All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GPUYard.com - Beware of post-payment KYC and stolen funds.
leascomenconf
Member
I paid $251 in BTC for a dedicated server. ONLY AFTER the payment was confirmed, they demanded a KYC (Passport/ID) check. When I declined due to privacy concerns, they refused to refund my money, claiming their TOS allows them to "freeze" funds indefinitely.
This is a direct violation of the UK Consumer Rights Act 2015. They are using "Anti-Money Laundering" as an excuse to keep customer money without providing any service. I have full evidence of the transaction and their emails stating their decision is "final."
Be careful: if you pay with crypto, they will take your money and you will get nothing. Stay away! UK Company No. 15152341.
They claim to be a UK company (15152341) but list a US address in Kentucky. This lack of transparency combined with fund seizure is a massive red flag.
To make matters worse, their official support email ([email protected]) is broken and bounces back errors, revealing that it is just a front for a third-party IT firm called Codewox (emails are forwarded to [email protected] and [email protected]). They take your money and then hide behind technical errors and "final decisions."
I have filed a formal report with Action Fraud UK and am initiating a claim via Money Claim Online against GPUYARD LTD (UK Co. 15152341). If you value your money and privacy, STAY AWAY. They are using AML excuses to commit flat-out theft.
Comments
Can you add screenshots ?
You are a bit mistaken here in my opinion.
I don't think UK consumer goods applies here because you are not declined the service but to show KYC under AML for receiving it. You can not change your mind and then ask for full refund.
Under AML regulations, in most countries, the institution is obligated to freeze the fund and ask for KYC along with source of fund.
So you are falling in to a complex scenario here. I hope you get your money back but now it will resolve in to which act will supercede the other which the court will decide if you go that route.
Man so sorry that it happened to you. I hope that you are doing everything in power to get your money back, from interpretation of this story, they sound bad and I wish you best for recovery
Personal lesson that I learnt from these stories: Always try out a small service first (say 10$) and see how operators behave and then use that a decision point for higher services. for example if they asked you kyc for smaller ticket purchases then you can factor that in and atleast have a smaller amount to worry about.
Hoping that you get a recovery. Also to all hosts, either take KYC beforehand or simply do something more honest if some wish to be in the market long term, otherwise doing these things for high amounts is simply trying to have people invoke lawyers and make situation messy
I think most reasonable providers are chill but I have heard some kyc after payment horror stories. Hope that you get a recovery asap tho @leascomenconf
It's in their TOS: https://www.gpuyard.com/terms-of-service/
[...]
Most merchants will not refund crypto transactions for any reason, because it's a good way to do money laundering and they would be implicated in it.
Personally, I don't like KYC requirements but your claim that they lack transparency isn't really substantiated. They do write it out pretty clearly in their ToS, and the fact that you didn't know about the industry standard of not refunding crypto transactions is more of a you problem then a them problem.
In fact, the provider must warn about the verification of documents in advance, if not warned, it is obliged to refund the money if the buyer does not agree. If he refuses, then this is a direct fact of theft or fraud. If you do not have access to the seller, you will have to forget about the money. Maybe he'll buy himself something to eat.
Hello LowEndTalk Community,
We are the management team at GPUYard . We welcome open discussions, but we believe the community deserves the full, factual, and technical context behind this user's claims.
As hosting providers, you all know the exact profile of a high-risk order. Let’s look at the anatomy of this specific transaction:
This user registered using a fully encrypted, anonymous email service (tutamail.com). They paid using untraceable Cryptocurrency (BTC / USDT). Most importantly, our logs show that this order was placed via IP: xx.xx.xx.99, which belongs to (REGXA LLC) a known Data Center IP heavily associated with Tor Exit Nodes and proxies.
Anonymous Email + Crypto Payment + Tor Node IP = 100% High-Risk. No legitimate customer buys powerful Dedicated/GPU servers while hiding their entire digital footprint behind a Tor network. Our automated security systems immediately flagged this and requested mandatory Identity Verification (KYC).
Before any checkout is processed, every user must explicitly check the box: "I have read and agree to the Terms of Service." Our TOS explicitly states that KYC is mandatory and that Crypto (BTC/USDT) payments are strictly non-refundable, especially if a user refuses verification. They legally agreed to this before sending any funds.
The user flat-out refused to verify their identity. Returning untraceable cryptocurrency to an anonymous, unverified actor hiding behind a Tor node is a direct violation of international Anti-Money Laundering (AML) protocols. We do not refund crypto to unverified users because we refuse to let our platform be used as a financial revolving door for dark web activities. The funds are placed on a strict compliance hold.
To demonstrate our absolute good faith and commitment to lawful business practices: If you genuinely require a refund, the solution is simple. Complete the mandatory Identity Verification (KYC) process to prove you are a legitimate individual. Once your identity is lawfully verified and we can confirm this is not a money-laundering attempt, we will gladly issue a 100% full refund of your payment.
Conclusion:
We prioritize the safety of our network and the wider internet over accommodating anonymous users who refuse standard verification. We have zero tolerance for cybercriminals who try to weaponize consumer protection laws or use public forums to blackmail us into bypassing security protocols.
We stand firmly by our policies. Thank you to the LET community for understanding the realities of abuse prevention.
Management Team
GPUYard
Was this generated by LLM?
You should block tuta and other encrypted email service domains from registering, same for Tor IPs if you don't want people signing up using them. This just seems like bait.
So you accepted the order and funds, then will not give back the funds when KYC was demanded after the transaction was complete? What happens to the crypto, is it just kept without providing service?
In this case it seems like there's two options
1 The crypto is returned to the origin/source wallet
2 The crypto is handed over to your government (since you're US-based (maybe you're using a shell company actually nevermind), that means liquidating the crypto and handing it over as unclaimed property presumably.)
Otherwise it just seems like theft.
Edit for above: Apparently I am not familiar with US AML. It's 100% legal for a US business to steal/hold your crypto if you don't provide KYC, and hand it off to the state government as unclaimed funds after a few years. How insane! Anyway - GPUYard does seem to not be US-based, but using a US shell company with a big name office supply store address.
Using tuta email and a Tor IP doesn't make them a criminal.
And this is coming from someone who used to block Tor IPs and VPN IPs, but now doesn't do any of that and has a big customer base with crypto.
Our Offer for a Full Refund:
To demonstrate our absolute good faith and commitment to lawful business practices: If you genuinely require a refund, the solution is simple. Complete the mandatory Identity Verification (KYC) process to prove you are a legitimate individual. Once your identity is lawfully verified and we can confirm this is not a money-laundering attempt, we will gladly issue a 100% full refund of your payment.
@MikeA
Fair points, but here’s our angle.We don’t block Tor or Tuta upfront because we respect privacy. Using those tools isn't a crime. But when an order combines a Tor Exit Node + TutaMail + Crypto, it immediately triggers our high-risk flag for KYC.
This isn't a trap. The user explicitly agreed to our TOS (which states KYC may be required and crypto is non-refundable) before making the payment.
As for the funds, returning untraceable crypto to an anonymous, unverified Tor user is a massive AML (Anti-Money Laundering) risk for us. We don't keep the money as profit; it just sits in a strict compliance hold.
The fix is simple: If they are a legitimate user, they just need to complete the KYC to prove it. Once verified, we’ll happily refund 100% of the money. The ball is entirely in their court.
After asking the AI overlords it does seem like holding/seizing crypto as a business in the US is totally legal for AML purposes but you need to file a SAR with the Financial Crimes Enforcement Network.
I'd recommend you guys put in place measures to prevent the orders in the first place. Block Tor IPs (extremely easy to find all exit IPs), block any encrypted email domains from being used - feel free to contact me if you want some advice on it.
Thanks @MikeA. We appreciate the advice. We are currently implementing stricter upfront filters for Tor nodes based on community feedback.
Do you understand that if customer signs up with these, they are not planning to reveal their own identity? This is why it looks like an attempt to steal funds.
Determined malicious actor is more likely to intentionally lower your suspicions by using residential proxy + free mail and paying by a let's say prepaid card (or even card in a name of straw man), and if really high profile - identity theft to pass KYC with an identity of other person is also a possibility.
I understand that because of this unpleasant situation you want to block registrations coming from Tor exit node IPs, but equally you could put a big warning box on your checkout page to reiterate that you require KYC and will not refund crypto payments unless verification is completed (as stated in your ToS). I'm pretty sure that that alone would drive away potentially abusive customers without restraining access to people who need to use Tor.
Yes, yes they do.
"We respect privacy, now give us your government documents and a selfie. Btw, our stance is that only illegitimate customers value their own privacy."
"To demonstrate our absolute good faith, we'll just make you do the thing you didn't want to do in the first place."
That's not entirely true. You are allowed to return it to the same wallet, but you can't return it to another cryptocurrency or different payment method. For example, you can't accept BTC and then refund it in a bank transfer, as that would be a money laundering risk. But giving the BTC back to exactly where it came from is legal and risk-free.
Please only block Tor exits! Some people mistakenly block all nodes, which is harmful. Only Tor exits can be used to relay traffic to your service. Use the official list from https://check.torproject.org/exit-addresses, not a third-party list.
You make a very fair point regarding traditional money laundering. Returning funds to the exact source wallet doesn't "clean" the money in the traditional fiat-to-crypto sense.
However, in the crypto space, there is a massive risk of Wallet Tainting and Hop-Washing. If we receive dirty BTC from a dark web wallet and refund it, the blockchain shows a new transaction originating from our legitimate business wallet. Malicious actors use this exact tactic to generate a "clean" paper trail. Furthermore, sending crypto directly to a high-risk wallet taints our own company’s receiving wallet in blockchain analysis tools like Chainalysis, putting our legitimate funds at risk of being frozen by major exchanges.
This isn't just theory for us; it’s a lesson we learned the hard way. A while ago, a user purchased a server from us and used it to launch a ransomware attack on a well-known company in Europe. When that country’s cybercrime investigation agency contacted us for his details, we realized this bad actor had been a customer for several months, paying via USDT. At one point, he had paid for a bandwidth upgrade that we couldn't immediately fulfill, so we refunded the USDT back to his wallet. The cyber investigation agency specifically questioned us as to why our business wallet sent funds back to a known cybercriminal's wallet. That incident is exactly why a strictly enforced KYC policy before any refund is now non-negotiable for us.
Beyond financial laundering, the threat model in the hosting industry is about Infrastructure Abuse. If a hosting provider offers "no-questions-asked" refunds to anonymous users hiding behind Tor nodes the moment they hit a KYC wall, that provider essentially becomes a zero-risk testing ground. Malicious actors (botnet operators, carders, spammers) will constantly test our automated provisioning systems. If they succeed, they get a server to abuse. If they get caught, they just get their crypto back and move to the next host, losing absolutely nothing.
Enforcing a strict "no refund without KYC" policy introduces a real financial penalty for bad actors attempting to exploit our network. It is the most effective deterrent against dark web operations.
And to reiterate, we aren't keeping this as profit. The funds sit in a compliance hold. The user has a very simple, legal path to get 100% of their money back to their source wallet today: Just complete the KYC. Legitimate customers don't mind proving they are real people to get their money back.
Thanks for keeping the discussion objective!
And then... what happened?
I do, I don't want to give all my personal info and ID/Passport to some random company
I was under the impression that an A->B->A transaction was typically considered to have originated from A by most modern blockchain analysis companies.
Hard disagree. There are countless legitimate reasons for legitimate customers to value their own privacy.
I think the problem is that you allowed seamless sign-up with Tor and accepted cryptocurrency without making it extremely obvious that you require post-purchase KYC. It's on OP for not reading your ToS carefully, but you should, at least, display a prominent message that KYC is required to users who are paying using methods typically associated with no-KYC hosts.
It's like trying to sell fetish gear in a church. Sure, the patrons should have read the ads carefully, but you can't fault them too much for walking in and being shocked that they see a guy in a gimp suit instead of a priest.
Regarding the investigation it’s still strictly ongoing. We handed over all connection logs, payment trails, and a complete snapshot of the server to the relevant cybercrime investigative unit.
I hope you don't mean a snapshot of a host node if the attacker only had a VM on it, right?
It is a cloud VM belonging to the client.
That is exactly why AMD SEV-SNP is such a good idea.
@forest,
First off, respect for the work you do with Tor relays and the Cryptography SE. You’re looking at this from a pure privacy advocate's lens, which is completely fair, but let me share the operational reality from the hosting provider's side.
The A->B->A Blockchain Analysis:
You are theoretically correct that deep chain analysis can recognize a refund. However, automated compliance algorithms at major exchanges (where we eventually liquidate to pay data center bills) often shoot first and ask questions later. Any direct hop to a sanctioned or known dark net wallet triggers automated flags, frozen exchange accounts, and compliance headaches. Furthermore, as I mentioned with our LEA (Law Enforcement) incident, authorities still ask us why we interacted with those wallets. We prefer zero interaction.
Privacy vs. Accountability:
I agree there are legitimate reasons for privacy. But renting heavy compute (Dedicated/GPU bare metal) is not like buying a VPN. It’s like renting a physical truck. Accountability is mandatory to protect the rest of the internet from DDoS, spam, and C2 nodes. If a user wants zero-accountability hosting, they are looking for a "Bulletproof Host" which we are not.
The Checkout UX (Your best point):
I’ll concede this you make a very valid point about the user experience. We obviously can't fit our entire ToS on the checkout page, but the UX for this specific edge case can be improved. Based on your feedback, we are implementing a dynamic trigger on our checkout page: If the system detects a Tor/Proxy IP combined with Crypto, a prominent bold warning will appear stating "Manual KYC / ID Verification will be strictly required for this order" before the checkout button becomes active. We aren't trying to set traps; we just want to keep the bad actors out. Taking your feedback to make that filter more obvious upfront is a win-win. Appreciate the constructive criticism!
Hey @leascomenconf (OP),
Dedicated Server for you completely FREE for the first month.
Let’s bring this thread to a close. We are going to put our money where our mouth is.
If you are a legitimate customer, simply complete the KYC verification process. Once your identity is lawfully verified, we will issue a 100% full refund of your crypto within 24 hours.
Furthermore, just to prove this has absolutely nothing to do with taking your money, if you pass KYC, we will even provision that exact Dedicated Server for you completely FREE for the first month.
However, if you continue to refuse to verify who you are, the funds will remain permanently frozen on compliance hold due to strict AML (Anti-Money Laundering) protocols. We will not, under any circumstances, return untraceable crypto to an anonymous Tor user.
The choice is entirely yours. You can walk away with your full refund and a free server, or you can stay anonymous and leave the funds frozen.
However, if you continue to refuse to verify who you are, the funds will remain permanently frozen on compliance hold due to strict AML protocols.
This is our final word and final decision on the matter. To summarize:
NO KYC = No Refund + No Server.
KYC VERIFIED = Full Refund + 1 Month Free Server.
The choice is entirely yours.
Fair enough.
It is nothing like renting a physical truck. It's not easy to physically damage a modern GPU. The worst they can do is the exact same they could do if it had no GPU: Use the network illegitimately.
This is a non-sequitur. Nothing about "heavy compute" makes it more attractive for DDoS, spam, or C2 hosting. And KYC is for legal compliance, not accountability. This is just typical LLM logic and I have no interest in discussing things with a bot.
You should do KYC before accepting the order, otherwise it's quite hard to distinguish from a trap.
Nah, unless some very specific separation is done usually it ends up in some shared hot or cold wallet that means A won't get exclusively A's coins back 1:1, but any previous unspent in/outputs. I would be very surprised if they were running their own btcpayserver, that is more exception than rule
This! @GpuYard
and This.
The way you are handling this situation by holding the funds is not good in my personal opinion and you are continuing to use bots @GpuYard
Please dont use bots to respond to us. We are humans taking to ya and if you want to communicate, have a human too.