Is Bisq safe and open-source?
Yes, Bisq's software is open-source and licensed under Version 3 of the GNU Affero General Public License. Here's the
source code and
Bisq employs three primary mechanisms to achieve security:
- All bitcoins traded with Bisq are secured in a 2-of-2
- Both traders are required to pay security deposits. These are refunded after trades are completed.
- Trade disputes are handled through a 3-tier mechanism that includes trader chat, mediation, and arbitration.
When trading fiat currency for bitcoin, there is always some chargeback risk, as fiat transactions can technically be reversed.
To mitigate this risk, Bisq:
- only supports payment methods which are known to make chargebacks difficult—this is why Bisq does not support PayPal and credit cards, for example. See more on chargeback risks.
- employs an account signing mechanism that forces a 0.01 BTC buy limit until a buyer's integrity is verified.
There are already other decentralized exchanges. How is Bisq different?
Currently no other project fits our definition of a decentralized bitcoin-to-fiat exchange. OpenBazaar is one project that comes close to mirroring Bisq's principles, but it's a general-purpose marketplace, not a specialized currency exchange.
Most exchanges claiming to be decentralized either do not support fiat exchange, or operate with a client-server architecture and do not fit our definition. And of course there are a lot of ICO projects with whitepapers but they have not proven yet that they can deliver any working software.
To be properly decentralized, one must avoid single points of failure:
- Bisq does not hold any bitcoins. All are held in multisignature addresses rather than a Bisq-controlled wallet.
- Bisq does not hold any national currency. National currency is transferred directly from one trader to the other.
- Bisq uses a peer-to-peer network over Tor. This means there are no servers to be hacked or DDoS'd.
- Bisq does not know traders. No data is stored on who trades with whom.
- Bisq does not require registration. This means privacy is maintained, there are no “approval” wait times, and identity theft is impossible.
- Bisq is not a company. It is an open-source project organized as a Decentralized Autonomous Organization (DAO).
Which payment methods are supported?
- Advanced Cash
- Cash Deposit
- Chase QuickPay
- Face to face (in-person)
- Faster Payments
- Interac e-Transfer
- Japan Zengin Furikomi
- MoneyBeam (N26)
- National bank transfer
- Perfect Money
- SEPA Instant
- Transfer with same bank
- Transfer with specific banks
- US Postal Money Order
- WeChat Pay
- Western Union
- Zelle (ClearXchange)
Please see our payment methods doc for more details. Different payment methods have different trading limits and trading periods.
What are the trade limits?
To discourage fraud in fiat transactions, Bisq imposes limits on trade amounts. These limits are derived from the payment method's chargeback risk, its signing status, and its age (i.e., the time since you created the payment account in Bisq).
There are no limits on the number of trades you can do—just the amount per trade.
For most bank-based payment methods like SEPA or Zelle, the maximum trade size is 0.25 BTC. For services like PerfectMoney and AliPay, it is 1 BTC.
Lower-risk payment methods start to age as soon as they're created in Bisq. When you create such a payment account in Bisq, its trade limit will be 25% of the full trade limit. After 30 days, it will increase to 50% of the full trade limit, and after 60 days it will increase to 100% of the full trade limit.
Higher-risk payment accounts must be signed by a trusted peer in order to start aging. Until this signing, they are limited to buying 0.01 BTC. The account signing doc has more details.
Note that selling limits for higher-risk payment methods are not affected by signing and follow regular account aging as described for lower-risk payment methods above.
Altcoin trades up to 2 BTC are allowed from day one—altcoins do not have chargeback risk, so account aging is not needed.
Why does Bisq require a security deposit?
Security deposits create incentives for both buyer and seller to follow the rules of Bisq's trading protocol. They are locked into multisig escrow along with the bitcoin being traded, and are returned to each user when the trade completes successfully.
If a trade is disputed through a mediator or arbitrator, some or all of that party's security deposit may be awarded to the counterparty. Examples of protocol violations include a buyer failing to pay a seller, or a seller failing to acknowledge receipt of a buyer's payment.
Most Bisq trades complete without any problem thanks in part to the incentives that security deposits create.
See this document for full trading rules.
How does Bisq protect my privacy?
Bisq is standalone, open-source software that you can inspect before running on your machine, and as a result, you don't have to trust that any server is logging your personal details (as you would in the case of a website).
As for the trading process, your payment information is stored locally on your machine, and only your trading partner (and your mediator or arbitrator, in case of a dispute) can ever see it. All data exchanged between users is encrypted and signed.
To transmit data from one user to another, Bisq uses a P2P network built on top of Tor, which provides a high degree of anonymity. The user doesn't need to do any additional work for all of this to work—it is all integrated in the application.
How long does a trade take?
Trade duration is determined by the transfer times of the currencies you're using. National currency transfers can be instant (Faster Payment) or can take a few days (SEPA).
Bitcoin transactions take about 10 minutes to confirm, and at least one confirmation is required before the buyer can send the fiat or altcoins.
Altcoin trade periods are always 1 day (or 1 hour for Altcoins Instant trades).
Please see the list of payment methods for complete details.
How much does it cost to trade on Bisq?
To trade on Bisq, users pay (1) trading fees to Bisq and (2) mining fees to miners.
Trading fees are payable in BTC or BSQ. BSQ is colored bitcoin that Bisq uses to fund and govern itself. It's optional to use, but there are significant benefits.
BTC trading fees, per 1 BTC traded:
| ||BTC fees ||Fee as % of 1 BTC trade size |
|Maker fee ||0.002 BTC ||0.20% |
|Taker fee ||0.006 BTC ||0.60% |
BSQ trading fees, per 1 BTC traded:
| ||BSQ fees ||Fee as % of 1 BTC trade size |
|Maker fee ||10 BSQ ||0.10% |
|Taker fee ||30 BSQ ||0.30% |
BSQ fee percentages above assume a 0.0001 BSQ/BTC rate.
Nominal BTC and BSQ fees are adjusted periodically by DAO voting to accommodate for market fluctuations.
The minimum trading fees are set at 0.00005 BTC and 0.03 BSQ to avoid dust limits.
An offer maker only pays mining fees for the trade fee transaction. An offer taker pays mining fees for the trade fee transaction, deposit transaction, and payout transaction. This is because mining fees fluctuate and it's impossible for the offer
maker to know what mining fees will be at the time their offer is taken.
Bisq uses this service to estimate fees. Users can see actual mining fees after they've created or taken an offer.
Why do I need to keep my application online when I have an open offer?
If you have published an offer, your Bisq application needs to stay online so it can react when another trader wants to take your offer (the multisig deposit transaction is created in the take-offer process). Be sure you have deactivated your computer's standby mode so your Bisq application can stay online (monitor standby is not a problem).
If your Bisq application does go offline, your offer will get removed from the distributed offerbook. It will be re-published the next time you start your Bisq application.
After an offer has been taken and the trade process has started, neither trader needs to be online continuously, but each trader will need to be online periodically to check if any action is needed on their side (e.g. sending fiat/altcoin, confirming payment receipt, etc).
How can I edit my offer?
Version 0.7.0 introduced offer editing in the Portfolio > My open offers section without paying additional fees.
Will my bank know I'm buying bitcoins?
There have been reports that some banks have closed client accounts when they sense Bitcoin activity.
The reference text (sometimes called "reason for payment" or similar) of the bank transfer used to trade with Bisq must always only include the Bisq trade ID, which is a random sequence of characters, just like many other purchase IDs. Putting anything else as a "reason for payment" is considered a violation of the trade protocol and will result in a dispute.
To avoid problems, we recommend setting up a dedicated bank account for buying and selling bitcoins. If the bank were to block this account, it would cause fewer problems for you than if the bank were to block your primary account.
Never mention anything else other than the Bisq trade ID in the subject field.
How does dispute resolution work?
Bisq provides a 3-layer mechanism for resolving disputes: trader chat, mediation, and arbitration.
Trader chat enables traders to resolve small issues themselves privately over end-to-end encrypted chat right in Bisq. If this doesn't work, traders can engage a mediator to examine the situation and suggest a payout. In rare circumstances that mediation fails, a trader can choose to engage an arbitrator to re-examine the situation and make a payout.
Please note that the scope of the arbitrator role changed significantly with the launch of the new trade protocol on v1.2.
See documentation for more details on how this process works.
How is collusion between mediators, arbitrators, and traders prevented?
With the launch of the new trading procotol in v1.2, arbitrators no longer have a key in the multisig escrow. This means that traders retain absolute control of their funds, and there is no possibility of collusion.
Mediators and arbitrators are still bonded roles, however, because even though they cannot sign a payout transaction to resolve a dispute, they can advise how to resolve a dispute, and it's important that they are responsible and fair when doing so.
What happens if the person buying bitcoin does a chargeback after the bitcoin has been released from the multisig address?
Bisq only supports payment methods for which chargebacks are not easy (e.g., this is why PayPal and credit cards are not supported). But there is still a little chargeback risk with banks. If a bank executes a chargeback after the BTC has been released, there is nothing a mediator or arbitrator can do.
Bisq's goal is to make this scenario as unattractive as possible, using three primary mechanisms:
- Account aging requires newly-created fiat payment accounts on Bisq to have lower trade limits, and those limits are increased over time.
- Account signing requires higher-risk payment methods to be signed upon verifying the integrity of a trader before account aging kicks in. Until such accounts are signed, buy limits are set to 0.01 BTC.
- National currency payment methods which are found to be used for chargebacks are quickly removed.
Wouldn't a pure reputation system among traders make mediators and arbitrators unnecessary?
Pure reputation without additional dispute resolution measures is a weak protection system, as you can never avoid sybil or long con attacks.
Such mechanisms are also problematic for protecting privacy and for keeping the service decentralized.
Can I become a mediator or arbitrator?
Mediators and arbitrators are bonded roles in the Bisq DAO.
Anyone can propose to become either, but approval will depend on the network's needs at the time a proposal is made.
Yes, as of v1.1.6, Bisq includes a built-in chat feature for direct, private, and secure resolution of small issues without involving a mediator or arbitrator.
What is the Bisq DAO?
The Bisq DAO (decentralized autonomous organization) is a decentralized governance mechanism for the Bisq software. It takes the place of a company. How good can decentralized software possibly be if it's still controlled by a single entity, like a company?
Decentralized software is no good without decentralized governance.
That's why Bisq is not a company or legal entity of any kind—instead, it's organized as a DAO. The DAO handles the software's funding and strategy-making to enable the Bisq network to thrive, and at the same time, harden it against attacks on the infrastructure that powers its leadership and operation.
In a nutshell, the Bisq DAO enables Bisq to become even more censorship-resistant, a core principle of the project from the very beginning.
Read more about the Bisq DAO in this introductory doc.
How does the Bisq DAO work?
The primary purposes of the Bisq DAO are financing the project and determining strategy.
- Trading fees are distributed directly from traders to contributors with a token (colored bitcoin) called BSQ.
- Strategy is determined collectively through voting done in the Bisq software and recorded on the Bitcoin network.
Learn more about how this actually works in this series of short 3-5 minute videos.
What do I need to know about the DAO, as a trader?
Since the Bisq DAO is a governance mechanism, it doesn't affect the day-to-day usage of the software very much.
One thing you should be aware of is what the BSQ token actually does. Practically speaking, you'll pay lower trading fees by using BSQ instead of BTC.
But why have the BSQ token at all? Because it enables Bisq contributors to be paid for their work without any central wallets or points of control. When you buy BSQ, you're directly paying a Bisq contributor for their work, and in the process, helping to sustain the whole project. The dynamic this token enables is not possible with plain bitcoin.
When you use BSQ to pay trading fees, it's destroyed and 'burned' out of existence.
See more about how this process works in this doc or in this video series.
Can I use Bisq without BSQ and without this DAO?
You could. All you'd have to do is pay your trading fees with BTC instead of BSQ. But we hope you don't, because doing so would render the project unsustainable.
Before the Bisq DAO, trading fees went to just a couple of wallets owned by specific Bisq contributors (arbitrators). All other contributors were not paid. Bisq needs its contributors to be paid in regular, predictable ways to ensure continual (and reliable) development, service, and growth; the Bisq DAO enables this to happen by distributing trading fees to all contributors in a totally decentralized way.
The Bisq DAO and BSQ token enable a funding and governance mechanism that is not possible with plain bitcoin. We highly recommend you check our documentation and video series to learn more.
Is Bisq doing a token because it needs money? What's the issuance schedule for the token?
Bisq already earns revenue from trading fees. It's not launching this DAO and BSQ token for earning revenue—it's doing it to distribute the revenue it already earns to more people without any central points of control.
BSQ tokens are issued every time a contributor's compensation request is approved through voting, and the tokens are destroyed every time a trader uses BSQ to pay trading fees.
BSQ issuance is not a 1-time event, and its purpose is not to raise capital. You can see a walk-through of the BSQ issuance process in this video series.
If I don’t have any bitcoin, how can I obtain some to pay the security deposit and mining fees for my first trade?
Bitcoin security deposits are necessary to protect Bisq traders from fraud and abuse.
Security deposits are set to be a percentage of the trade amount—2% by default—but they can be adjusted by the offer maker.
We realize this requirement may be a barrier for bitcoin beginners, but there are plenty of ways to get your first bitcoin: friends and family, Bitcoin meetups, Bitcoin ATMs, vouchers, work for it, etc.
Does Bisq support ‘XYZ’ payments?
Bisq already supports a wide range of payment methods for national currencies, but new ones may be added as long as:
- chargebacks are unlikely
- mediators and arbitrators can view evidence of the transaction
National bank transfers are supported in every country.
You can suggest a new payment method on the forum, Slack, or GitHub.
What happens in case of software bugs?
If the Bisq application recognizes that you're having a software problem, it will display a “support ticket” button. Your arbitrator will forward your bug report to the developers, who will begin an investigation of the problem. You may be asked
for the log file to assist in the process.
If the button does not appear, you can open a support ticket by hitting Cmd+o (or Ctrl+o, depending on your system) when the trade is selected in the Portfolio > Open Trades list.
What is a Bitcoin ‘multisignature address’?
“Multisig”, as it's called, is built into Bitcoin as a simple version of a smart contract. A multisig address is generated with multiple public keys and a specification of how many of those keys must sign to release the funds.
Bisq uses 2-of-3 multisig addresses. This means three public keys are used to create the payment address (the buyer's, the seller's, and an arbitrator's), and the transaction must be signed by two of the three parties for the funds to be released.
Typically, the buyer and seller each sign the transaction to release funds. But in case of a dispute, an arbitrator will side with one of the parties to provide the second signature to release funds.
I have a question that isn’t covered here…?
Please post your question at the Bisq forum or Slack channel.