Hackers managed to steal more than $250,000 worth of cryptocurrency from the Bisq exchange last week. They were able to do so through an exploit in the decentralized exchange’s code. Bisq halted trading when the news got out and will not be open again until a hotfix has been issued. Around $22,000 worth of Bitcoin (BTC) and $230,000 worth of Monero (XMR) was stolen.
How did Bisq get hacked?
Bisq is a decentralized exchange that operates very similarly to other DEXs. However, Bisq allows its users to trade anonymously. This means that basic KYC such as registration and ID verification is not required to make an exchange. A recent update to its trading protocol allowed for improvements to its decentralized nature by removing trusted third parties.
The hackers managed to find an exploit in the platform to reset users’ fallback addresses to their own. A fallback address is a place where the users’ crypto will be sent when and if a trade is unsuccessful. By posing as a seller, the thief would start a trade with a buyer and wait for the time limit to run out. When the time finally runs out, the victim’s crypto will be sent back to its fallback address, which has been changed to the hacker’s.
The good news is that trading has resumed since the attack. The bad news is that due to Bisq’s decentralized nature, any future trading suspensioned can be easily overridden. There is also no way to effectively ban bad actors from the platform either.
How to keep your cryptocurrency safe
Keeping your cryptocurrency safe is something that should be a top priority for everyone. We’ve said it before and we’ll say it again. Keep your digital assets in cold storage, people! Leaving your Bitcoin on an online exchange exposes your hard-earned money to all sorts of thieves, security exploits and hackers.
Everyone should also keep up to date with all the latest crypto scams as well. Having your crypto in cold storage is good and well, but these bad actors are coming up with all sorts of creative ways to get your money. In the case of Bisq, not only was there a security exploit, but also a simple scam. We’ll do our best to keep you up to date on the latest scams as long as you get your hands on a hardware wallet! Stay safe out there, friends.