Bisq has halted trading on v1 after an attacker exploited its trade protocol and drained a portion of available offers. The privacy-focused peer-to-peer Bitcoin exchange said the impact is limited to offers that were actively taken by the attacker, while funds held inside users’ Bisq Bitcoin wallets are not affected.
The incident began in the early hours of May 1, according to a Bisq community security notice. The team used an emergency mechanism to disable trading by setting the required trading version to 2.0.0, a version that does not exist. That move prevents vulnerable v1 clients from continuing normal trading while developers investigate the attack path.
The early finding points to a missing validation check exploited through a modified client. Bisq said it is working to reproduce the issue reliably, verify a fix, release a hotfix based on the latest stable version, and run a broader security review for related vulnerabilities.
The most important user detail is that the exploit did not drain normal Bisq wallet balances. Bisq is a peer-to-peer desktop exchange rather than a custodial trading platform, and user funds are not pooled in a central exchange wallet. The incident targeted active offers through the trade protocol, not every balance held by v1 users.
Users with trades initiated after the early May 1 attack window have been told to open mediation by selecting the trade and pressing Ctrl + O. A mediator will then assess whether the trade was affected. Bisq also warned users to avoid direct messages from anyone claiming to offer support, because scam attempts often follow high-stress security incidents.
The v2 product is not affected. Bisq Easy uses a separate codebase and a fundamentally different protocol design, which keeps the current issue isolated to Bisq v1.
The incident is a reminder that non-custodial design reduces one major risk without removing every attack surface. Bisq does not hold user assets like a centralized exchange, but its trading workflow still depends on software rules, validation checks, mediation processes, and client behavior.
That distinction matters across decentralized trading. Smart contracts, peer-to-peer protocols, bridges, wallets, and leveraged trading systems can all fail in different ways. Recent crypto exploit activity has shown how attackers keep looking for protocol-level gaps rather than only exchange hot wallets.
Bisq has dealt with trade-protocol risk before. In April 2020, the project disclosed a critical vulnerability that affected XMR/BTC trades and led to losses of about 3 BTC and 4,000 XMR. That older incident was later addressed with a patched release and a DAO reimbursement proposal.
The new v1 exploit is still under investigation, so the final loss amount, full attack path, and reimbursement plan remain open. The immediate priority is keeping vulnerable offers offline, guiding affected users into mediation, and proving that the hotfix closes the validation gap before normal v1 trading resumes.
The post Bisq v1 Exploit Forces Trading Halt As Attacker Drains Active Offers appeared first on Crypto Adventure.
