Face Verification
Address Verification
Document Verification
Age Verification
VideoIdent
Fast ID
eIDV
NFC Verification
Consent Verification
Business Verification
Due Diligence
Investor Verification
E-Signature
Behavioural Biometrics
Device Fingerprinting
MFA
AML Screening
Business AML Screening
User Risk Assessment
Transaction Screening
Adverse Media Screening
Identity Verification
KYC
KYB
KYI
Fraud Prevention
Bonus Abuse
Deepfakes
Multi-Accounting
Banking
Crypto
Fintech
Forex
Gaming
Gig Economy
Marketplace
Social Networks
Product Managers
Compliance Officers
Fraud Analyst
Global Trust Platform
Journey Builder
Vendor Comparison
Content library
Blogs
News
Reports
Insights
Knowledgebase
ROI calculator
Blind Spot Audit
Deepfake Detector
Liveness Detection
Document Originality
Document Deepfake
Events & Webinar
Podcast Studio
Spotlight Studio
API Documentation
Mobile SDKs
Service Status
Help Center
Contact Us
Technical Support
Compliance
Supported Documents
About
Career
Press Release
Certifications
Partnership
Awards
Hacker steals $250K by exploiting Bitcoin exchange Bisq
A hacker identified a significant software flaw on the decentralized Bitcoin exchange, Bisq, to steal more than $250,000 worth of cryptocurrency from users.
NEW: Decentralized bitcoin exchange @bisq_network says a hacker exploited a significant software flaw to steal more than $250,000 worth of cryptocurrency from users.
Via @paddybaker_ https://t.co/XvH7p4WbvU
— CoinDesk (@CoinDesk) April 8, 2020
The exchange, which permits users to trade cryptocurrency anonymously, unexpectedly disabled trading late Tuesday night after it highlighted “a critical security vulnerability.” The exchange did not immediately release any information regarding the nature of the breach or whether user funds were secure. But 18 hours after it stopped the exchange, Bisq claimed it took the “unprecedented” step after locating an attacker who had identified a loophole in the software was stealing cryptocurrency from other users.
According to CoinDesk, Bisq officials stated, “About 24 hours ago, we discovered that an attacker was able to exploit a flaw in the Bisq trade protocol, targeting individual trades in order to steal trading capital. We are aware of approximately 3 BTC and 4,000 XMR stolen from 7 different victims. This is the situation as we know it so far.” Cryptocurrency worth $22,000 of Bitcoin (BTC) and $230,000 worth of Monero (XMR) were stolen.
To conduct the thefts, the attacker was able to set other users’ default fallback address – the destination to which crypto is sent to if a trade fails – to his own. Posing himself as a seller, he would initiate an exchange with a buyer and simply wait for the time limit to run out. Rather than going to the legitimate owner, the digital assets arrived with the attacker, along with the buyer’s payment and security deposit too. The flaw was a result of a new update to the trading protocol, which was designed to improve decentralization and remove trusted third parties from the platform.
Bisq was able to manage the defect by 12:00 UTC Wednesday and informed CoinDesk that it has resumed its trading. Bisq allows each user to act as a node since the platform is based on a distributed network. In most instances of an exchange hack, the attacker can be knocked off the exchange for good. However, that is not the case with Bisq. One of the DEX’s associated developers told CoinDesk that although the flaw was managed, no steps were taken to prevent the attacker – whose identity is unknown – from accessing and trading on the platform again.
“Anyone can use Bisq, there is no censorship,” the developer said. “Just like anyone can use bitcoin, there is no way to ban someone from bitcoin.”
