Cyber Incident Victim: Bisq
Date:
Apr 2020
Location:
United States of America
Summary
A peer-to-peer cryptocurrency exchange halted trading following a cyberattack exploiting a critical security flaw introduced in a recent software update, resulting in the theft of approximately $250,000 worth of Bitcoin and Monero from at least seven users. Attackers manipulated trade fallback addresses and time limits to divert funds, prompting the platform to issue a hotfix that resolved the vulnerability but caused subsequent operational disruptions including failed transactions and inaccessible funds for some users upgrading to the patched version. The organization advised affected individuals to review open trades and seek mediation for unresolved financial locks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around April 7, 2020, the decentralized cryptocurrency exchange Bisq suspended trading operations following the exploitation of a critical security vulnerability that resulted in the theft of approximately $250,000 worth of cryptocurrency from users. The incident stemmed from a recent software update intended to enhance network stability, which inadvertently introduced a flaw enabling attackers to manipulate trade parameters. Specifically, malicious actors exploited the vulnerability to alter fallback addresses—backup payment destinations used in trades—and circumvent time limits governing transaction completion windows. This manipulation allowed attackers to redirect funds to wallets under their control after deliberately prolonging trade durations. Bisq confirmed the theft of 3 Bitcoin (BTC) and 4,000 Monero (XMR) from at least seven users through this method. The platform immediately halted trading to prevent further exploitation, though its peer-to-peer architecture permitted users to manually override this emergency stop; Bisq strongly advised against doing so for security reasons.
Bisq developers rapidly deployed a hotfix, version 1.3.1, to address the vulnerability and resumed trading after implementing the patch. However, the emergency update triggered operational disruptions, with multiple users reporting failed trades and inaccessible funds following the upgrade. The exchange instructed affected users to review active transactions under the "open trades" section of their accounts and contact mediation channels to resolve issues involving locked funds. While the security flaw itself was resolved, the incident highlighted risks associated with the platform’s decentralized structure, particularly the tension between user autonomy and centralized emergency interventions. The theft and subsequent technical complications underscored the immediate financial impact on users and the challenges of maintaining both security and stability during rapid incident response in peer-to-peer trading systems.