What we know so far
(updated as information becomes available)
A trade protocol vulnerability has been exploited, where the attacker as buyer will divert trade funds from the deposit to an external address.
Trading has been stopped to prevent further cases.
To verify if you, as a seller, were involved:
- bring up your deposit tx on a blockchain explorer
- check if the first output is 0.001btc and unspent, and the second output amounts to the rest of the deposit tx amount and is spent
In that case, reach privately to support staff on Matrix at bisq.chat and share:
- deposit txid
- trade amount
- deposit amount
Details of the exploit itself are now known yet, investigations are ongoing.
Internal wallet balance is not compromised, the attacker needs to start a trade with a seller to steal funds, and new cases have been effectively prevented by deactivating trading.
“My BTC was stolen!!”
Bisq will take take of it.
Share with support staff the details of your trade as requested above.
BEWARE OF SCAMMERS
Worried users will be more vulnerable to scammers posing as support agents.