Critical Vulnerability In Bisq Crypto Exchange Exploited For Some Users

  •  
  •  
  •  
  • 1
  •  
  •  
  •  
    1
    Share

Decentralized crypto exchange Bisq has recently disclosed a vulnerability for which it had to stop trading. It now turns out that some of the customers of the exchange have also suffered financial loss.

Bisq Crypto Exchange Vulnerability

Reportedly, the decentralized crypto exchange Bisq has suffered a security issue. Following the incident, the exchange had to stop trading, urging users to stop all processing.

The exchange first asked all users to stop trading, whilst explaining that they “can” override this blocking.

They later elaborated that the vulnerability also affected all existing trades. Though they assured that the users’ funds remained safe.

However, revealing the details in a recent statement, they elaborated that they found some hackers exploiting the vulnerability. As a result, they could steal currency from a few victims.

We are aware of approximately 3 BTC and 4000 XMR stolen from 7 different victims.

The flaw basically existed in the Bisq trade protocol that allowed hackers to steal currency. As mentioned in their statement,

In plain words, this exploit was the result of a flaw in the way Bisq trades are carried out, not in the way funds are stored (i.e., there is no honeypot since Bisq is P2P).

Bisq Patched The Flaw

After identifying the flaw, Bisq developers quickly worked to stop all trading first to contain the attack. Then, they worked out on a fix to proceed with the usual routine. Consequently, they patched the bug with the release of Bisq v1.3.0.

As soon as this attack was discovered, Bisq developers used the alert key to disable all trading on Bisq. The flaw in the trade protocol has been corrected in Bisq v1.3.0, now released.

For the victims who suffered financial losses, the exchange has pledged to compensate in the future.

A proposal will soon be created in the Bisq DAO, Bisq’s funding mechanism, that will aim to repay the 7 victims from future trading revenues.

Bisq has apologized to all customers for the security incident. They are also working on a subsequent version (v1.3.1) for all those facing problems with v1.3.0.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!