[2020-04-09] Hacker Exploits Flaw in Decentralized Exchange Bisq - page 2.

cryptomaniac_xxx

hero member

Activity: 1344

Merit: 540

Here is Bisq official statement:

Quote

TLDR of the critical security vulnerability.

Affected users were those involved in active trades only.

The flaw had to do with the way Bisq trades are carried out, not in the way funds are stored.

https://twitter.com/bisq_network/status/1247898001915297801

Release a fix in v1.3.1

https://github.com/bisq-network/bisq/releases/tag/v1.3.1

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote

Bisq, which allows users to exchange crypto anonymously, abruptly disabled trading late Tuesday night after it uncovered "a critical security vulnerability."

I love those so-called decentralized exchanges...
Everything is decentralized, but they have a kill switch, they can modify the code when they see fit and most important, they have control over the trades, otherwise, this wouldn't have happened...

Quote

To carry out the thefts, the attacker was able to set other users' default fallback address – the destination to which crypto is sent to if a trade fails – to their own.

If this is being decentralized then even a hypermarket is decentralized, you can go and buy one brand of milk or another at what prices the brand sees fit, it doesn't matter that the store is in charge of the transactions, refund and that it can shut down everything, is decentralized because...they advertise it like that.

And nothing in the article or on their channel about the money lost...

cryptomaniac_xxx

hero member

Activity: 1344

Merit: 540

Yes, there could be no censorship, but it doesn't mean that it is pseudo anonymous per se, they can still link your bisq transaction and not good for privacy.

@ hv_ - I wouldn't categorically say that Bisq is a mixer though, but your coins can be flagged by centralised exchanges if you tried to deposit to them because of "Bisq fingerprint".

Darker45

legendary

Activity: 2576

Merit: 1860

And all this time, centralized exchanges are heavily criticized for being such, for requiring KYC, for handling people's money and personal identities, for falling prey to hackers, and so on. Time and time again, we are reminded not to leave our cryptocurrencies in these exchange wallets because it is not safe. It turns out even decentralized exchanges are no better. Hackers are targeting both.

By the way, are these hacks limited to IOC (Immediate Or Cance) or FOK (Fill or Kill) orders? Because the attackers are waiting for the time limit to run out.

hv_

legendary

Activity: 2548

Merit: 1055

Clean Code and Scale

Quote from: bbc.reporter on April 08, 2020, 10:01:17 PM

A small commentary.

This is the type of power decentralization a real dex gives everyone as an equalizer. This is also what the people sitting on the very top do not want you to know. They want to have all this power only for themselves under the present system.

In most cases of an exchange hack, the attacker can be booted off the trading platform for good. Not so with Bisq. One of the DEX's associated developers told CoinDesk that although the flaw was fixed, there was nothing to prevent the attacker – whose identity cannot be known – from accessing and trading on the platform again.

"Anyone can use Bisq, there is no censorship," the developer said. "Just like anyone can use bitcoin, there is no way to ban someone from bitcoin."

Read in full https://www.coindesk.com/hacker-exploits-flaw-in-decentralized-exchange-bisq-to-steal-250k

Decentral exchanges are classified as mixers -> high risk!

Dont get average Joe to put his clean coins into for sake of criminals washing their shit!

bbc.reporter

legendary

Activity: 3192

Merit: 1509

A small commentary.

This is the type of power decentralization a real dex gives everyone as an equalizer. This is also what the people sitting on the very top do not want you to know. They want to have all this power only for themselves under the present system.

In most cases of an exchange hack, the attacker can be booted off the trading platform for good. Not so with Bisq. One of the DEX's associated developers told CoinDesk that although the flaw was fixed, there was nothing to prevent the attacker – whose identity cannot be known – from accessing and trading on the platform again.

"Anyone can use Bisq, there is no censorship," the developer said. "Just like anyone can use bitcoin, there is no way to ban someone from bitcoin."

Read in full https://www.coindesk.com/hacker-exploits-flaw-in-decentralized-exchange-bisq-to-steal-250k

Topic: [2020-04-09] Hacker Exploits Flaw in Decentralized Exchange Bisq - page 2. (Read 275 times)