Bisq critically vulnerable
"24 hours ago, we discovered that an attacker was able to exploit a breach of the Bisq business protocol, targeting individual transactions. The only market affected was the XMR/BTC market. Bisq's exchange platform noted.
The Exchange platform Bisq has made it known to these users that they will stop its online trading services for some time. The reason for this decision is the discovery of a major security flaw on its decentralized DEX system. The cryptocurrency exchange platform reported that the security breach had allowed hackers to steal cryptocurrency including 4000 Monero (XMR) and 3 bitcoins (BTC).
This article will also interest you: 60% of cryptographic currency thefts worldwide are the work of two groups of hacker hackers
To avoid this kind of inconvenience not repeated and on a large scale in the future, it decided to take concrete measures, time to produce security fixes, to avoid any form of disastrous consequences.
It was at the beginning of the week that Bisq decided to inform users. DEX, its vulnerability-affected platform, is still active for the user community, unfortunately. The problem with DEX is that Bisq cannot compel its users to comply with its instructions and the required measures. Because it's a peer-to-peer platform. For this reason, everything will unfortunately depend on the users and their sense of responsibility: "To avoid confusion: yes, Bisq is a distributed peer-to-peer network. So you can replace the latest alert key feature that blocks exchanges. But we strongly advise edgy of doing so for your own safety. The platform explained on its Twitter account.
Regarding the security of funds, there is no fear to have because, as knows for the types of platform such as DEX, each user has his own funds safe on him, in his possession. For this reason, the decentralized exchange platform reassures: "Until the release of v1.3.0, existing transactions cannot be completed. Please hold firm. Of course, because of Bisq's security model, your funds are not in danger. ». Clearly, the only chance for users' funds to be put at risk is for users to knowingly decide to bypass the platform's warnings and continue trading despite the warning.
There is an argument against Bisq regarding this problem. It should be noted that the same security breach had already been reported since last fall, and that even at times, services had been stopped for the same issue. In addition, hackers were able to exploit the security breach by using the backup digital address to retrieve cryptographic currency keys in the event of a transaction failure. By changing the address, they initiated transactions while causing them to fail. What if the tokens went back into their wallets?
Now access an unlimited number of passwords: