Hackers stole $ 250,000 from the decentralized exchange Bisq thanks to the new update flaw

On Tuesday, decentralized exchange Bisq announced that it had been hacked by a hacker by exploiting the vulnerability of the update. About 250,000 dollars of BTC and XMR have disappeared. Shortly thereafter the exchange came up notification with a newer version with the promise of full refund of the stolen money to the victims.

For the first time Bisq warned users about this issue in a tweet. They then abruptly halted all transactions on the platform. In one declare On Wednesday's website, Bisq explained that a hacker had exploited a loophole in the transaction protocol, targeting individual transactions to steal money.

“We know about 3 BTC and 4,000 XMR were stolen from 7 different victims. Only one affected pair is XMR / BTC and all affected transactions have occurred in the last 12 days. ”

Bisq, a peer-to-peer exchange, launched four years ago, allowing users to buy and sell cryptocurrencies directly with each other in exchange for currency through a desktop-based application. The platform does not need KYC, so users can keep it private.

In addition, as a decentralized exchange, Bisq does not store money in a server or they are stored by hot wallets connected directly to the internet, so unlike in centralized exchanges, There is no "security mechanism or counteracting attempts to use information systems".

The hack happened like

An attacker masquerading as a user on a platform that is selling BTC to take advantage of a flaw in the system.

Usually, Bisq requires the seller to lock down the amount of BTC sold in a multiple deposit along with a secure deposit. If there is a dispute in the transaction and a mediator is unable to provide a solution, funds are temporarily sent to a backup address, called a "donation address".

But during the event, hackers were able to place donations to their own. This allows them to usurp their own city.

"Instead of going to the rightful owner, digital assets came to the attacker, along with buyers' security payments and deposits."

The software flaw that led to the hack was in an update released at the end of October. This new version aims to improve decentralization by removing third parties from the multisig margin used for Bitcoin transaction funds, but this solution backfired, allowing hackers to break into the system.

“Security has always been Bisq's top priority, but this incident shows it's not perfect. The project is studying several approaches to enhance security assessment and practices, and will detail them soon. ”

Mr. Teacher

According to Decrypt

Follow the Twitter page | Subscribe to Telegram channel | Follow the Facebook page

Crypto loans are only 5.9% of the annual interest rate - you can use the money effectively without selling coins. Earn up to 8% interest per year with stablecoin, USD, EUR & GBP with insurance up to 100 million. Come on, get started now! →