About 24 hours ago, we discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital. We are aware of approximately 3 BTC and 4000 XMR stolen from 7 different victims. This is the situation as we know it so far. The only market affected was the XMR/BTC market, and all affected trades occurred over the past 12 days.
Bisq v1.2, released in late October 2019, updated its trade protocol. It improved decentralization by removing arbitrators with a 3rd key in the multisig escrow used for bitcoin trading funds. These arbitrators were replaced with 2 new roles: mediators and arbitrators with no keys in the multisig escrow. With no more trusted third parties, the new trade protocol also required that trade parties move bitcoin trade funds to a Bisq “donation address” after a hard time limit in order to solve dead-locked trades.
This donation address is set by the Bisq DAO and approved by DAO stakeholders. Bisq software did not verify that the payout address for trades was actually the Bisq donation address set by the DAO before signing and sending the time-locked payout TX to the trade counterparty. In plain words, this exploit was the result of a flaw in the way Bisq trades are carried out, not in the way funds are stored (i.e., there is no honeypot since Bisq is P2P).
As soon as this attack was discovered, Bisq developers used the alert key to disable all trading on Bisq. The flaw in the trade protocol has been corrected in Bisq v1.3.0, now released. Bisq is properly peer-to-peer, so alert key functionality can be bypassed by users, but this is highly discouraged.
A proposal will soon be created in the Bisq DAO, Bisq’s funding mechanism, that will aim to repay the 7 victims from future trading revenues.
Security has always been a top priority for Bisq, but this incident shows it wasn’t perfect. The project is evaluating several approaches to strengthening security reviews and practices even more, and will detail them soon.
In the past 4 years of operating on mainnet, Bisq has never had to use the alert key to enable “safe mode” on Bisq nodes, and this is an unprecedented case for the Bisq DAO. The Bisq developer community sincerely apologizes for this security failure.