logo
button iconEN
selector-icon-English
English
selector-icon-Русский
Русский
selector-icon-Español
Español
selector-icon-हिन्दी
हिन्दी
selector-icon-中文
中文
selector-icon-Tiếng Việt
Tiếng Việt
selector-icon-Türkçe
Türkçe
selector-icon-Português
Português
selector-icon-한국어
한국어
API Docs
Affiliate Program
Terms & Conditions
Privacy Policy
AML/KYC Policy
AML check
Blog

Home

arrow-icon

Blog

arrow-icon

What the Bisq Exploit Really Shows

What the Bisq Exploit Really Shows

What the Bisq Exploit Really Shows

If you feel like crypto hacks are happening more often than usual, you're not imagining it. A chart from DefiLlama shows a clear spike.

A few weeks ago, industry media reported on a new version of the Claude neural network - Claude Mythos - which is said to be exceptionally good at finding vulnerabilities in code. Mythos hasn’t been released publicly yet. But once this kind of technology reaches maturity, there’s no putting the genie back in the bottle. This surge in hacks likely isn’t a coincidence.

Even so, today’s news about the Bisq exploit really stood out to me. Bisq is a decentralized platform for buying and selling Bitcoin for fiat. It’s been around for 10 years, and hasn’t had a single exploit in the past 6. It doesn’t look like an easy target: every Bitcoin transaction requires two signatures - from the buyer and the seller. There are no complex smart contracts where subtle bugs can hide. To steal funds, you’d have to trick a human into signing off on a malicious transaction. More specifically, you’d have to deceive the seller into signing a transaction that releases Bitcoin to the buyer without the buyer actually sending the fiat payment.

The system looked about as safe as it gets. And yet, it was still exploited.

What the attackers appear to have found is this: the application that shows the seller what they are signing doesn’t validate the transaction based on its raw technical data. Instead, it relies on metadata provided by the buyer at the moment they add their signature. That’s the piece the attacker manipulated. Sellers believed they were sending Bitcoin back to themselves from a multisig address, while in reality they were signing a transaction that transferred the funds to the attacker. In other words, the attacker was simply the counterparty in the trade.

This is why, today more than ever, simplicity of process and trust in your counterparty matter in crypto operations.

At rabbit.io, that’s exactly what we focus on:

  • you are shown the address where you need to send one cryptocurrency;
  • we know the address where you want to get the other one;
  • that’s it.

Your only task is to carefully copy the address and send the correct amount. We keep it as simple as possible and as reliable as it gets.

logo

Affiliate Program

Blog

Terms & Conditions

Privacy Policy

AML/KYC Policy

Try Rabbit Wallet

Start Swap

The exchange service is fully automated and operates around the clock. Online chat with support is available 24/7 (response time: 5 minutes). You can also reach us at [email protected] (response time: 48 hours).

trustpilotbestchange
Exchange

Exchange BTC

Exchange ETH

Exchange USDT TRC20

Exchange TRX

Exchange USDT ERC20

Exchange USDC ERC20

Exchange BNB BEP20

Exchange SOL

Exchange DOGE

Exchange LTC

Exchange LINK ERC20

Exchange SHIB ERC20

Exchange XMR

Exchange XRP

Exchange 1INCH ERC20

More Cryptocurrencies
Exchange pairs

BTC to ETH

BTC to USDT TRC20

ETH to USDT TRC20

BTC to LTC

BTC to XRP

ETH to LTC

ETH to XRP

USDT TRC20 to TRX

BTC to TRX

ETH to TRX

BTC to BNB

ETH to BNB

ETH to SOL

BTC to DOGE

USDT TRC20 to USDT ERC20

USDT TRC20 to USDC ERC20

ETH to USDC ERC20

BTC to USDC ERC20

HMSTR TON to TON

HMSTR TON to USDT TON