My BTC was stolen from Bisq

Hey guys,
I just realised that the BTC I kept on Bisq was withdrawn from my wallet to the address that is not mine, it all happened on the 11.01 when my computer was switched off and I was driving from Poland to Switzerland.
How is that possible? How on Earth could that happen? Tell me, is my computer compromised or what is happening?
I just realised today when I switched Bisq on and it was empty. WTF?

Keep in mind Bisq uses a hot wallet. That is, the private keys that unlock your funds are stored on your PC… so anything that would compromise your PC would also be able to get those keys away from you… anything you install, anything you copy to your clipboard… many ways your private keys can get leaked.
Can you think of anything at all?

1 Like

Believe me I have been doing nothing else but checking those possibilities from the moment I have realised what happened, I usually sent everything to cold storage but I left those BTC there as I though I will sell them at some point soon.
I thought I’m very careful, nobody has access to my computer, I don’t click anything from emails, I don’t download new apps, I’m investigating my computer but I’m lost…

I know her and the she has pretty good opsec. I think that somebody get there hands on seed phrase but don’t know how. Is there any suggestions that maybe Bisq side somehow failed? She had no activity on Bisq and no open offers or trades.

I do not know the code so in depth, still, common reason can be used here… IF there was some sort of vulnerability like that, there’s plenty of money to be made out of it, and we would have heard of hundreds of cases already, so, I admit I am basing my conviction on this only, but I don’t think the Bisq app in any way could have allowed that.
Funds were distributed in 3 different addresses so it is not even plausibly that someone bruteforced a private key… unless someone bruteforced the seed altogether, equally unlikely.
If you can 100% confirm PC was switched off the whole time, then someone used the seed from somewhere else.

1 Like

Yes, the computer was switched off for 3 days straight if not for 4 days, I have run all the possible deep scans of my computer and it all looks clear, so I guess someone had my seed but that seems rather impossible to me… thanks

I checked my logs and from the 9th to the 22nd I didn’t touch Bisq…

Hi @dmtmarge is this a separate incidence from the issue recently posted on GitHub?

that shows that the Bisq instance on your disk wasn’t booted, but doesn’t exclude that someone managed to make a copy of your data folder… I suppose you have password protection on Bisq?
Also please check what pazza asked!

It is not the same case, I have already posted on GitHub that I used Mac M1 too. Yes, password protected.

It is two separate cases.

once the btc have been stolen, we are just left with hypothesis, so here are mine:

  • someone copied your data folder while you weren’t there and managed to unlock the wallet with your password (how could they obtain the password, in this case?)
  • someone just guessed your seed

I tend to exclude other possibilities, and for a simple reasoning: anyone with spending rights to a bitcoin wallet would want to get the coins asap, instead of waiting for some special reason.
Unless this attacker expected you to add more funds and intended to choose the best moment to steal your coins, maybe after you sent more funds to it, and finally deciding to go for it when they noticed you weren’t using your account anymore.

This option has not been asked:
Did you download Bisq from Releases · bisq-network/bisq · GitHub and verified the file?

Hi @dmtmarge

Please can you contact me in Keybase or Matrix to send me your logs to investigate how this happened.

Keybase username: pazza
Matrix username: