An attacker stole over $ 250,000 from users of the non-custodial exchange Bisq The stoppage of trading on the non-custodial exchange Bisq that night was associated with a successful attack on its users. Developers have previously reported a "critical security vulnerability".

An attacker stole over $ 250,000 from users of the non-custodial exchange Bisq

The stoppage of trading on the non-custodial exchange Bisq that night was linked to a successful attack on its users. Previously, developers reported a "critical security vulnerability".

“About 24 hours ago, we discovered that the attacker was able to exploit a vulnerability in the trading protocol to steal the assets of individual users,” an exchange spokesman told CoinDesk. "We are aware of approximately 3 BTC and 4,000 XMR stolen from seven different victims.".

The value of the stolen cryptocurrency is $ 22,000 in bitcoins and $ 230,000 in Monero. In this way, the aggregate damage from this attack exceeds $ 250,000, but Bisq notes that they provided only the information they currently have.

The attack was organized as follows. The attacker was able to replace the default address for refunding the user's funds in case of transaction cancellation with his own. Then, posing as a seller, he would start a deal with the buyer and wait for it to expire. As a result digital assets did not return to their owner, but were transferred to the hacker's address.

The vulnerability stems from a recent trade protocol update aimed at increasing decentralization and excluding third parties from trading.

By the time of publication, the vulnerability had been fixed, and trading on the platform had been restored. Unlike some other exchanges called "decentralized", Bisq allows users to trade anonymously without registration or verification. For all the advantages of this approach, it also helped the attacker remain anonymous..

“Anyone can use Bisq, no censorship. Also, anyone can use bitcoin, you cannot protect anyone from this, "- said the developer.

Similar articles

• Kraken: KeepKey Hardware Wallet Hacked in 15 Minutes Cybersecurity researchers have uncovered a vulnerability in the KeepKey hardware wallet that they say allows an attacker with physical access to a device to steal assets in just 15 minutes.

  Kraken: Hacking hardware crypto-KeepKey wallet completed in 15 minutes Explorers cybersecurity issues exposed hardware vulnerability...

• Chinese regulator: Exchanges deceive investors by presenting Bitcoin as a safe asset National Internet Finance Association of China (NIFA) warns investors about the risks of investing in digital assets.

  Chinese regulator: Exchanges deceive investors, making bitcoin safe asset National internet finance association China (NIFA)...

• “Bitcoin SV Does Not Meet Our Listing Criteria” - Kraken Adds Bitcoin Cash Fork Tokens Kraken last night confirmed that it will list Bitcoin ABC tokens, one of two chains formed after the Bitcoin Cash hard fork last week, under the ticker BCH. At the same time, the exchange launches trading in the second chain tokens - Bitcoin SV - and distributes its assets among the holders of the original Bitcoin Cash..

  "Bitcoin SV does not match our listing criteria"- Kraken credits fork tokens Bitcoin Cash Cryptocurrency Kraken exchange confirmed this night,...

• Bithumb Will Resume User Registrations Along With Reinstating Banking Contract One of South Korea's largest cryptocurrency exchanges, Bithumb, is said to be resuming service at Nonghyup Bank, allowing it to register new users again. CoinDesk writes about this with reference to the local news outlet Yonhap.

  Bithumb will resume user registration together from rebuilding banking contract One of largest cryptocurrency exchanges South Korean Bithumb,...

• The Poloniex cryptocurrency exchange phishing app has appeared on Google Play Despite its controversial reputation, Poloniex has been and remains one of the most popular cryptocurrency exchanges in the world. Naturally, such popularity attracts various scammers who, in one way or another, try to steal users' money. WeLiveSecurity writes about one of these cases.

  IN Google play a phishing app has appeared cryptocurrency exchanges Poloniex Despite controversial reputation, Poloniex was and remains alone of the most...