On the evening of Tuesday 7th, over $250,000 worth of cryptocurrency was stolen via the decentralized exchange Bisq. Bisq claims that hackers were able to steal the large sum of money due to a significant flaw in their software.
Bisq was forced to close all trading services after they identified a malicious hack had taken place. Roughly $22,000 worth of Bitcoin and $230,000 of Monero were believed to be stolen.
Bisq eventually released the statement:
“About 24 hours ago, we discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital.
We are aware of approximately 3 BTC and 4,000 XMR stolen from 7 different victims. This is the situation as we know it so far.”
The malicious individuals identified a flaw in Bisq’s recent software update and set other users’ fallback address (where crypto is sent when a trade fails) to their own address.
They would then pretend to be a seller but time-out the transaction so the crypto would be sent to their address by default.
The software update had originally been intended to improve decentralization and remove the need for third parties from the Bisq platform, but sadly missed the mark.
Number Of Process Flaws Exposed
Bisq claims their decision to halt trading was ‘unprecedented’ after identifying a hacker was exploiting their software. Thankfully Bisq trading resumed midday Wednesday, with Bisq assuring its users the software flaw had been fixed.
Surprisingly, as Bisq allows users to access the app anonymously, there is no way for the app to prevent the malicious individual from accessing the app again.
One of the developers for Bisq spoke out and said, “anyone can use Bisq, there is no censorship…just like anyone can use bitcoin, there is no way to ban someone from bitcoin.”
The decision to pause trading was not a decision they took likely, and will hopefully encourage all companies within the cryptocurrency industry to ensure their software is solid before releasing it to the public.