns out that all previously existing ad networks could not get rid of fraud because of their backwardness – they did not have a blockchain, but now the problem will be solved. Technical lie. Replacing the database does not solve this problem.

img 5c13aa9f0109b - XCHNG.io, Kochava: review, audit

The meaning of the scheme is not clear. The signature “Decentralized system” is an unsubstantiated statement. In general, the whole scheme is a technical tautology: the data has come, the data is gone, it is encrypted, everything is beautiful and safe.

Suddenly, without warning, at least the second serious blockchain technology, IPFS, is announced in the signature on the scheme. There was not a single hint of this database in the whole White paper; everywhere they operated on an abstract blockchain.

From this follow questions:

  • who and how will deploy the system
  • what is the incentive to support it with the participants of the ecosystem (the ecosystem is not described, but in theory it can be created)
  • the cost of storing data, who will pay for everything
  • connection between IPFS support stimulus and tokenome
  • IPFS settings
  • storage properties, validity, data deletion.

Page 38, chapter “Network Sharding”. The important aspects of blockchain scalability are mentioned. An unprepared reader might think that the enumeration of terms describes: which aspects of scalability the project predicts, what is the greatest problem, how is it going to be solved, etc. No hints of specifics.

Page 39. chapter “Side Chains”. Another superficial mention of one of the aspects in the blockchains, without specifics. Suspicions arise, for what reason did the author of the Paper mention this? The options are as follows:

  • The author understands what he is talking about and the project team is really going to make side chains. They are used when the blockchain lacks performance.
  • But this means that the blockchain used, which is not selected and not described at the same time, has excellent qualities, is designed for any kind of load (judging by the delights above in White paper), on the other hand, it has insufficient performance and the author hints that the problem. The problem is in contradiction of different chapters.
  • Side chains are planned to be done from a public blockchain (unlikely).
  • Low technical qualification of the author of the Paper, not related to the ideas of the project developers.
  • Technical water and unreasonable transfer of blockchain options for Paper volume.

An indication of which blockchain from which creates a chain is not described. Why it is impossible to take a ready-made foreign blockchain, where this problem has already been solved is not clear. If the project team is going to create its own blockchain, there is totally no practical details of such plans in White paper.

img 5c13aab0b5aaa - XCHNG.io, Kochava: review, audit

Allegations about the project and how it may differ from others. There may be something that has been described. Until now, while reading the important technical chapter “Project Architecture”, not the slightest hint of any technical specific steps was found. To date, the project represents a void, which may indeed differ from other projects.

The list of “differences” after this text lists the same allegations. The text of the Paper has not yet found any specific options for this project and its comparison with competitors. The comparison on page 39 looks too short, blurry, shallow. The mention of only 3 foreign projects looks like a frankly poor-quality work of the author of White paper. It is difficult to say for sure, but the feelings in the ICO market over the past 2 years have been about a hundred of similar projects and similar White papers. How the current project differs is not clear. The group of companies where the author of this audit is a member had at least a dozen projects as their own clients (organizing an ICO for them), a dozen projects for a similar audit and the idea to hold their own ICO for a similar advertising project. In the world, this is at least hundreds, and maybe thousands of other people’s projects on an ICO of a similar focus.

img 5c13aae1c034e - XCHNG.io, Kochava: review, audit

The assertion that the parent company will play a key role directly contradicts the fact that the White paper mentions an “ecosystem”. It is normal for developers to play a significant role in the ecosystem. But it should be described:

  • what the author of the Paper understands by the term “ecosystem”
  • what are the plans for the transition from the first versions to the subsequent, real relationships in the ecosystem.

img 5c13aaf049774 - XCHNG.io, Kochava: review, audit

Several problems at once:

  • In the “Project Architecture” chapter, the distribution of tokens should not be described.
  • White paper simply lacks many mandatory chapters, such as “Token Distribution”.
  • The number of 25% is critically erroneous, but it will be commented below (now we are only doing a technical audit).
  • This chapter vaguely describes the algorithms for the distribution of tokens (that is, there are words, but there is no specifics). Throughout the White paper, there was not the slightest hint of how smart contracts would handle token accounting (payment for advertising and other relationships between participants), automatic billing algorithms, features of token ejection, etc. In general, this can be described as a low technical level of preparation for the distribution of tokens, in other words, this is characterized by “ICO on the knee” jargon. Either this is a distant draft of the White paper, or insufficient quality of study.

img 5c13aafd31de0 - XCHNG.io, Kochava: review, audit

Technical tales and contradictions. The absence of transaction fees is a possible property of the blockchain. But at the same time it creates many problems, allusions to the solutions of which are not mentioned at all in the Paper.

At the same time, the author of the Paper demonstrates once again a lack of understanding of the blockchain technology. Above there were lengthy arguments about the problem of the Byzantine generals, the features of PoW and PoS, the constant unreasonable references to “ecosystems”. It also demonstrates that the project will be implemented on a simple private blockchain, which is entirely owned by one person (a group of affiliates). These are mutually exclusive options.

Page 40. The final page of the chapter “On Architecture” contains general reasoning, without specifics.

The chapters of DISCLAIMER, Partners and XCHNG Team Members were not analyzed.


General conclusions on the analysis of White paper


The author of the audit is familiar with the ideas of creating this type of projects and has the experience of auditing exactly the same projects, word for word repeating the same thing. Due to the poor quality of paperwork, some disadvantages will be affected below, which were not even mentioned by the author. Unfortunately, Paper’s author is a marketer, not a technical specialist. Therefore, to the future cons of the project did not even get a speech. But after processing the Paper, attracting qualified programmers, they will appear. To save time and facilitate the future work of such a programmer from XCHNG: below are comments on the topic that were not mentioned.

The most important technical problem. Let the programmer of the project try to describe any function of the project. For example:

  • how to render the main page of the application (or site) when a visitor wants to do something: see the list of offers, find something or create a new company
  • how, after creating a targeted request, filter / select / sort advertising spaces / banners
  • how to keep accounts in real time (so that it is impossible to erroneously show advertising)
  • the site owner wants to know what kind of advertising space brought the greatest profit in the first quarter of this year.
  • think for yourself …

If you carefully analyze any such functionality, then instantly it becomes clear that almost ALL key functions will be implemented on banal SQL. No requests to the blockchain will go. Yes, some functions are really good to fall on the smart contract on the part of the token-economy, but this functionality is very small and it is absolutely impossible to do without SQL. Total: the whole Paper is a frank technical lie, where the author and the project owners do not even know about such a dramatic state of affairs, about possible accusations, etc. One idea of ​​the founder of the project “let’s make a project” is not enough to go with him to the public zone.

All Paper is not a fraud, but a deception of investors, where the founders are sincerely mistaken in the possibilities, due to insufficient technical knowledge of the topic. The idea of ​​the project “Let’s take the blockchain and solve all the problems”. Unfortunately:

  • blockchain will not solve a single problem
  • there is no attempt to solve anything in Paper (no specifics, solid water)
  • a trace of marketers is visible, without hints of a programmer
  • the weaknesses of the usual (not blockchain) projects, i.e. why did you need to do a new project
  • advantages of the project are not described in comparison with existing projects in the market
  • differences are not described, compared with hundreds of similar ICO projects
  • it looks like investor deception is still at the stage of writing Paper
  • the project is guaranteed not to be implemented in this way (you can, using SQL, but then you should think about how to capture the market and overtake Google, and not how to tie the blockchain for the sake of investment).

The author of the Paper is poorly versed in the blockchain:

  • does not understand the meaning of “ecosystem” (constantly juggling)
  • does not understand the meaning of decentralization (it is not here to speak, juggling with terms)
  • makes gross errors like “token mining” (in the absence of clear explanations of all tokenomics, token emission conditions, explanations “we make our blockchain” or “we implement everything on smart contracts”)

The technical level does not hold water.

A large number of water, designed to pretend that the paper explains something. This may introduce a technically unprepared investor for the misconception that the project team understands what is going to do.

The project team thinks that if SQL is copied to the blockchain, the number of scammers will decrease. It is fundamentally wrong. They will only be more, because it will be possible to get huge amounts of data in order to deceive honest participants even more technologically. If nothing is written in the blockchain base, then there is no point in all the beautiful arguments. There is no hint at the existence of this problem or its solution.

The description of protocols, frameworks, smart contracts, database schemas, API schemas, system components for other participants is completely missing. There is not a single schematic description of at least one smart contract that would perform any small but realistic function: a description of the input, output arguments and the essence of the method implementation without specific code.

Rave reviews about the blockchain’s load are a lie. In high-load projects there are so many problems (the auditor owns a project with 500 servers). Replacing SQL with a blockchain – project developers will exacerbate the problem.

Many White paper chapters are missing. For example: tokens, issue tokens, roadmap (and marketing).

Not a hint of the type of blockchain, type of token, the sudden appearance of IPFS and side chains in blocks, the connection between blockchains, the turnover of the token in the outside world (trading on exchanges) … None of the Paper schemes explain anything concrete.

It is necessary to take pity on the reader and explain “And what generally the project team got together”. In the course of the reading, the auditor wrote that he could not yet find one or another expected description. By the end of the reading of the White paper, the reader is disappointed, because Answers will not be clarified. It is necessary to eliminate such moments and describe the essence at the very beginning.

From realized on this day it was possible to find:

  • ICO website (weak)
  • bad White paper
  • a single test smart contract is unacceptably low quality, loaded more than six months ago
  • MVP is missing
  • there is not even a roadmap with a promise that when will be done

Careful assumption: for six months the team did nothing. Perhaps even the team does not exist, but simply the site and White paper were ordered from the marketers.

Positive point: the author of the White paper did not write on the topic of neural networks (AI).

The final conclusion: technical lies and errors, no specifics on the implementation of the conceived, juggling with terms, Paper is not seriously completed, nothing has been done in the IT part.


Analysis of ICO methods


Smart contract and personal account for the sale of tokens are absent, there is nothing to audit. There are no hints on the implementation of even the project token. These trite things should be kept in order not to look suspicious.

However, a smart contract was detected in the Ethereum test network.


A smart contract could be loaded by anyone, for example, by a third party. But, most likely, this is done by a project participant or upon the request of the owner by an outside specialist.

There is nothing to analyze in the smart contract, because its code is almost empty. Formally, the code is there, but some business of logic or functionality is not. When a smart contract is uploaded to a network, it transfers 5,000,000,000 tokens to the owner and then he can do anything with them. This means: complete lack of protection of investors’ interests, impunity of the owner, ostentatious extremely low technical level of the first product (it is a smart contract). You can take any other audit on cryptob2b.io of any other project and the negative points will be described there. For a quick search for such articles, you need to write a Google request “cryptob2b audit”. All negative comments on the technical insolvency of the smart contract and ICO methods are 100% applicable to this project. But in order to save space in the report – the information is not duplicated.

Further, only an assumption / suspicion, there are no reliable facts:

  • The main IT member of the Ethan Lewis project team, described as an experienced blockchain expert, flooded an empty token template (3 pieces) six months ago, since then – no updates. He has zero knowledge in the subject or on the project, no one does anything. No trace was found to disprove this suspicion.
  • Other project founders are unaware of the principles of ICO, the blockchain, the need to implement an honest and transparent mechanism for exchanging cryptocurrencies for tokens (selling), etc.

The following is not specific to an audit, it is given for reference only. From the wallet that was loaded test smart contract 0xb20537c42ba807c5326ac877ea0bccf2ab11d65d, there is a connection with another project http://www.thetokapp.com and some activity in the blockchain: a lively smart contract, “TOK” tokens, an ICO, etc. No reliable conclusions can be drawn from these facts, however, it can be assumed. Ethan Lewis may be working on this project now, although his resume on LinkedIn does not indicate this.

The final conclusion: an extremely low level of ICO methods in terms of protecting the interests of investors, the quality of the smart contract code. What means “protecting the interests of investors” has been described many times in other audits from CryptoB2B. You can find and read these explanations on the request of “cryptob2b audit” in Google. This is not inserted to save space.

Site analysis (www.xchng.io)


In addition to this picture – there is no intelligible explanation about the token emission.

img 5c13ab165deb6 - XCHNG.io, Kochava: review, audit

The problem with the math or the presentation of the material in the picture (which indicates poor usability). What is 600M, how is it counted? Using 10%, 25%, 40% of 2 000 000 000 or 5 000 000 000 and their combination is impossible to get this number.

Many similar problems: no ICO dates, hardcap, type of tokens, blockchain for tokens, etc.

A problem has been detected with token distribution plans. The founder plans to sell only 40% to investors (if the picture was correctly understood). The remaining 60% remain somehow in his hands. This is a very bad practice. Not only does the founder receive 100% of all the money, he also tries to keep so many tokens for himself for them. The reasons for the justification are completely unimportant, not interesting, every client at the ICO says the same thing about these numbers. Partners, reserves, to the platform, to the turnover, somewhere else – these are all attempts to take away the tokens from the investor as well as his cash contribution. Normal proportions: 80% for sale, 20% for everything else.

A reasonable question – what about the reserve? The founder is afraid of the situation: they have launched a project, begin to use a reserve of tokens for makeup and are afraid in advance that 25% will not be enough. The answer is very simple. You have enough for a reserve of 5%. Suppose the project fees were $ 20M. 5% of this number is $ 1M. Imagine that the future project after launching for several months created such a large turnover of tokens that the new participants did not have enough tokens from the reserve for a whole million dollars! This is not counting the fact that there were many investors who also put tokens into circulation. This means that the project has become extremely successful, that the company sold tokens for $ 1 million (besides the existing $ 20M) and that it will definitely have money to buy free tokens from the market to replenish the reserve.

If a certain ICO founder sees an example of another successful ICO, where the company has left itself the same large number of tokens – this is a bad example, and not the rule, why it is necessary to copy these options. If someone gets free tokens under any pretext (bounty, partners, for work at ICO, advisors), then for such people the value of the token is almost zero. They will be the first to exchange money for any base price, strongly affecting the speed of the token price fall. Of course, it is impossible to give up entirely on bounty and other goals, but it is necessary to sharply limit the existence of free tokens. Such distortions impair the rights of investors who gave their money for tokens at full value.

img 5c13ab2fdef27 - XCHNG.io, Kochava: review, audit

Two right buttons at the bottom of the site in this block open useless documents:

  • copy of White paper data, no new information
  • the task is not performed, the topic is not disclosed, the material should be replaced or buttons removed

In the FAQ section, an unsubstantiated message is written that the project’s blockchain supports 180,000 transactions per second. Many questions / suspicions arise:

  • Created a new blockchain? What is his name? Where to download the source? Open source? How to connect to the network (test/dev network)?
  • How many lines of this blockchain code was written personally by XCHNG or Kochave programmers?
  • Probably, the developers took someone else’s blockchain, installed without modifying the source, measured the speed, reported on the progress. And they forgot to mention in the news: what a blockchain, how many lines have changed, any other aspects of testing.
  • For example, the Internet is littered with incredible “achievements” of “top” blockchains, such as EOS, NEO, etc. There they promise unimaginably great write speeds, parallel blocks, free transactions, and wonderful consensus algorithms. However, it was not revealed at least some real evidence of these tales in other people’s business projects that these blockchains actually fulfill the promised fabulous performance. Probably, there was a test of someone else’s product, such as EOS. Perhaps, even edits of several lines in source codes of EOS, then the superficial test have been made. From which the project made the news that their blockchain issues 180,000 transactions per second.

Site archive analysis https://web.archive.org/web/20180625200753/https://www.xchng.io/ gives additional information:

img 5c13ab44c6721 - XCHNG.io, Kochava: review, audit

The countdown counter (on the light green strip) is increasing. This means that the event he described is in the past. This audit was written on November 10-19, 2018, therefore sales were to begin in mid-July. Now there is no counter, which probably speaks of the following: they tried to launch ICO, even without smart sales contracts, nothing happened, the sales company was turned off, and the site was mothballed.

img 5c13ab56c6226 - XCHNG.io, Kochava: review, audit

Links from these buttons lead to the 404th pages:

This probably indicates that such pages existed once. But these projects carried out an audit of the XCHNG project, found it unsuitable even for mention (probably a suspicion of a scam) and simply erased it.

Updated 14 Nov 2018: Some links are working again. But in November 2018 – the pages did not exist. Probably: paid extra for the review and resumed.

The site is invited to join Whitelist. Unfortunately, the Whitelist era ended a year ago. No more huge masses wanting to buy tokens.

In the process of exploring the site https://www.xchng.io, the auditor switched over the pages of this site. Not too intense without doing anything wrong. However, suddenly the connection to the site disappeared. This could happen for 3 reasons:

Changing the IP address was able to enter the site. Perhaps this suggests that any active investor, simply from visiting the site, may be blocked by a low-quality Anti-DDoS solution (from the hoster dreamhost.com or incorrectly configured WordPress). Perhaps it says something else. The “load” from visiting the site by an auditor only spent all the limits of CPU time at the multi-hosting dreamhost.com, which was temporarily blocked by xchng.io. The latter speaks of extremely low quality hosting and extremely cheap selected tariff, even without a dedicated IP address.

The final conclusion: the ICO website looks suspicious, of poor quality, with poor feed. It is not clear what and how the authors of the project are going to do.

⇐ Back to the beginning of the blog