1 min read

Bad actor steals $250,000 from Bisq users after faulty security patch

Alina BÎZGĂ

April 09, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bad actor steals $250,000 from Bisq users after faulty security patch

Bisq, a decentralized crypto exchange network, was forced to disable trading on Tuesday after the discovery of a critical security vulnerability.

The open source peer-to-peer application allows Bitcoin aficionados to buy or sell digital currency anonymously in exchange for national currencies or different cryptocurrencies.

Developers rushed to sound the alarm after an attacker managed to steal over $250,000 from seven Bisq users. How was it possible? It seems that, along with a recent update meant to improve decentralization and remove trusted third parties from the platform, the developers also introduced a vulnerability that allowed the cyber thief to manipulate the way Bisq trades are carried out. He then directed the funds into his digital wallet.

“In plain words, this exploit was the result of a flaw in the way Bisq trades are carried out, not in the way funds are stored (i.e., there is no honeypot since Bisq is P2P),” said the developers.

“About 24 hours ago, we discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital. We are aware of approximately 3 BTC and 4000 XMR stolen from 7 different victims. This is the situation as we know it so far. The only market affected was the XMR/BTC market, and all affected trades occured over the past 12 days,” said Bisq representatives in a statement posted on 8 April.

Bisq also confirmed that, on discovering this incident, all trades were disabled and they were able to deliver a hot fix which is now available Bisq v1.3.0.

As for the reimbursement of victims, the platform aims “to repay the 7 victims from future trading revenues,” following a soon-to-be created proposal.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read