Vulnerability in Bisq found and responsibly disclosed by the Haveno team

The Haveno team has recently found a vulnerability in Bisq that **would have allowed malicious actors to harvest user’s payment information like Bank accounts, names and potentially home addresses at no cost**.

**The problem was found by our own Woodser (Core Team) while working on Haveno’s protocol** (part of which we inherit from Bisq). We immediately contacted Bisq and gave them all the info and support to fix the vulnerability.

We are relieved that they came to realize the severity of the situation and rolled out a dedicated security patch.

We cannot be sure if the vulnerability was exploited or not, but **it’s improbable that it was exploited in large scale**, as Bisq would have probably noticed an increase of support tickets opened because of failing trades.

Forks, not knives.


Haveno’s statement (Twitter):
Bisq’s statement (Twitter):


Info about Haveno:


What do you think?

10 Points
Upvote Downvote

Leave a Reply

Your email address will not be published. Required fields are marked *

GIPHY App Key not set. Please check settings


  1. Nice, that’s how it should be done.

    From a tweet in their thread, 17 hours old:

    > We’ve asked the folks who tipped us off about this for permission to give them credit, but have not received a response yet.

    Little misunderstanding? Or something went under when people were busy?

  2. Nice, Bisq will also reciprocate one day similarly I think. Hope it clears some noise that was twitter not too long ago with the same team.

    Is the fix only a deterrent, as in cost prohibitive? or is it technically not possible at all anymore?

Is the $5 BTC promo a scam?

Parachains Launching Only on Kusama