Late in the evening of April 7, DEX Bisq suddenly shut down trading after it discovered a “critical security vulnerability.”
Bisq sounded the alarm, determining that the hacker took advantage of the vulnerability of the exchange software and stole cryptos worth more than $250,000 from users.
However, only 18 hours after the shutdown, the exchange reported that “unprecedented steps” had been taken because some attacker exploits the vulnerability of the exchange software and steals user funds.
“24 hours ago, we found out that an attacker was able to exploit the vulnerability of the Bisq trading protocol. We know about the theft of about 3 bitcoins and 4000 XMR, which were stolen from 7 users. So far, this is something we can say,” the company said.
Trending: Smart Contracts Audits Startup Hexens Closed $4.2 M Seed Funding
The stolen amounts are approximately $22,000 in bitcoins (BTC) and $ 230,000 in Monero (XMR). In total, worth more than $ 250,000.
The attacker spoofed the backup addresses of other users, which should be used in case of incomplete transactions. This vulnerability arose after a recent update of the trading protocol of the exchange when an attempt was made to strengthen decentralization and remove trusted third parties from the platform.
By 07:00 am CT on April 8, Bisq was able to correct the error and resume trading.
Trending: Finder: Bitcoin could hit $80,000 by 2025
On Bisq, users can trade anonymously, as there are no KYC/AML requirements. In the DLT platform, each user can be considered as a node. Although the Bisq developers have suspended trading, in this case, the decentralized nature of the exchange also means that users can cancel this action if they want.
In most cases, an attacker can also be "removed" from the platform forever. However, as one of the developers stated, nothing prevents the attacker from re-accessing Bisq, since users here do not pass an identity check.