Bisq is an open-source and peer-to-peer application that allows you to buy and sell cryptocurrencies in exchange for national currencies (Dollars, Euros ...)
The well-known company blocked its trading platform on Tuesday evening after uncovering a security vulnerability used by a cybercriminal to steal more than € 250,000 in cryptocurrencies.
In detail, the hacker stole € 22,000 in Bitcoin (BTC) and the remaining € 2,30000 in Monero (XMR).
“About 24 hours ago, we discovered that a hacker was able to exploit a flaw in Bisq's trading protocol, targeting individual trades in order to steal trading capital. We are aware of around 3 BTC and 4,000 XMR stolen by 7 different victims. This is the situation as we know it so far, ”Bisq said in a statement to CoinDesk.
The problem was caused by a flaw in the system introduced following the latest platform update that allowed for the manipulation of fallback addresses. These default addresses are used as the destination in case there are errors during the transition.
The hacker set the default fallback address of other users, posing as a seller who would initiate a trade with a buyer and wait for the time to run out. In this scenario, the funds are transferred to the attacker's address along with the buyer's payment and security deposit.
Although Bisq resolved the issue by 12:00 UTC on Wednesday and resumed trading activities, some users continue to report trading failure and funds disappearing.
