The decentralized exchange (DEX) Bisq rang stopped trading activities late Tuesday night after it uncovered a critical security vulnerability that was exploited by a hacker to steal more than $250,000 worth of
“Bisq developers are currently investigating a critical security vulnerability, and the alert key has been used to temporarily disable trading.” reported the decentralized exchange. “A hotfix release will be published within a few hours.”
“About 24 hours ago, we discovered that an attacker was able to exploit a flaw in the
The issue was caused by a recent update to the network that introduced a security flaw that allowed attackers to manipulate fallback addresses.
A default fallback address is the address of the walled used as a destination in the transaction in the case of trade fails.
The hacker set other users’ default fallback address, posing as a seller they would start a trade with a buyer and wait for the time limit to run out. In this scenario, the funds are transferred to the attacker address along with the buyer’s payment and security deposit too.
“In most cases of an exchange hack, the attacker can be booted off the trading platform for good. Not so with Bisq. One of the DEX’s associated developers told CoinDesk that although the flaw was fixed, there was nothing to prevent the attacker – whose identity cannot be known – from accessing and trading on the platform again.” concludes CoinDesk.
“Anyone can use Bisq, there is no censorship,” the developer said. “Just like anyone can use bitcoin, there is no way to ban someone from bitcoin.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.