The decentralized bitcoin exchange platform Bisq reported this May 1 an exploit in its trading protocol that allowed an attacker to appropriate a portion of the active offers in the system.
The Bisq network reported the incident through its official account on X, where detailed the scope of the attack and the measures taken to contain it.
Bisq is a bitcoin exchange peer-to-peer open source that works without central custody and without requiring identity registration, under a model that operates under a decentralized network.
According to the organization, The impact was limited to the open offers that the attacker actively took in the last 12 hours prior to detection. The firm specifies that the funds in users’ Bitcoin wallets were not affected.
Preliminary investigation, Bisq notes, indicates that the attacker took advantage of a missing validation check in the protocol using a modified client.
As an immediate measure, the organization activated a emergency mechanism that disabled trading by setting the required version to 2.0.0. Since this version does not exist, it prevents the attacker from continuing to operate. Bisq warns that users with operations started from the moment of the attack They must open a mediation process.
Bisq’s response: draw up a roadmap
The Bisq development team notes that works to reliably evaluate the problem and apply a fix. Once this is done, the organization plans to launch a new version.
In parallel, they indicate, a security review is carried out to identify additional vulnerabilities. Regarding the affected users, the firm maintains that evaluate reimbursement options and allocates all available resources to restoring trust in the platform.
The incident occurs in an adverse context for the security of the cryptocurrency ecosystem. As CriptoNoticias has reported, in April 34 hacks of decentralized finance protocols were recorded, with losses that exceeded USD 635 million. The amount is equivalent to 78% of everything stolen in the ecosystem during 2026.
Bisq specifies that its second version, Bisq 2, which operates under the Easy Trade protocol, is not affected by the exploit as it is an independent code base, with a different protocol design. The organization reported that it will continue to post updates through its official channels, including Matrix, the Bisq Forum, Telegram, Reddit, X and Nostr.
The firm publicly committed to address both the root cause of the exploit and its consequencesrecognizing that the response to the incident is as decisive for its integrity as the attack itself.