CypherGoat

Open-source non-custodial swap aggregator — fans your order out to multiple instant-swap engines (StealthEx, ChangeNOW, ChangeHero, FixedFloat per their `/about`), surfaces quotes, lets you pick + execute without ever depositing into CypherGoat itself. Operator-published positioning: *"Swap Crypto at the Best Rate on the Market — Non-Custodial, No account, Tor supported, Open source. Sort by KYC level."* Listed at Grade B on first pass (per playbook: new aggregator, no curator test trade on file yet, sparse operator-published team / jurisdiction disclosure) — the open-source code + operator-published Tor onion + explicit KYC-sort filter are strong signals that this can upgrade to A after end-to-end testing.

What it is. Web app at `cyphergoat.com` (clearnet) + `cyphergmw4huw7jzhat3misfm5jj2m4nvafockqbj7i5rrlec6mobdid.onion` (Tor). The home page is a swap form (from-coin / amount / to-coin → quote across engines → pick + execute). Funds flow user → chosen-engine → user; CypherGoat doesn't custody between legs. Open source at `github.com/cyphergoat` (org) with the web frontend at `github.com/CypherGoat/web` — auditable code base, license terms in the repo. Supported coins on the home form include BTC (incl. Lightning), ETH, XMR, LTC, BCH, DOGE, BNB, SOL, XTZ, ADA, XRP, TRX, LINK, USDC across multiple chains (ETH/POLY/SOL/ALGO/BSC/OP/BASE/TRON), USDT, Nano.

What you trust.

• Non-custodial swap aggregator. Funds flow user → engine → user. CypherGoat doesn't hold balances between legs; if an engine fails, refund-recovery is the engine's responsibility (their refund policy varies — CypherGoat surfaces this per-engine).
• Open-source code at `github.com/cyphergoat`. Frontend at `github.com/CypherGoat/web`. Auditable, forkable. (License terms in the repo; we have not verified MIT vs GPL vs Apache.)
• Operator-published Tor onion — `cyphergmw4huw7jzhat3misfm5jj2m4nvafockqbj7i5rrlec6mobdid.onion`. Cross-listed in the operator's own `/about` page, satisfies the operator-disclosure standard from /guides/verify-onion-mirror.
• No account, no signup, no KYC at the aggregator layer. Each underlying engine has its own KYC posture; CypherGoat exposes this as a "Sort by KYC level" filter — a user-facing differentiator vs aggregators that hide engine KYC behind the quote.
• Affiliate disclosed. Operator mentions an Affiliate Program + Affiliate Login on /about. Implied: CypherGoat earns a cut on each routed swap. Same model as kyc.rip / OrangeFren / Trocador.
• No team / jurisdiction disclosure — the only public-facing identity is the brand + GitHub org. Common for the pseudonymous-operator no-KYC tooling tier; flagged as a transparency caveat rather than a blocker.

Operational specs.

• Site. Clearnet `cyphergoat.com` + Tor `cyphergmw4huw7jzhat3misfm5jj2m4nvafockqbj7i5rrlec6mobdid.onion`. Both render the same React/Vite SPA; legal pages (/about, /privacy, /terms) ship real operator-written content (24-25 KB each), not the SPA shell.
• Engine partners (disclosed on /about). StealthEx, ChangeNOW, ChangeHero, FixedFloat. Live coverage likely broader once you query the in-app quote — but the operator-disclosed list is a useful starting point.
• Coin coverage. ~20+ coins on the home form (see What it is). XMR is first-class.
• KYC sort filter. Lets you sort engines by KYC posture before picking — useful when comparing the same pair across a strict-KYC engine vs a no-KYC one.
• Pricing. Engine-driven; CypherGoat surfaces the engine's quote. Affiliate cut is implied (per /about Affiliate section) but not disclosed as a percentage.
• API. Frontend hits the engines' APIs through a CypherGoat backend layer. No public CypherGoat API endpoint surfaced; check the GitHub repo for shape if you want to build on top.
• No published team / jurisdiction / commercial entity. Pseudonymous operator. Flagged but not blocking at Grade B.

Operator philosophy. Per /about: open-source-first, non-custodial aggregation. The explicit KYC-sort filter is the editorial differentiator vs hidden-routing aggregators — CypherGoat treats KYC posture as a first-class user-facing axis rather than a hidden engine-routing decision. The operator framing is anti-custody, anti-account, pro-Tor: same posture as kycnot.me and the broader no-KYC tooling community.

Grade rationale. Grade B on first pass because: (1) no curator end-to-end test trade on file yet — playbook default for new aggregator submissions; (2) no published team / jurisdiction / commercial entity disclosure; (3) affiliate cut not disclosed as a percentage — fine for Grade B, would prefer transparency for A. The open-source code + operator-published Tor onion + explicit KYC-sort filter are strong signals toward A. Re-grading conditional on (a) successful end-to-end test trade in both modes (clearnet + onion), (b) the affiliate cut + license terms confirmed from the repo, (c) any team / jurisdiction disclosure even at pseudonym level.

Useful when:

• You want a swap-quote comparison across multiple engines with the ability to sort by KYC posture before executing.
• You're operating over Tor and want an aggregator with an operator-published onion (not just a clearnet site that works under Tor).
• You prefer auditable open-source code for the aggregator layer, not just the underlying engines.
• You want a Lightning-aware BTC source path (BTC-Lightning is in the home-form coin list).
• You're already comfortable with the underlying engines (most are graded individually on kyc.rip + xmr.club) and just want a privacy-respecting quote-comparison UI on top.

Caveats:

• No curator test trade on file yet. Listed first-pass at Grade B; full enrichment + end-to-end verification will follow in the next Phase 2 enrichment tick.
• No published team / jurisdiction / commercial entity. Common for this tier but flagged for transparency.
• Affiliate-cut percentage not disclosed. CypherGoat earns on every routed swap (per /about Affiliate section). Cross-check the engine's direct quote vs CypherGoat's quote to see the spread the aggregator is adding.
• License terms not verified yet. Code is on GitHub but we haven't pulled the LICENSE file — "open source" claim is operator-stated, confirm via the repo before forking.
• JS-only frontend. React/Vite SPA — no SSR fallback for no-JS users. Site loads under Tor (clearnet behind Tor) and under the published .onion, but both paths need JS enabled.