- Amount Lost: $250,000.00
- Funds Returned: $0.00
- Category: Exchange (DEX)
- Date: 2020-4-8
The project team discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital. approximately 3 BTC and 4,000 XMR were stolen from 7 different victims.
The value of the crypto stolen was roughly $22,000 worth of bitcoin (BTC) and $230,000 worth of monero (XMR). In total, that comes to more than $250,000.
To carry out the thefts, the attacker was able to set other users' default fallback address – the destination to which crypto is sent to if a trade fails – to their own. Posing as a seller, they would start a trade with a buyer and simply wait for the time limit to run out. Rather than going to the legitimate owner, the digital assets arrived with the attacker, along with the buyer's payment and security deposit too.
Proof Links: