Bisq 1.10.0 is released!

HenrikJannsen · May 16, 2026, 3:14am

Bisq 1.10.0 is released!

This release focuses on security hardening following the recent security incident and includes major improvements to trade protocol validation, network message handling, release verification, and protection against supply chain attacks.

Please download the new app from inside your Bisq application which includes automated verifications or download and verify manually at:

A full post-mortem covering the incident, investigation, impact assessment, and all security improvements will be published on the Bisq website in the coming days.

Reimbursement for affected traders

A proposal has been published and if it gets accepted by the DAO in the upcoming voting cycle it will lead to a timely, full refund in Bitcoin.

github.com/bisq-network/proposals

Proposal for Refunds to Victims of the May 1st Bisq 1 Trade Protocol Incident

opened 11:38AM - 15 May 26 UTC

HenrikJannsen

a:proposal re:processes

# Proposal for Refunds to Victims of the May 1st Bisq 1 Trade Protocol Incident … An anonymous group (referred to here as the “Refund Angels” or “RA”) has agreed to advance the refunds for victims affected by the May 1st Bisq 1 trade protocol incident. Victims will be reimbursed after: * the DAO cycle voting has concluded and this proposal has been accepted, and * the arbitrator has confirmed their eligibility for reimbursement. This approach enables Bisq to compensate victims quickly, in full, and directly in BTC. The more complex and time-consuming discussion regarding how — and at which BSQ/BTC exchange rate — the Refund Angels will later be reimbursed by the DAO will be deferred to the next DAO cycle, as no consensus has yet been reached on that matter. Importantly, this is primarily an internal DAO discussion and does not affect the victims’ ability to receive timely refunds.

Release notes:

Security Improvements

Hardened validation of trade protocol messages, deposit transactions, payout transactions, trade contract data, and peer-provided wallet data.
Improved protection against supply chain attacks by adding PGP signature verification to dependency resolution.
Updated Java, JavaFX, Tor, bitcoinj, and other dependencies to their latest stable versions.
Improved the build process with additional verification of the build toolchain.
Added Docker-based DAO and end-to-end trade tests to GitHub Actions. This work will continue over the coming weeks.

Security Improvements Affecting the Trading Experience

The maximum trade amount is now limited to 0.125 BTC.
Offers and trades are now restricted to a maximum price deviation of 25%.
Disabled XMR auto-confirmation. No issues have been identified, but a more in-depth security audit is planned for this area.
Removed the webcam library used for QR code scanning to reduce security risks. A more secure replacement will be introduced in the next release.
Removed dispute chat attachments and dispute log file transfers for security reasons.
Added a popup reminder advising users not to use the Bisq wallet as a long-term storage wallet when holding higher balances.

UX

Improved performance by updating JavaFX and Java versions.

Deployment

macOS releases now support both Apple Silicon and Intel-based Macs.
The reproducible build system is now partially in place, though not yet applied to this release. The next release will fully benefit from it.

Thank you to everyone who helped review, test, investigate, and support the project.