Bisq uses TOR. Is this safe from Man in the Middle Attacks?

I was just wondering if this was the case, since TOR nodes are not as safe as they once were.

I was looking at and their FAQ page shows:

"If you are not a tech-savvy user we recommend avoid using a Tor browser when purchasing Bitcoins. When using a Tor browser you are at risk for man-in-the-middle-attacks by malicious Tor exit nodes. A malicious Tor exit node intercepts the traffic between your computer and LocalBitcoins and then steals your Bitcoins.

If you want to maintain safety and privacy we recommend purchasing Bitcoins on LocalBitcoins using a normal web browser. After the purchase send Bitcoins to a desktop application wallet from where you can make further payments. "

How does Bisq prevent a similar scenario?


You are connecting to other bisq users from within the tor network using hidden services and not using exit nodes.

In general, use HTTPS on all sites. Not using https is maybe how you can get spit roasted. I dont follow local bitcoins recommendation.

Im sure others can provide more complete info.


Exit nodes are the servers that gives you access to the “normal web”. By definition they can spy on your traffic and deanonimyze you.

Bisq is running is own network within tor, so there’s no exit nodes involved thus providing us better anonymity and security.

Cf this :


As already said, Bisq traffic doesn’t get to exit nodes. However, exit nodes only have access to the same information that website you are using already has, that is if the https is not used and if it is that they only have access to the webpage you are requesting.


This is where i was hoping someone would chime in with more info :wink:
My understanding is, price feed/exchange data is via exit nodes.
If you have tor ticked for bitcoin network, you are using exit nodes to get to them. (Consider setting up a node on your own network)
bisq user to bisq user is via .onion hidden services.
Happy to be wrong on the first 2 points.

All P2P network stuff is using hidden services. The only area where exit nodes are in play are as you said the Bitcoin network connections if the node is not a hidden service (we try to get a good mix) [1]. But also here you are better off as the exit nodes cannot see from where the request comes opposed to when you would use Bitcoin in non-Tor mode.
There have been some critics regarding Bitcoin using Tor but as far I have followed that, it was not well reasoned. The mix with hidden service Bitcoin nodes should at reduce risks with malicious exit nodes (they could theoretically hold back transactions).

[1] I just checked and at my nodes there was no hidden service bitcoin nodes. That’s strange, maybe something got broken there in the last release, will check that out for the next release…

1 Like