Bisq Bitcoin exchange slams on the brakes after exploit of critical security flaw, crypto theft

Over $250,000 in cryptocurrency has been stolen from users.
Written by Charlie Osborne, Contributing Writer

Cryptocurrency exchange Bisq halted trading following a cyberattack leading to the theft of $250,000 worth of virtual currency from users. 

The decentralized exchange said on Wednesday that trading would be temporarily halted while a hotfix was implemented to resolve a "critical security vulnerability." 

As a peer-to-peer network, Bisq users could override this alert and thee functionality which stopped trading, but the organization "highly discouraged" users from doing so "for your own security."

See also: Altsbit plans exit after hack leaves cryptocurrency exchange out of pocket

The problem occurred due to a recent update to the network which was designed to improve stability, but also inadvertently introduced a security flaw that allowed cybercriminals to manipulate fallback addresses and outwait time limits on trades, thereby ensuring funds were sent to a wallet they controlled, as reported by CoinDesk

In a statement to the publication, Bisq said that 3 Bitcoin (BTC) and 4,000 in Monero (XMR) were stolen through this method from at least seven victims, roughly equating to $250,000.  

CNET: Location data used for tracking COVID-19 has its limits, ACLU warns

The vulnerability has now been fixed and trading has now resumed. The implementation of the rapid hotfix may have resolved the security issue, however, it has also caused turmoil for traders as a result. 

Many users have since reported failed trades and disappearing funds after upgrading to the latest version, 1.3.1, which contains the hotfix.  

Bisq recommends that users check trade information under the 'open trades' category in user accounts, and if necessary, problems with locked-in funds can be reported to mediation. 

TechRepublic: How to enable the new Eyes Open feature for Google Pixel 4

In February, the non-profit IOTA Foundation, the developers of IOTA cryptocurrency, was forced to temporarily close down its entire network following the "Trinity" cyberattack in which an unknown party exploited a vulnerability in the IOTA wallet app. Within 25 minutes of reports that funds were being stolen from user wallets, the organization froze the entire system. 

A developer update posted in March said that despite the attack, the team is moving on with its plans for the Chrysalis project, a scheme designed to create an enterprise-ready blockchain solution. 

Innovative projects now online to combat coronavirus outbreak

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards