Decentralized exchange (DEX) platform Bisq recently fell victim to a cyber heist in which the attacker exploited a security flaw to steal more than $250,000 in cryptocurrency, Coindesk reported.
Bisq allows users to exchange bitcoin cryptocurrencies anonymously. Initially, Bisq notified its users about a software vulnerability and halted operations temporarily. However, Bisqrealized it was under a cyberattack after users reported the theft of Bitcoins from their accounts. The DEX platform developers released a hotfix (software patch) within a few hours after the attack. Bisq stated that the attacker exploited the bug in its software and stole nearly $22,000 worth of bitcoin and $230,000 worth of monero directly from the user wallets.
According to Bisq, the attacker made changes to the default fallback address. A default fallback address is a user’s destination address or wallet to which cryptocurrency is sent to, if a transaction fails in their own wallet. The attacker pretends to be a seller and leads a trade with a buyer and waits for the time to run out. Since the destination wallet is changed, the funds are directly transferred to the hacker’s wallet with the buyer’s payment and security deposit, instead of being transferred to the legitimate owner.
Hacker Cannot be Identified
Since Bisq is a DEX platform, there is no requirement for identity verification or registration. There is nothing that can prevent hackers from attacking again as their identity remains unknown.
Cryptocurrencies have always been a primary target for cybercriminals, which have resulted in the increase of cyberattacks on cryptocurrency exchanges. In a similar cryptocurrency attack, crypto exchange Bithumb lost around three million EOS (worth $13.4 million) and 20 million Ripple coins (XRP) worth $6 million. Bithumb stated that it detected abnormal withdrawals of its cryptocurrencies from its hot wallets. Describing the incident as an “accident involving insiders,” Bithumb stated that it secured all the cryptocurrency during the detection time and confirmed that the customer assets are safe under the protection of a cold wallet.